resolving cyclic dependency in puppet when notifying resource in another class

Question

I have written one apache class which install apache2 and configure ssl and then start apache service. I am writing one subclass which will configure one virtual host and then restart apache service. I am getting cyclic dependency error as I am trying to notify apache2 service once virtual host has been added.

I resolved this error by changing require to include but does this mean that resources in apache class will run before apache::no ?

If not then what is the way to resolve this dependency error ?

Is it a good practice to notify resources in another class ?

Error: Failed to apply catalog: Found 1 dependency cycle:
(Exec[no] => Service[apache2] => Class[Apache] => Class[Apache::No] => Exec[no])
Try the '--graph' option and opening the resulting '.dot' file in OmniGraffle or GraphViz

apache.pp

class apache {

    $listen_port="8181"
    $no_port="4143"
    #file { '/etc/apache2/ports.conf' :
        #ensure => present ,
        #content => template("apache/ports.conf.erb"),
        #require => Package['apache2'],
        #notify => Service['apache2'],
    #}->
    case $facts['osfamily'] {
    /^(Debian|Ubuntu)$/: {
    file { '/etc/apache2/sites-available/000-default.conf' :
        ensure => present ,
        content => template("apache/000-default.conf.erb"),
        require => Package['apache2'],
        notify => Service['apache2'],
        noop => true,
    }
    file { '/etc/apache2/sites-available/default-ssl.conf':
        ensure => present ,
        content => template("apache/default-ssl.conf.erb"),
        require => Package['apache2'],
        notify => Service['apache2'],
        #noop => true,
    }
    file { ['/etc','/etc/apache2','/etc/apache2/ssl'] :
        ensure => directory,
        require => Package['apache2'],
    }
    package { 'apache2' :
        ensure => latest,
        notify => Exec['ssl']
    } ->
    augeas { 'no' :
        context => "/files/etc/apache2/ports.conf",
        changes => [
                       "set /files/etc/apache2/sites-available/default-ssl.conf/IfModule/VirtualHost/directive[2]/arg localhost",
                       "set /files/etc/apache2/sites-available/default-ssl.conf/IfModule/VirtualHost/directive[8]/arg /etc/apache2/ssl/apache.key",
                       "set /files/etc/apache2/sites-available/default-ssl.conf/IfModule/VirtualHost/directive[7]/arg /etc/apache2/ssl/apache.crt",
                       "set /files/etc/apache2/ports.conf/IfModule[2]/directive/arg $$no_port",
                       "set /files/etc/apache2/ports.conf/IfModule[1]/directive/arg $no_port",
                       "set /files/etc/apache2/ports.conf/directive/arg 8181",
                       "set /files/etc/apache2/sites-available/000-default.conf/VirtualHost/arg *:8181",
                       "set /files/etc/apache2/sites-available/default-ssl.conf/IfModule/VirtualHost/arg *:$no_port",
                   ],
        require => Package['apache2'],
    } ->
    service { 'apache2' :
        ensure => running
    }
    package { 'openssl' :
        ensure => latest
    } ->
    exec { 'ssl' :
        path => ["/usr/local/sbin","/usr/local/bin","/usr/sbin","/usr/bin","/sbin","/bin"],
        command => 'openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com" ; a2enmod ssl ; a2ensite default-ssl ',
        notify => Service['apache2'],
        require => Augeas['no'],
        refreshonly => true,
    }
    }
}

no.pp

class apache::no {

      require ::apache
      $listen_port="8181"
      file { 'no' :
          ensure => present,
          path => '/etc/apache2/sites-available/no.conf',
          content => template("apache/no.conf.erb"),
          notify => Exec['no'],
      }
      Exec { 'no' :
           path => ["/usr/local/sbin","/usr/local/bin","/sbin","/bin","/usr/sbin","/usr/bin","/root/bin"],
           command => 'a2ensite no.conf',
           notify => Service['apache2'],
           refreshonly => true,
      }
      #Service { 'apache2' :
          #ensure => running,
      #}
}

Thanks

Answer 1

Your code is indeed inconsistent. By ...

require ::apache

... it insists that everything managed via class ::apache be managed before anything declared in the current class, but ...

Exec { 'no' :
   # ...
   notify => Service['apache2'],
   # ...
}

... requires that Exec['no'] be managed before Service['apache2'] , which is managed by class ::apache2 . You cannot have it both ways.

The problem arises from mixing levels of abstraction. In one place you are expressing relationships with a whole class, and elsewhere you express a relationship with just one part of that class. There are two basic approaches to fixing this: either establish separate class-size pieces with which to declare your separate relationships, or else establish all needed relationships directly with the relevant resources (a Package and a Service in this case). The latter is acceptable only because you are working within the same module, but even so, the former is probably better. It might look like this:

class apache {
  # declare variables ...
  include '::apache::software'
  include '::apache::config'
  include '::apache::service'

  Class['::apache::software'] -> Class['::apache::config']
  Class['::apache::config']   ~> Class['::apache::service']
}

# ... class apache::software manages ensuring the package is installed
# ... class apache::config manages the configuration file
# ... class apache::service manages the httpd service

class apache::no {
    require 'apache::config'
    # ...
  Exec { 'no' :
    # ...
    notify => Class['apache::service']
  }
}