From: Aron Parsons <aron@knackworks.com>
Date: Fri, 21 Apr 2017 01:20:14 +0000 (-0400)
Subject: only reload systemd on package changes
X-Git-Tag: 1.10.0~13^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=5d3c59f6eb447e9da0d16f720f492a084ca5add5;p=puppet-modules%2Fpuppetlabs-firewall.git

only reload systemd on package changes

it has been observed on systems that
the "systemctl is-active" check can
return non-zero status when checking
the status of iptables and ip6tables
at the same time.  this causes idempotent
issues when ip6tables is disabled.

systemd should not be blindly reloaded if
there are units not active.  it should only
be reloaded if the unit files on disk change.
this only occurs at package installation time,
so the Exec resource should only be refreshed
if the package changes.

there are no other resources in this module
that manipulate the unit files other than the
Package resource.
---

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index 88d801b..cda18db 100644
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -59,9 +59,10 @@ class firewall::linux::redhat (
     or  ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
     if $ensure == 'running' {
       exec { '/usr/bin/systemctl daemon-reload':
-        require => Package[$package_name],
-        before  => Service[$service_name, $service_name_v6],
-        unless  => "/usr/bin/systemctl is-active ${service_name} ${service_name_v6}",
+        require     => Package[$package_name],
+        before      => Service[$service_name, $service_name_v6],
+        subscribe   => Package[$package_name],
+        refreshonly => true,
       }
     }
   }