diff options
Diffstat (limited to 'doc/todo')
| -rw-r--r-- | doc/todo/better_privdata.mdwn | 12 | ||||
| -rw-r--r-- | doc/todo/docker_todo_list.mdwn | 3 | ||||
| -rw-r--r-- | doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment | 10 | ||||
| -rw-r--r-- | doc/todo/docker_todo_list/comment_2_441591f9aa106e8d6d1fa7fd6be0fc6f._comment | 10 | ||||
| -rw-r--r-- | doc/todo/done.mdwn | 4 | ||||
| -rw-r--r-- | doc/todo/hooks.mdwn | 7 | ||||
| -rw-r--r-- | doc/todo/info_propigation_out_of_nested_properties.mdwn | 28 | ||||
| -rw-r--r-- | doc/todo/metapackage.mdwn | 5 | ||||
| -rw-r--r-- | doc/todo/ssh__95__user_+_sudo.mdwn | 1 | ||||
| -rw-r--r-- | doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment | 10 | ||||
| -rw-r--r-- | doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment | 8 | ||||
| -rw-r--r-- | doc/todo/ssh__95__user_+_sudo/comment_3_d1e4040677b39342be00359210c02156._comment | 10 | ||||
| -rw-r--r-- | doc/todo/ssh_hostkey_Info.mdwn | 7 |
13 files changed, 115 insertions, 0 deletions
diff --git a/doc/todo/better_privdata.mdwn b/doc/todo/better_privdata.mdwn new file mode 100644 index 00000000..1ee9e14f --- /dev/null +++ b/doc/todo/better_privdata.mdwn @@ -0,0 +1,12 @@ +It can be annoying to need to move privdata values around when moving +services between hosts, which is otherwise often just a cut-n-paste +of a line in config.hs. + +It would be better if privdata were all stored in one Map, and the set of +privdata that a host's current properties need were sent to it +automatically, rather than the current 1-file-per-host separation. + +For this to work though, each property that uses privdata would need to add +to the host's Info the privdata field it uses. + +> [[done]]! --[[Joey]] diff --git a/doc/todo/docker_todo_list.mdwn b/doc/todo/docker_todo_list.mdwn new file mode 100644 index 00000000..1321445d --- /dev/null +++ b/doc/todo/docker_todo_list.mdwn @@ -0,0 +1,3 @@ +* There is no way for a property of a docker container to require + some property be met outside the container. For example, some servers + need ntp installed for a good date source. diff --git a/doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment b/doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment new file mode 100644 index 00000000..ff217423 --- /dev/null +++ b/doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="gueux" + ip="109.190.19.251" + subject="CMD" + date="2014-04-21T13:49:08Z" + content=""" +It would be great to be able to set the CMD of a docker container. + +http://docs.docker.io/reference/builder/#cmd +"""]] diff --git a/doc/todo/docker_todo_list/comment_2_441591f9aa106e8d6d1fa7fd6be0fc6f._comment b/doc/todo/docker_todo_list/comment_2_441591f9aa106e8d6d1fa7fd6be0fc6f._comment new file mode 100644 index 00000000..24ec5da3 --- /dev/null +++ b/doc/todo/docker_todo_list/comment_2_441591f9aa106e8d6d1fa7fd6be0fc6f._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="209.250.56.114" + subject="comment 2" + date="2014-04-24T23:31:09Z" + content=""" +propellor does not build docker containers, I think that's the point where a CMD is set. + +It would probably make sense to have a mode where docker run is not passed any explicit command to run, which would let the predefined CMD be used. Although this would not let propellor run inside the container, so it could not perform any provisioning of it. In this mode, propellor would only be able to ensure that a container was installed and start it running with its default configuration. +"""]] diff --git a/doc/todo/done.mdwn b/doc/todo/done.mdwn new file mode 100644 index 00000000..e7c98081 --- /dev/null +++ b/doc/todo/done.mdwn @@ -0,0 +1,4 @@ +recently fixed [[todo]] items. + +[[!inline pages="./* and link(./done) and !*/Discussion" sort=mtime show=10 +archive=yes]] diff --git a/doc/todo/hooks.mdwn b/doc/todo/hooks.mdwn new file mode 100644 index 00000000..a62aa5e7 --- /dev/null +++ b/doc/todo/hooks.mdwn @@ -0,0 +1,7 @@ +* Need a way to run an action when a property changes, but only + run it once for the whole. For example, may want to restart apache, + but only once despite many config changes being made to satisfy + properties. onChange is a poor substitute.a +* Relatedly, a property that say, installs systemd needs to have a way + to reboot the system when a change is made. But this should only + happen at the very end, after everything else. diff --git a/doc/todo/info_propigation_out_of_nested_properties.mdwn b/doc/todo/info_propigation_out_of_nested_properties.mdwn new file mode 100644 index 00000000..9e69b0b4 --- /dev/null +++ b/doc/todo/info_propigation_out_of_nested_properties.mdwn @@ -0,0 +1,28 @@ +Currently, Info about a Host's Properties is