CHANGELOG.md

@@ -4,6 +4,26 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v3.10.0](https://github.com/voxpupuli/puppet-systemd/tree/v3.10.0) (2022-06-20)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-systemd/compare/v3.9.0...v3.10.0)
+
+**Implemented enhancements:**
+
+- systemd::timer: move variable definition close to where it is used [\#280](https://github.com/voxpupuli/puppet-systemd/pull/280) ([simondeziel](https://github.com/simondeziel))
+- Add comment hint about initrd for folks [\#279](https://github.com/voxpupuli/puppet-systemd/pull/279) ([jcpunk](https://github.com/jcpunk))
+- Fix systemctl daemon-reload after file additions [\#277](https://github.com/voxpupuli/puppet-systemd/pull/277) ([trevor-vaughan](https://github.com/trevor-vaughan))
+- systemd::resolved: save readlink's value to avoid calling it twice [\#276](https://github.com/voxpupuli/puppet-systemd/pull/276) ([simondeziel](https://github.com/simondeziel))
+
+**Fixed bugs:**
+
+- systemd::dropin\_file doesn't cause a systemd daemon-reload [\#234](https://github.com/voxpupuli/puppet-systemd/issues/234)
+
+**Merged pull requests:**
+
+- Minor wordsmithing in README [\#283](https://github.com/voxpupuli/puppet-systemd/pull/283) ([op-ct](https://github.com/op-ct))
+- Correct spelling mistakes [\#275](https://github.com/voxpupuli/puppet-systemd/pull/275) ([EdwardBetts](https://github.com/EdwardBetts))
+
 ## [v3.9.0](https://github.com/voxpupuli/puppet-systemd/tree/v3.9.0) (2022-05-25)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-systemd/compare/v3.8.0...v3.9.0)
@@ -20,7 +40,7 @@ These should not affect the functionality of the module.
 
 **Fixed bugs:**
 
-- Ensure systemd-networkd is available piror notifying service [\#269](https://github.com/voxpupuli/puppet-systemd/pull/269) ([mat1010](https://github.com/mat1010))
+- Ensure systemd-networkd is available prior to notifying service [\#269](https://github.com/voxpupuli/puppet-systemd/pull/269) ([mat1010](https://github.com/mat1010))
 
 **Closed issues:**
 

README.md

@@ -290,7 +290,7 @@ $manage_networkd is required if you want to reload it for new
 
 When configuring `systemd::resolved` you could set `use_stub_resolver` to false (default) to use a *standard* `/etc/resolved.conf`, or you could set it to `true` to use the local resolver provided by `systemd-resolved`.
 
-Systemd has introduced `DNS Over TLS` in the release 239. Currently three states are supported `yes` (since systemd 243), `opportunistic` (true) and `no` (false, default). When enabled with `yes` or `opportunistic` `systemd-resolved` will start a TCP-session to a DNS server with `DNS Over TLS` support. When enabled with `yes` (strict mode), queries will fail if the configured DNS servers do not support `DNS Over TLS`. Note that there will be no host checking for `DNS Over TLS` due to missing implementation in `systemd-resolved`.
+Systemd introduced `DNS Over TLS` in release 239. Currently three states are supported `yes` (since systemd 243), `opportunistic` (true) and `no` (false, default). When enabled with `yes` or `opportunistic` `systemd-resolved` will start a TCP-session to a DNS server with `DNS Over TLS` support. When enabled with `yes` (strict mode), queries will fail if the configured DNS servers do not support `DNS Over TLS`. Note that there will be no host checking for `DNS Over TLS` due to missing implementation in `systemd-resolved`.
 
 Stopping `systemd-resolved` once running can be problematic and care should be taken.
 
@@ -463,7 +463,7 @@ $result = systemd::escape('/mnt/foobar/', true)
 `$result` would be `mnt-foobar`.
 
 ### Systemd Escape Function (uses systemd-escape)
-Escape strings by call the `systemd-escape` command in the background.
+Escape strings call the `systemd-escape` command in the background.
 
