puppet: Fix iptables-persistent always being restarted.

(imported from commit 5246be11dbbba3b9fee4be0477eb08525575577e)
2013-06-14 12:09:34 -04:00 · 2013-06-14 12:09:34 -04:00 · 5e41bab681
parent 438e412772
commit 5e41bab681
1 changed files with 13 additions and 0 deletions
--- a/servers/puppet/modules/humbug/manifests/base.pp
+++ b/servers/puppet/modules/humbug/manifests/base.pp
@ -136,6 +136,19 @@ class humbug::base {

  service { 'iptables-persistent':
    ensure     => running,
+
+    # Because there is no running process for this service, the normal status
+    # checks fail.  Because puppet then thinks the service has been manually
+    # stopped, it won't restart it.  This fake status command will trick puppet
+    # into thinking the service is *always* running (which in a way it is, as
+    # iptables is part of the kernel.)
+    hasstatus => true,
+    status => "/bin/true",
+
+    # Under Debian, the "restart" parameter does not reload the rules, so tell
+    # Puppet to fall back to stop/start, which does work.
+    hasrestart => false,
+
    subscribe  => File['/etc/iptables/rules'],
  }
 }