Don't run systemctl daemon-reload in a container

cd1f2efb · James T. Lee · 1238eef6 · cd1f2efb · cd1f2efb · cd1f2efb
Commit cd1f2efb authored May 29, 2019 by James T. Lee
12 changed files
--- a/manifests/profile/base/distccd.pp
+++ b/manifests/profile/base/distccd.pp
@@ -11,13 +11,11 @@ class nest::profile::base::distccd {
      owner   => 'root',
      group   => 'root',
      content => $disable_verbose_content,
-      notify  => Exec['distccd-systemd-daemon-reload'],
+      notify  => Nest::Systemd_reload['distccd'],
    }
-    exec { 'distccd-systemd-daemon-reload':
+    ::nest::systemd_reload { 'distccd':
-      command     => '/bin/systemctl daemon-reload',
+      notify => Service['distccd']
-      refreshonly => true,
-      notify      => Service['distccd']
    }
    service { 'distccd':

--- a/manifests/profile/base/fs.pp
+++ b/manifests/profile/base/fs.pp
@@ -23,18 +23,15 @@ class nest::profile::base::fs {
    owner   => 'root',
    group   => 'root',
    content => $nfs_server_make_v4recovery,
-    notify  => Exec['nfs-server-systemd-daemon-reload'],
+    notify  => Nest::Systemd_reload['nfs-server'],
  }
-  exec { 'nfs-server-systemd-daemon-reload':
+  ::nest::systemd_reload { 'nfs-server': }
-    command     => '/bin/systemctl daemon-reload',
-    refreshonly => true,
-  }
  if $::nest::fileserver {
    service { 'nfs-server':
      enable    => true,
-      subscribe => Exec['nfs-server-systemd-daemon-reload'],
+      subscribe => Nest::Systemd_reload['nfs-server'],
    }
    service { 'zfs-share':
@@ -117,18 +114,15 @@ class nest::profile::base::fs {
      owner   => 'root',
      group   => 'root',
      content => $cachefilesd_fix_path,
-      notify  => Exec['cachefilesd-systemd-daemon-reload'],
+      notify  => Nest::Systemd_reload['cachefilesd'],
      require => Package['sys-fs/cachefilesd'],
    }
-    exec { 'cachefilesd-systemd-daemon-reload':
+    ::nest::systemd_reload { 'cachefilesd': }
-      command     => '/bin/systemctl daemon-reload',
-      refreshonly => true,
-    }
    service { 'cachefilesd':
      enable  => true,
-      require => Exec['cachefilesd-systemd-daemon-reload'],
+      require => Nest::Systemd_reload['cachefilesd'],
    }
  }
 }
--- a/manifests/profile/base/fstab.pp
+++ b/manifests/profile/base/fstab.pp
@@ -99,12 +99,9 @@ class nest::profile::base::fstab {
    '/etc/systemd/system/var.mount.d/lazyunmount.conf':
      content => $var_lazy_unmount,
-      notify  => Exec['fstab-systemd-daemon-reload'],
+      notify  => Nest::Systemd_reload['fstab'],
    ;
  }
-  exec { 'fstab-systemd-daemon-reload':
+  ::nest::systemd_reload { 'fstab': }
-    command     => '/bin/systemctl daemon-reload',
-    refreshonly => true,
-  }
 }
--- a/manifests/profile/base/libvirt.pp
+++ b/manifests/profile/base/libvirt.pp
@@ -65,7 +65,7 @@ class nest::profile::base::libvirt {
    owner   => 'root',
    group   => 'root',
    content => $after_fs_servers_conf,
-    notify  => Exec['libvirt-systemd-daemon-reload'],
+    notify  => Nest::Systemd_reload['libvirt'],
  }
  $after_openvpn_ensure = $::nest::openvpn_server ? {
@@ -84,13 +84,10 @@ class nest::profile::base::libvirt {
    owner   => 'root',
    group   => 'root',
    content => $after_openvpn_conf,
-    notify  => Exec['libvirt-systemd-daemon-reload'],
+    notify  => Nest::Systemd_reload['libvirt'],
  }
-  exec { 'libvirt-systemd-daemon-reload':
+  ::nest::systemd_reload { 'libvirt': }
-    command     => '/bin/systemctl daemon-reload',
-    refreshonly => true,
-  }
  # Do not filter bridge packets
  # See: https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf

--- a/manifests/profile/base/network.pp
+++ b/manifests/profile/base/network.pp
@@ -41,12 +41,9 @@ class nest::profile::base::network {
  file { '/etc/systemd/system/NetworkManager-wait-online.service':
    ensure => $wait_online_ensure,
    target => '/dev/null',
-    notify => Exec['NetworkManager-systemd-daemon-reload'],
+    notify => Nest::Systemd_reload['NetworkManager'],
  }
  # probably not *strictly* necessary, but good practice none-the-less
-  exec { 'NetworkManager-systemd-daemon-reload':
+  ::nest::systemd_reload { 'NetworkManager': }
-    command     => '/bin/systemctl daemon-reload',
-    refreshonly => true,
-  }
 }
--- a/manifests/profile/base/openvpn.pp
+++ b/manifests/profile/base/openvpn.pp
@@ -145,16 +145,14 @@ class nest::profile::base::openvpn {
      content => $dnsmasq_systemd_dropin_unit,
    }
-    exec { 'dnsmasq-systemd-daemon-reload':
+    ::nest::systemd_reload { 'dnsmasq':
-      command     => '/bin/systemctl daemon-reload',
+      subscribe => File['/etc/systemd/system/dnsmasq.service.d/10-openvpn.conf'],
-      refreshonly => true,
-      subscribe   => File['/etc/systemd/system/dnsmasq.service.d/10-openvpn.conf'],
    }
    service { 'dnsmasq':
      enable  => true,
      require => [
-        Exec['dnsmasq-systemd-daemon-reload'],
+        Nest::Systemd_reload['dnsmasq'],
        Service["openvpn-${mode}@nest"],
      ],
    }