 It's highly recommend running the function as [deferred function](https://puppet.com/docs/puppet/6/deferring_functions.html) since it executes the command on the agent.
 

REFERENCE.md

@@ -28,6 +28,7 @@
 
 ### Defined types
 
+* [`systemd::daemon_reload`](#systemddaemon_reload): Run systemctl daemon-reload
 * [`systemd::dropin_file`](#systemddropin_file): Creates a drop-in file for a systemd unit
 * [`systemd::modules_load`](#systemdmodules_load): Creates a modules-load.d drop file
 * [`systemd::network`](#systemdnetwork): Creates network config for systemd-networkd
@@ -581,6 +582,31 @@ Default value: `['create']`
 
 ## Defined types
 
+### <a name="systemddaemon_reload"></a>`systemd::daemon_reload`
+
+Run systemctl daemon-reload
+
+#### Parameters
+
+The following parameters are available in the `systemd::daemon_reload` defined type:
+
+* [`name`](#name)
+* [`enable`](#enable)
+
+##### <a name="name"></a>`name`
+
+A globally unique name for the resource
+
+##### <a name="enable"></a>`enable`
+
+Data type: `Boolean`
+
+Enable the reload exec
+
+* Added in case users want to disable the reload globally using a resource collector
+
+Default value: ``true``
+
 ### <a name="systemddropin_file"></a>`systemd::dropin_file`
 
 Creates a drop-in file for a systemd unit
@@ -605,6 +631,7 @@ The following parameters are available in the `systemd::dropin_file` defined typ
 * [`mode`](#mode)
 * [`show_diff`](#show_diff)
 * [`notify_service`](#notify_service)
+* [`daemon_reload`](#daemon_reload)
 
 ##### <a name="unit"></a>`unit`
 
@@ -708,6 +735,14 @@ Notify a service for the unit, if it exists
 
 Default value: ``false``
 
+##### <a name="daemon_reload"></a>`daemon_reload`
+
+Data type: `Boolean`
+
+Call systemd::daemon_reload
+
+Default value: ``true``
+
 ### <a name="systemdmodules_load"></a>`systemd::modules_load`
 
 Creates a modules-load.d drop file
@@ -989,6 +1024,7 @@ The following parameters are available in the `systemd::timer` defined type:
 * [`active`](#active)
 * [`enable`](#enable)
 * [`ensure`](#ensure)
+* [`daemon_reload`](#daemon_reload)
 
 ##### <a name="name"></a>`name`
 
@@ -1092,7 +1128,7 @@ Data type: `Optional[Boolean]`
 
 If set to true or false the timer service will be maintained.
 If true the timer service will be running and enabled, if false it will
-explictly stopped and disabled.
+explicitly stopped and disabled.
 
 Default value: ``undef``
 
@@ -1112,6 +1148,14 @@ Defines the desired state of the timer
 
 Default value: `'present'`
 
+##### <a name="daemon_reload"></a>`daemon_reload`
+
+Data type: `Boolean`
+
+Call `systemd::daemon_reload`
+
+Default value: ``true``
+
 ### <a name="systemdtmpfile"></a>`systemd::tmpfile`
 
 Creates a systemd tmpfile
@@ -1277,6 +1321,7 @@ The following parameters are available in the `systemd::unit_file` defined type:
 * [`hasstatus`](#hasstatus)
 * [`selinux_ignore_defaults`](#selinux_ignore_defaults)
 * [`service_parameters`](#service_parameters)
+* [`daemon_reload`](#daemon_reload)
 
 ##### <a name="name"></a>`name`
 
@@ -1418,6 +1463,14 @@ hash that will be passed with the splat operator to the service resource
 
 Default value: `{}`
 
+##### <a name="daemon_reload"></a>`daemon_reload`
+
+Data type: `Boolean`
+
+call `systemd::daemon-reload` to ensure that the modified unit file is loaded
+
+Default value: ``true``
+
 ## Resource types
 
