Add systemd support for krb5-kpropd

Add a systemd script, which is backported from Artful. So good news if we are still running puppet when ubuntu 18.04 upgrades happen, we can delete this code. Change-Id: I806abac132efedfd2b97dea1d0954e6235f26673 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-12-15 14:50:31 -05:00 · 2017-12-15 14:50:31 -05:00 · 4002c707ec
commit 4002c707ec
parent 7f3f2aa074
2 changed files with 49 additions and 13 deletions
--- a/files/krb5-kpropd.service
+++ b/files/krb5-kpropd.service
@ -0,0 +1,14 @@
+[Unit]
+Description=Kerberos 5 slave KDC update server
+
+[Service]
+ExecReload=/bin/kill -HUP $MAINPID
+EnvironmentFile=-/etc/default/krb5-kpropd
+ExecStart=/usr/sbin/kpropd -D $DAEMON_ARGS
+InaccessibleDirectories=/etc/ssh /etc/ssl/private  /root
+ReadOnlyDirectories=/
+ReadWriteDirectories=/var/tmp /tmp /var/lib/krb5kdc /var/run /run
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
--- a/manifests/server.pp
+++ b/manifests/server.pp
@ -43,13 +43,6 @@ class kerberos::server (
    ensure => directory,
  }

-  file { '/etc/init.d/krb5-kpropd':
-    ensure  => present,
-    replace => true,
-    source  => 'puppet:///modules/kerberos/krb5-kpropd',
-    require => Package['krb5-admin-server'],
-  }
-
  file { '/usr/local/bin/run-kprop.sh':
    ensure  => present,
    replace => true,
@ -87,12 +80,41 @@ class kerberos::server (
    environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
  }

-  service { 'krb5-kpropd':
-    ensure  => $run_kpropd,
-    require => [
-      File['/etc/init.d/krb5-kpropd'],
-      Package['krb5-admin-server'],
-    ],
+  if ($::operatingsystem == 'Ubuntu') and ($::operatingsystemrelease >= '16.04') {
+    file { '/etc/systemd/system/krb5-kpropd.service':
+      ensure  => present,
+      replace => true,
+      source  => 'puppet:///modules/kerberos/krb5-kpropd.service',
+      require => Package['krb5-admin-server'],
+    }
+    service { 'krb5-kpropd':
+      ensure  => $run_kpropd,
+      require => [
+        File['/etc/systemd/system/krb5-kpropd.service'],
+      ],
+    }
+    # This is a hack to make sure that systemd is aware of the new service
+    # before we attempt to start it.
+    exec { 'krb5-kpropd-systemd-daemon-reload':
+      command     => '/bin/systemctl daemon-reload',
+      before      => Service['krb5-kpropd'],
+      subscribe   => File['/etc/systemd/system/krb5-kpropd.service'],
+      refreshonly => true,
+    }
+  } else {
+    file { '/etc/init.d/krb5-kpropd':
+      ensure  => present,
+      replace => true,
+      source  => 'puppet:///modules/kerberos/krb5-kpropd',
+      require => Package['krb5-admin-server'],
+    }
+
+    service { 'krb5-kpropd':
+      ensure  => $run_kpropd,
+      require => [
+        File['/etc/init.d/krb5-kpropd'],
+      ],
+    }
  }

  service { 'krb5-admin-server':