only reload systemd on package changes

it has been observed on systems that
the "systemctl is-active" check can
return non-zero status when checking
the status of iptables and ip6tables
at the same time.  this causes idempotent
issues when ip6tables is disabled.

systemd should not be blindly reloaded if
there are units not active.  it should only
be reloaded if the unit files on disk change.
this only occurs at package installation time,
so the Exec resource should only be refreshed
if the package changes.

there are no other resources in this module
that manipulate the unit files other than the
Package resource.

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index 88d801bba9d802c1177e5a1897cd862cca8c6e15..cda18db4c8208fb3eec192448ff4f06a5cd2e3ca 100644 (file)
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -59,9 +59,10 @@ class firewall::linux::redhat (
     or  ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
     if $ensure == 'running' {
       exec { '/usr/bin/systemctl daemon-reload':
-        require => Package[$package_name],
-        before  => Service[$service_name, $service_name_v6],
-        unless  => "/usr/bin/systemctl is-active ${service_name} ${service_name_v6}",
+        require     => Package[$package_name],
+        before      => Service[$service_name, $service_name_v6],
+        subscribe   => Package[$package_name],
+        refreshonly => true,
       }
     }
   }