diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/news/propellor_demo.mdwn | 8 | ||||
| -rw-r--r-- | doc/news/version_0.7.0.mdwn | 9 | ||||
| -rw-r--r-- | doc/news/version_0.8.0.mdwn | 20 | ||||
| -rw-r--r-- | doc/news/version_0.8.1.mdwn | 7 | ||||
| -rw-r--r-- | doc/news/version_0.8.2.mdwn | 10 | ||||
| -rw-r--r-- | doc/news/version_0.8.3.mdwn | 11 | ||||
| -rw-r--r-- | doc/security.mdwn | 2 | ||||
| -rw-r--r-- | doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment | 10 | ||||
| -rw-r--r-- | doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment | 8 | ||||
| -rw-r--r-- | doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment | 17 | ||||
| -rw-r--r-- | doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment | 22 | ||||
| -rw-r--r-- | doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment | 13 | ||||
| -rw-r--r-- | doc/todo/type_level_port_conflict_detection.mdwn | 5 |
13 files changed, 141 insertions, 1 deletions
diff --git a/doc/news/propellor_demo.mdwn b/doc/news/propellor_demo.mdwn new file mode 100644 index 00000000..362f56e6 --- /dev/null +++ b/doc/news/propellor_demo.mdwn @@ -0,0 +1,8 @@ +A quick demo of propellor. + +<video controls src="http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm"></video> + +[video](http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm) + +(Audio quality is clipped/fast in places, unfortunately this was a problem +with the source recording.) diff --git a/doc/news/version_0.7.0.mdwn b/doc/news/version_0.7.0.mdwn new file mode 100644 index 00000000..6ce0b517 --- /dev/null +++ b/doc/news/version_0.7.0.mdwn @@ -0,0 +1,9 @@ +propellor 0.7.0 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * combineProperties no longer stops when a property fails; now it continues + trying to satisfy all properties on the list before propigating the + failure. + * Attr is renamed to Info. + * Renamed wrapper to propellor to make cabal installation of propellor work. + * When git gpg signature of a fetched git branch cannot be verified, + propellor will now continue running, but without merging in that branch."""]]
\ No newline at end of file diff --git a/doc/news/version_0.8.0.mdwn b/doc/news/version_0.8.0.mdwn new file mode 100644 index 00000000..69dbb927 --- /dev/null +++ b/doc/news/version_0.8.0.mdwn @@ -0,0 +1,20 @@ +propellor 0.8.0 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Completely reworked privdata storage. There is now a single file, + and each host is sent only the privdata that its Properties actually use. + To transition existing privdata, run propellor against a host and + watch out for the red failure messages, and run the suggested commands + to store the privdata using the new storage scheme. You may find + it useful to run the old version of propellor to extract data from the old + privdata files during this migration. + Several properties that use privdata now require a context to be + specified. If in doubt, you can use anyContext, or + Context "hostname.example.com" + * Add --edit to edit a privdata value in $EDITOR. + * Add --list-fields to list all currently set privdata fields, along with + the hosts that use them. + * Fix randomHostKeys property to run openssh-server's postinst in a + non-failing way. + * Hostname.sane now cleans up the 127.0.0.1 localhost line in /etc/hosts, + to avoid eg, apache complaining "Could not reliably determine the + server's fully qualified domain name"."""]]
\ No newline at end of file diff --git a/doc/news/version_0.8.1.mdwn b/doc/news/version_0.8.1.mdwn new file mode 100644 index 00000000..963b4a80 --- /dev/null +++ b/doc/news/version_0.8.1.mdwn @@ -0,0 +1,7 @@ +propellor 0.8.1 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Run apt-get update in initial bootstrap. + * --list-fields now includes a table of fields that are not currently set, + but would be used if they got set. + * Remove .gitignore from cabal file list, to avoid build failure on Debian. + Closes: #[754334](http://bugs.debian.org/754334)"""]]
\ No newline at end of file diff --git a/doc/news/version_0.8.2.mdwn b/doc/news/version_0.8.2.mdwn new file mode 100644 index 00000000..d1e9da18 --- /dev/null +++ b/doc/news/version_0.8.2.mdwn @@ -0,0 +1,10 @@ +propellor 0.8.2 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Fix bug in File.containsLines that caused lines that were already in the + file to sometimes be appended to the end. + * Hostname.sane also configures /etc/mailname. + * Fixed Postfix.satellite to really configure relayhost = smtp.domain. + * Avoid reconfiguring postfix unncessarily when it already has a relayhost. + * Deal with apache 2.4's change in the name of site-available config files. + * Hostname aliases can now be used in several places, including --spin + and Ssh.knownHost."""]]