 ### <a name="loginctl_user"></a>`loginctl_user`

manifests/daemon_reload.pp

@@ -0,0 +1,23 @@
+# @summary Run systemctl daemon-reload
+#
+# @api public
+#
+# @param name
+#   A globally unique name for the resource
+#
+# @param enable
+#   Enable the reload exec
+#
+#   * Added in case users want to disable the reload globally using a resource collector
+#
+define systemd::daemon_reload (
+  Boolean $enable = true,
+) {
+  if $enable {
+    exec { "${module_name}-${name}-systemctl-daemon-reload":
+      command     => 'systemctl daemon-reload',
+      refreshonly => true,
+      path        => $facts['path'],
+    }
+  }
+}

manifests/dropin_file.pp

@@ -17,6 +17,7 @@
 # @param mode The mode to set on the dropin file
 # @param show_diff Whether to show the diff when updating dropin file
 # @param notify_service Notify a service for the unit, if it exists
+# @param daemon_reload Call systemd::daemon_reload
 #
 define systemd::dropin_file (
   Systemd::Unit                               $unit,
@@ -32,6 +33,7 @@
   String                                      $mode                    = '0444',
   Boolean                                     $show_diff               = true,
   Boolean                                     $notify_service          = false,
+  Boolean                                     $daemon_reload           = true,
 ) {
   include systemd
 
@@ -69,11 +71,26 @@
     show_diff               => $show_diff,
   }
 
+  if $daemon_reload {
+    ensure_resource('systemd::daemon_reload', $unit)
+
+    File[$full_filename] ~> Systemd::Daemon_reload[$unit]
+  }
+
   if $notify_service {
     File[$full_filename] ~> Service <| title == $unit or name == $unit |>
+
+    if $daemon_reload {
+      Systemd::Daemon_reload[$unit] ~> Service <| title == $unit or name == $unit |>
+    }
+
     if $unit =~ /\.service$/ {
       $short_service_name = regsubst($unit, /\.service$/, '')
       File[$full_filename] ~> Service <| title == $short_service_name or name == $short_service_name |>
+
+      if $daemon_reload {
+        Systemd::Daemon_reload[$unit] ~> Service <| title == $short_service_name or name == $short_service_name |>
+      }
     }
   }
 }

manifests/resolved.pp

@@ -88,7 +88,7 @@
       # reboot.
       exec { 'restore_resolv.conf_if_possible':
         command => 'cp --remove-destination -f /run/systemd/resolve/resolv.conf /etc/resolv.conf',
-        onlyif  => 'test "$(readlink /etc/resolv.conf)" = "/run/systemd/resolve/resolv.conf"  || test "$(readlink /etc/resolv.conf)" = "/run/systemd/resolve/stub-resolv.conf"',
+        onlyif  => 'l="$(readlink /etc/resolv.conf)"; test "$l" = "/run/systemd/resolve/resolv.conf" || test "$l" = "/run/systemd/resolve/stub-resolv.conf',
         path    => $facts['path'],
       }
     }

manifests/service_limits.pp

@@ -74,7 +74,8 @@
       command     => "systemctl restart ${name}",
       path        => $facts['path'],
       refreshonly => true,
-      subscribe   => File["${path}/${name}.d/90-limits.conf"],
     }
+
+    Systemd::Dropin_file["${name}-90-limits.conf"] ~> Exec["restart ${name} because limits"]
   }
 }

manifests/timer.pp

@@ -50,14 +50,17 @@
 # @param active
 #  If set to true or false the timer service will be maintained.
 #  If true the timer service will be running and enabled, if false it will
-#  explictly stopped and disabled.
+#  explicitly stopped and disabled.
 #
 # @param enable
 #   If set, will manage the state of the unit.
 #
 # @param ensure
 #   Defines the desired state of the timer
 #
+# @param daemon_reload
+#   Call `systemd::daemon_reload`
+#
 define systemd::timer (
   Enum['present', 'absent', 'file']        $ensure = 'present',
   Stdlib::Absolutepath                     $path = '/etc/systemd/system',
@@ -72,39 +75,38 @@
   Boolean                                  $show_diff = true,
   Optional[Variant[Boolean, Enum['mask']]] $enable = undef,
   Optional[Boolean]                        $active = undef,
+  Boolean                                  $daemon_reload = true,
 ) {
   assert_type(Pattern['^.+\.timer$'],$name)
 
