On 02/13/2016 05:34 AM, Alex Harvey wrote:
The problem is that removing sources from the array of your
multiplexer resource will just lead to some firewall resources not
being in the catalog anymore. Their respective rules will remain
orphaned, which is not what the user will expect.
Is this really a problem though? The documentation for the module
recommends that users do purge the unmanaged firewall rules. If they
choose not to, then they should understand that means they need to
take care of those manually. It's no different to any other resource
in Puppet. If one day I stop managing the /etc/motd file, I should
understand that Puppet won't delete the file; it'll simply leave it in
whatever state it was in.
Sure, but I feel that this case is especially confusing.
The user does not remove a resource from their manifest. They change a
parameter of one of their resources, which feels like changing a
property value for a proper resource. The fact that this may not be
sync'ed correctly by the agent can be surprising, and removing firewall
rules is a highly critical operation.
So, yes, I think you should go ahead and build that module, but please
make sure to plaster its documentation with warnings ;-)
Cheers,
Felix
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/56BF2FE8.3040109%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.