\ No newline at end of file diff --git a/doc/news/version_0.8.3.mdwn b/doc/news/version_0.8.3.mdwn new file mode 100644 index 00000000..82f400c0 --- /dev/null +++ b/doc/news/version_0.8.3.mdwn @@ -0,0 +1,11 @@ +propellor 0.8.3 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * The Debian package now includes a single-revision git repository in + /usr/src/propellor/, and ~/.propellor/ is set up to use this repository as + its origin remote. This avoids relying on the security of the github + repository when using the Debian package. + * The /usr/bin/propellor wrapper will warn when ~/.propellor/ is out of date + and a newer version is available, after which git merge upstream/master + can be run to merge it. + * Included the config.hs symlink to config-simple.hs in the cabal and Debian + packages."""]]
\ No newline at end of file diff --git a/doc/security.mdwn b/doc/security.mdwn index 075d68ec..5bc1e2f4 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -28,7 +28,7 @@ in cleartext private data such as passwords, ssh private keys, etc. Instead, `propellor --spin $host` looks for a `~/.propellor/privdata/privdata.gpg` file and if found decrypts it, -extracts the private that that the $host needs, and sends it to to the +extracts the private data that that the $host needs, and sends it to to the $host using ssh. This lets a host know its own private data, without seeing all the rest. diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment new file mode 100644 index 00000000..4ed9ecdb --- /dev/null +++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Is it ok to publish to a public repository?" + date="2014-08-29T21:13:19Z" + content=""" +It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong? + +Thanks +"""]] diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment new file mode 100644 index 00000000..4d209b03 --- /dev/null +++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="131.252.200.111" + subject="comment 2" + date="2014-08-29T21:52:02Z" + content=""" +--add-key puts your **public** key in the repository, not the private key. +"""]] diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment new file mode 100644 index 00000000..4d75842d --- /dev/null +++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Remote host fails to connect" + date="2014-08-30T06:40:33Z" + content=""" +Makes sense of course, but the message one gets when doing that is a bit misleading. + +I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because: + +1. the host key is not initially present in root's known_hosts, then +2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH + +I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore. + +Thanks for your help +"""]] diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment new file mode 100644 index 00000000..b2ac4d57 --- /dev/null +++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment @@ -0,0 +1,22 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Output from propellor --spin $host" + date="2014-08-30T07:17:52Z" + content=""" +Here is the output (truncated): + + + Permission denied (publickey). + fatal: Could not read from remote repository. + + Please make sure you have the correct access rights + and the repository exists. + Git fetch ... failed + fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree. + Use '--' to separate paths from revisions, like this: + 'git <command> [<revision>...] -- [<file>...]' + propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128) + + +"""]] diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment new file mode 100644 index 00000000..cc26f42d --- /dev/null +++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment @@ -0,0 +1,13 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Got it working..." + date="2014-08-31T12:50:17Z" + content=""" +OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations: + +* Use a https:// based url for the first +* Use a git:// based url for the second + +I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url. +"""]] diff --git a/doc/todo/type_level_port_conflict_detection.mdwn b/doc/todo/type_level_port_conflict_detection.mdwn new file mode 100644 index 00000000..5aec5775 --- /dev/null +++ b/doc/todo/type_level_port_conflict_detection.mdwn @@ -0,0 +1,5 @@ +See <http://stackoverflow.com/questions/26027765/using-types-to-prevent-conflicting-port-numbers-in-a-list> --[[Joey]] + +Needs ghc newer than 7.6.3. It may be possible to port Data.Type.Equality +and Data.Type.Bool to older versions; I got them to compile but they didn't +work right. --[[Joey]] |