--- a/manifests/profile/base/puppet.pp
+++ b/manifests/profile/base/puppet.pp
@@ -35,13 +35,11 @@ class nest::profile::base::puppet {
          group   => 'root',
          content => "[Service]\nRuntimeDirectory=puppetlabs\n",
          require => Class['::puppet::server::install'],
-          notify  => Exec['puppetserver-systemd-daemon-reload'],
+          notify  => Nest::Systemd_reload['puppet'],
        }
-        exec { 'puppetserver-systemd-daemon-reload':
+        ::nest::systemd_reload { 'puppet':
-          command     => '/bin/systemctl daemon-reload',
+          before => Class['::puppet::server::service'],
-          refreshonly => true,
-          before      => Class['::puppet::server::service'],
        }
        # Package installs the log directory with incorrect permissions

--- a/manifests/profile/base/ssh.pp
+++ b/manifests/profile/base/ssh.pp
@@ -33,13 +33,10 @@ class nest::profile::base::ssh {
        owner  => 'root',
        group  => 'root',
        source => 'puppet:///modules/nest/ssh/ssh-agent.service',
-        notify => Exec['ssh-systemd-daemon-reload'],
+        notify => Nest::Systemd_reload['puppet'],
      }
-      exec { 'ssh-systemd-daemon-reload':
+      ::nest::systemd_reload { 'puppet': }
-        command     => '/bin/systemctl daemon-reload',
-        refreshonly => true,
-      }
      exec { 'ssh-agent-enable-systemd-user-service':
        command => '/bin/systemctl --user --global enable ssh-agent.service',

--- a/manifests/profile/base/zfs.pp
+++ b/manifests/profile/base/zfs.pp
@@ -86,7 +86,7 @@ class nest::profile::base::zfs {
    owner   => 'root',
    group   => 'root',
    content => $zfs_auto_snapshot_service_content,
-    notify  => Exec['zfs-systemctl-daemon-reload'],
+    notify  => Nest::Systemd_reload['zfs'],
  }
  $zfs_auto_snapshot_timer_frequencies = {
@@ -114,17 +114,14 @@ class nest::profile::base::zfs {
      owner   => 'root',
      group   => 'root',
      content => $zfs_auto_snapshot_timer_content,
-      notify  => Exec['zfs-systemctl-daemon-reload'],
+      notify  => Nest::Systemd_reload['zfs'],
    }
    service { "zfs-auto-snapshot@${frequency}.timer":
      enable  => true,
-      require => Exec['zfs-systemctl-daemon-reload'],
+      require => Nest::Systemd_reload['zfs'],
    }
  }
-  exec { 'zfs-systemctl-daemon-reload':
+  ::nest::systemd_reload { 'zfs': }
-    command     => '/bin/systemctl daemon-reload',
-    refreshonly => true,
-  }
 }
--- a/manifests/profile/workstation/barrier.pp
+++ b/manifests/profile/workstation/barrier.pp
@@ -29,7 +29,7 @@ class nest::profile::workstation::barrier {
    owner  => 'root',
    group  => 'root',
    source => 'puppet:///modules/nest/barrier/barriers.service',
-    notify => Exec['barrier-systemd-daemon-reload'],
+    notify => Nest::Systemd_reload['barrier'],
  }
  # barrier pulls in avahi, which I don't want, and it gets started by
@@ -41,13 +41,10 @@ class nest::profile::workstation::barrier {
    ensure  => link,
    target  => '/dev/null',
    require => Package['x11-misc/barrier'],
-    notify  => Exec['barrier-systemd-daemon-reload'],
+    notify  => Nest::Systemd_reload['barrier'],
  }
-  exec { 'barrier-systemd-daemon-reload':
+  ::nest::systemd_reload { 'barrier': }
-    command     => '/bin/systemctl daemon-reload',
-    refreshonly => true,
-  }
  exec { 'barrier-enable-systemd-user-service':
    command => '/bin/systemctl --user --global enable barriers.service',

--- a/manifests/profile/workstation/bluetooth.pp
+++ b/manifests/profile/workstation/bluetooth.pp
@@ -16,24 +16,4 @@ class nest::profile::workstation::bluetooth {
    creates => '/lib/firmware/brcm/BCM20702A1-0a5c-21e8.hcd',
    require => Package['sys-kernel/linux-firmware'],
  }
-  file {
-    default:
-      mode  => '0644',
-      owner => 'root',
-      group => 'root',
-    ;
-    '/etc/systemd/system/sleep.target.d':
-      ensure  => absent,
-      recurse => true,
-      force   => true,
-      notify  => Exec['bluetooth-systemd-daemon-reload'],
-    ;
-  }
-  exec { 'bluetooth-systemd-daemon-reload':
-    command     => '/bin/systemctl daemon-reload',
-    refreshonly => true,
-  }
 }
--- a/manifests/systemd_reload.pp
+++ b/manifests/systemd_reload.pp
+define nest::systemd_reload {
+  $exec_noop = $facts['virtual'] == 'lxc'
+  exec { "systemd-daemon-reload-${name}":
+    command     => '/bin/systemctl daemon-reload',
+    refreshonly => true,
+    noop        => $exec_noop,
+  }
+}