manually gathered and +propigated. propertyList combines the Info of the Properties in the list. +Docker.docked extracts relevant Info from the Properties of the container +(but not al of it, intentionally!). + +This works, but it's error-prone. Consider this example: + + withOS desc $ \o -> case o of + (Just (System (Debian Unstable) _)) -> ensureProperty foo + _ -> ensureProperty bar + +Here, the Info of `foo` is not propigated out. Nor is `bar`'s Info. +Of course, only one of them will be run, and only its info should be propigated +out.. + +One approach might be to make the Propellor monad be able to be run in two +modes. In one mode, it actually perform IO, etc. In the other mode, all +liftIO is a no-op, but all Info encountered is accumulated using a Reader +monad. This might need two separate monad definitions. + +That is surely doable, but the withOS example above shows a problem with it -- +the OS is itself part of a Host's info, so won't be known until all its +properties have been examined for info! + +Perhaps that can be finessed. We don't really need to propigate out OS info. +Just DNS and PrivDataField Info. So info could be collected in 2 passes, +first as it's done now by static propertyInfo values. Then by running +the Properties in the Reader monad. diff --git a/doc/todo/metapackage.mdwn b/doc/todo/metapackage.mdwn new file mode 100644 index 00000000..bd14f858 --- /dev/null +++ b/doc/todo/metapackage.mdwn @@ -0,0 +1,5 @@ +* Should be possible to generate a metapackage of all packages that + properties direct apt to install. Then any other packages can be + auto-removed. This would just be a matter of storing the apt-installed + packages in to Info or somewhere. Although not removing essential and base packages + could be problimatic. diff --git a/doc/todo/ssh__95__user_+_sudo.mdwn b/doc/todo/ssh__95__user_+_sudo.mdwn new file mode 100644 index 00000000..2269cecd --- /dev/null +++ b/doc/todo/ssh__95__user_+_sudo.mdwn @@ -0,0 +1 @@ +It would be great to be able to ssh to a user different from root, and then to use sudo to run commands. diff --git a/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment b/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment new file mode 100644 index 00000000..e0dc1d7f --- /dev/null +++ b/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="209.250.56.214" + subject="comment 1" + date="2014-04-21T13:31:13Z" + content=""" +Running propellor that way would probably need ssh to allocate a tty in order for sudo's password prompt to work. And it adds complexity. Does it add security? I don't think so, PermitRootLogin=without-password or PasswordAuthentication=no is not going to let anyone brute force the root account. + +PermitRootLogin=forced-commands-only might be worth making easy to set up, so the only command that can be run with some special propellor-specific ssh key is propellor. +"""]] diff --git a/doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment b/doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment new file mode 100644 index 00000000..8dc6299b --- /dev/null +++ b/doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="gueux" + ip="109.190.19.251" + subject="comment 2" + date="2014-04-21T13:54:39Z" + content=""" +I didn't knew \"PermitRootLogin=forced-commands-only\", it seems great! +"""]] diff --git a/doc/todo/ssh__95__user_+_sudo/comment_3_d1e4040677b39342be00359210c02156._comment b/doc/todo/ssh__95__user_+_sudo/comment_3_d1e4040677b39342be00359210c02156._comment new file mode 100644 index 00000000..506b543a --- /dev/null +++ b/doc/todo/ssh__95__user_+_sudo/comment_3_d1e4040677b39342be00359210c02156._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="209.250.56.114" + subject="comment 3" + date="2014-04-24T22:17:31Z" + content=""" +Except that it led you to run into the failure mode described at [[forum/remote.origin_not_copied_to_managed_host?]] + +So now we have a concrete change to make: Make /usr/bin/propellor work if it's forced as the only command that can be run. Including making propellor's host bootstrapping work via it. +"""]] diff --git a/doc/todo/ssh_hostkey_Info.mdwn b/doc/todo/ssh_hostkey_Info.mdwn new file mode 100644 index 00000000..a7f8a66a --- /dev/null +++ b/doc/todo/ssh_hostkey_Info.mdwn @@ -0,0 +1,7 @@ +* Either `Ssh.hostKey` should set the sshPubKey info + (which seems hard, as info needs to be able to be calculated without + running any IO code, and here IO is needed along with decrypting the + PrivData..), or the public key should not be stored in + the PrivData, and instead configured using the info. + Getting the ssh host key into the info will allow automatically + exporting it via DNS (SSHFP record) |