-  if $service_unit {
-    $_service_unit = $service_unit
-  } else {
-    $_service_unit = "${basename($name,'.timer')}.service"
-  }
-
   if $service_content or $service_source {
+    $_service_unit = pick($service_unit, "${basename($name,'.timer')}.service")
+
     systemd::unit_file { $_service_unit:
-      ensure    => $ensure,
-      content   => $service_content,
-      source    => $service_source,
-      path      => $path,
-      owner     => $owner,
-      group     => $group,
-      mode      => $mode,
-      show_diff => $show_diff,
-      before    => Systemd::Unit_File[$name],
+      ensure        => $ensure,
+      content       => $service_content,
+      source        => $service_source,
+      path          => $path,
+      owner         => $owner,
+      group         => $group,
+      mode          => $mode,
+      show_diff     => $show_diff,
+      before        => Systemd::Unit_File[$name],
+      daemon_reload => $daemon_reload,
     }
   }
 
   systemd::unit_file { $name:
-    ensure    => $ensure,
-    content   => $timer_content,
-    source    => $timer_source,
-    path      => $path,
-    owner     => $owner,
-    group     => $group,
-    mode      => $mode,
-    show_diff => $show_diff,
-    enable    => $enable,
-    active    => $active,
+    ensure        => $ensure,
+    content       => $timer_content,
+    source        => $timer_source,
+    path          => $path,
+    owner         => $owner,
+    group         => $group,
+    mode          => $mode,
+    show_diff     => $show_diff,
+    enable        => $enable,
+    active        => $active,
+    daemon_reload => $daemon_reload,
   }
 }

manifests/unit_file.pp

@@ -61,6 +61,9 @@
 # @param service_parameters
 #   hash that will be passed with the splat operator to the service resource
 #
+# @param daemon_reload
+#   call `systemd::daemon-reload` to ensure that the modified unit file is loaded
+#
 # @example manage unit file + service
 #   systemd::unit_file { 'foo.service':
 #     content => file("${module_name}/foo.service"),
@@ -85,6 +88,7 @@
   Optional[Boolean]                        $hasstatus = undef,
   Boolean                                  $selinux_ignore_defaults = false,
   Hash[String[1], Any]                     $service_parameters = {},
+  Boolean                                  $daemon_reload = true
 ) {
   include systemd
 
@@ -125,6 +129,12 @@
     selinux_ignore_defaults => $selinux_ignore_defaults,
   }
 
+  if $daemon_reload {
+    ensure_resource('systemd::daemon_reload', $name)
+
+    File["${path}/${name}"] ~> Systemd::Daemon_reload[$name]
+  }
+
   if $enable != undef or $active != undef {
     service { $name:
       ensure     => $active,
@@ -143,15 +153,10 @@
       Service[$name] -> File["${path}/${name}"]
     } else {
       File["${path}/${name}"] ~> Service[$name]
-    }
-  } else {
-    # Work around https://tickets.puppetlabs.com/browse/PUP-9473
-    # and react to changes on static unit files (ie: .service triggered by .timer)
-    exec { "${name}-systemctl-daemon-reload":
-      command     => 'systemctl daemon-reload',
-      refreshonly => true,
-      path        => $facts['path'],
-      subscribe   => File["${path}/${name}"],
+
+      if $daemon_reload {
+        Systemd::Daemon_reload[$name] ~> Service[$name]
+      }
     }
   }
 }

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppet-systemd",
-  "version": "3.9.0",
+  "version": "3.10.0",
   "author": "Vox Pupuli",
   "summary": "Puppet Systemd module",
   "license": "Apache-2.0",