Closed sventhomsen closed 8 years ago
wouldn't it be better to implement the distribution selection into the build firewall script instead of duplicating the whole script?
Depends... I favor doing these kind of customizations in puppet, not at runtime.
But: I could convert the script to an erb-template and we would have best of both worlds: single source and customization at setup time :-)
Other opinions?
I think we should have the selector in the script itself. In a upgrade situation we should preserve functionality without the need to rerun our deploy script. We have such run-time checks all over the place, because we decided at some time that our script-foo should work without dependencies to puppet.
Furthermore duplicating the codebase is not the finest way.
I vote for run-time selection.
OK, I'll change this... Closing this one....
OK, changed to a runtime selector in /usr/local/bin/build-firewall
Okay, that's a diff I would merge. Please rebase the patchset and force push it into your PR Branch.
Done.
Okay, that didn't work out as I planed to, but whatever.
Ah. Should have cherry-picked that one. Sorry, forgot about that revert.
Debian Jessie renamed iptables-persistent to netfilter-persistent.
Script /usr/local/bin/build-firewall and manifest "firewall.pp" need a selector for choosing netfilter-persistent when running on jessie.
Solved by using a file-variant for the script and a conditional for the name of the service