From 4002c707ec56d81770aaacfbfad93d8968cfa38f Mon Sep 17 00:00:00 2001
From: Paul Belanger <pabelanger@redhat.com>
Date: Fri, 15 Dec 2017 14:50:31 -0500
Subject: [PATCH] Add systemd support for krb5-kpropd

Add a systemd script, which is backported from Artful. So good news if
we are still running puppet when ubuntu 18.04 upgrades happen, we can
delete this code.

Change-Id: I806abac132efedfd2b97dea1d0954e6235f26673
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
---
 files/krb5-kpropd.service | 14 ++++++++++++
 manifests/server.pp       | 48 ++++++++++++++++++++++++++++-----------
 2 files changed, 49 insertions(+), 13 deletions(-)
 create mode 100644 files/krb5-kpropd.service

diff --git a/files/krb5-kpropd.service b/files/krb5-kpropd.service
new file mode 100644
index 0000000..88eea12
--- /dev/null
+++ b/files/krb5-kpropd.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Kerberos 5 slave KDC update server
+
+[Service]
+ExecReload=/bin/kill -HUP $MAINPID
+EnvironmentFile=-/etc/default/krb5-kpropd
+ExecStart=/usr/sbin/kpropd -D $DAEMON_ARGS
+InaccessibleDirectories=/etc/ssh /etc/ssl/private  /root
+ReadOnlyDirectories=/
+ReadWriteDirectories=/var/tmp /tmp /var/lib/krb5kdc /var/run /run
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
diff --git a/manifests/server.pp b/manifests/server.pp
index 5feb53e..d2499a1 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -43,13 +43,6 @@ class kerberos::server (
     ensure => directory,
   }
 
-  file { '/etc/init.d/krb5-kpropd':
-    ensure  => present,
-    replace => true,
-    source  => 'puppet:///modules/kerberos/krb5-kpropd',
-    require => Package['krb5-admin-server'],
-  }
-
   file { '/usr/local/bin/run-kprop.sh':
     ensure  => present,
     replace => true,
@@ -87,12 +80,41 @@ class kerberos::server (
     environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
   }
 
-  service { 'krb5-kpropd':
-    ensure  => $run_kpropd,
-    require => [
-      File['/etc/init.d/krb5-kpropd'],
-      Package['krb5-admin-server'],
-    ],
+  if ($::operatingsystem == 'Ubuntu') and ($::operatingsystemrelease >= '16.04') {
+    file { '/etc/systemd/system/krb5-kpropd.service':
+      ensure  => present,
+      replace => true,
+      source  => 'puppet:///modules/kerberos/krb5-kpropd.service',
+      require => Package['krb5-admin-server'],
+    }
+    service { 'krb5-kpropd':
+      ensure  => $run_kpropd,
+      require => [
+        File['/etc/systemd/system/krb5-kpropd.service'],
+      ],
+    }
+    # This is a hack to make sure that systemd is aware of the new service
+    # before we attempt to start it.
+    exec { 'krb5-kpropd-systemd-daemon-reload':
+      command     => '/bin/systemctl daemon-reload',
+      before      => Service['krb5-kpropd'],
+      subscribe   => File['/etc/systemd/system/krb5-kpropd.service'],
+      refreshonly => true,
+    }
+  } else {
+    file { '/etc/init.d/krb5-kpropd':
+      ensure  => present,
+      replace => true,
+      source  => 'puppet:///modules/kerberos/krb5-kpropd',
+      require => Package['krb5-admin-server'],
+    }
+
+    service { 'krb5-kpropd':
+      ensure  => $run_kpropd,
+      require => [
+        File['/etc/init.d/krb5-kpropd'],
+      ],
+    }
   }
 
   service { 'krb5-admin-server':