diff options
Diffstat (limited to 'doc')
84 files changed, 1797 insertions, 28 deletions
diff --git a/doc/documentation.mdwn b/doc/documentation.mdwn index 340eb09f..99f61c04 100644 --- a/doc/documentation.mdwn +++ b/doc/documentation.mdwn @@ -1,14 +1,15 @@ The [API documentation](http://hackage.haskell.org/package/propellor) of -Propellor's modules is the most important docuemntation of propellor. +Propellor's modules is the most important documentation of propellor. Other documentation: * [[man page|usage]] * [[Haskell Newbie]] +* [[Writing Properties]] * [[Centralized Git Repository]] * [[Components]] * [[Contributing]] * [[Interface Stability]] -* [[Coding Stye]] +* [[Coding Style]] * [[Security]] * [[Debugging]] diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn new file mode 100644 index 00000000..b678d8d0 --- /dev/null +++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn @@ -0,0 +1,34 @@ +Hello, + +Still working on the reprepro property :) + +Here A property that I am using to publish a repository via apache (this is a prototype) + + website :: String -> Property + website hn = toProp $ Apache.siteEnabled hn apachecfg + where + apachecfg = [ "<VirtualHost *>" + , "DocumentRoot " ++ basePath + , "<Directory " ++ basePath ++ ">" + , " Options Indexes FollowSymLinks Multiviews" + , " Order allow,deny" + , Apache.allowAll + , "</Directory>" + ] ++ concatMap deny ["db", "conf", "incoming"] + ++ ["</VirtualHost>"] + + deny dir = [ "<Directory \"" ++ basePath ++ "apt/*/" ++ dir ++ "\">" + , " Order deny,allow" + , " Deny from all" + , "</Directory>" + ] + +during my test I am runing the config.hs with +runhaskell config.hs (it work the first time, the apache config files are ok) + +but when I do a modification on the apachecfg and rerun the runhaskell, +the config files are not updated. I need to remove them to have an updated version. + +cheers + +Fred diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment new file mode 100644 index 00000000..0101ccb2 --- /dev/null +++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment @@ -0,0 +1,30 @@ +[[!comment format=mdwn + username="picca" + subject="first run" + date="2014-12-08T09:31:46Z" + content=""" +root@mordor:~/propellor/src# PROPELLOR_DEBUG=1 runhaskell config.hs +[2014-12-08 10:27:10 CET] read: hostname [\"-f\"] +[2014-12-08 10:27:10 CET] command line: Run \"mordor\" +[2014-12-08 10:27:10 CET] read: git [\"remote\"] +[2014-12-08 10:27:10 CET] read: git [\"symbolic-ref\",\"--short\",\"HEAD\"] +[2014-12-08 10:27:10 CET] call: git [\"fetch\"] +Pull from central git repository ... done +[2014-12-08 10:27:12 CET] read: git [\"show-ref\",\"--hash\",\"master\"] +[2014-12-08 10:27:12 CET] read: git [\"show-ref\",\"--hash\",\"master\"] +mordor has Operating System (Debian Unstable) \"i386\" ... ok +[2014-12-08 10:27:12 CET] read: apt-cache [\"policy\",\"etckeeper\"] +mordor apt installed etckeeper ... ok +[2014-12-08 10:27:13 CET] read: apt-cache [\"policy\",\"ssh\"] +mordor apt installed ssh ... ok +[2014-12-08 10:27:13 CET] read: passwd [\"-S\",\"root\"] +mordor root has password ... ok +[2014-12-08 10:27:13 CET] call: a2query [\"-q\",\"-s\",\"reprepro\"] +[2014-12-08 10:27:14 CET] read: apt-cache [\"policy\",\"apache2\"] +[2014-12-08 10:27:14 CET] call: a2ensite [\"--quiet\",\"reprepro\"] +Enabling site reprepro. +[2014-12-08 10:27:15 CET] call: sh [\"-c\",\"set -e ; service 'apache2' reload >/dev/null 2>&1 || true\"] +mordor create reprepro ... done +mordor overall ... done + +"""]] diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment new file mode 100644 index 00000000..85a57383 --- /dev/null +++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment @@ -0,0 +1,38 @@ +[[!comment format=mdwn + username="picca" + subject="second run with content modified" + date="2014-12-08T09:37:43Z" + content=""" +Second run after adding a space here + + - , \" Options Indexes FollowSymLinks Multiviews\" + + , \" Options Indexes FollowSymLinks Multiviews\" + + + root@mordor:~/propellor/src# PROPELLOR_DEBUG=1 runhaskell config.hs + [2014-12-08 10:34:19 CET] read: hostname [\"-f\"] + [2014-12-08 10:34:19 CET] command line: Run \"mordor\" + [2014-12-08 10:34:19 CET] read: git [\"remote\"] + [2014-12-08 10:34:19 CET] read: git [\"symbolic-ref\",\"--short\",\"HEAD\"] + [2014-12-08 10:34:19 CET] call: git [\"fetch\"] + remote: Counting objects: 32, done. + remote: Compressing objects: 100% (6/6), done. + remote: Total 6 (delta 3), reused 0 (delta 0) + Dépaquetage des objets: 100% (6/6), fait. + Depuis git://git.kitenet.net/propellor + c5a8cae..9ac0dfb master -> origin/master + Pull from central git repository ... done + [2014-12-08 10:34:20 CET] read: git [\"show-ref\",\"--hash\",\"master\"] + [2014-12-08 10:34:20 CET] read: git [\"show-ref\",\"--hash\",\"master\"] + mordor has Operating System (Debian Unstable) \"i386\" ... ok + [2014-12-08 10:34:20 CET] read: apt-cache [\"policy\",\"etckeeper\"] + mordor apt installed etckeeper ... ok + [2014-12-08 10:34:21 CET] read: apt-cache [\"policy\",\"ssh\"] + mordor apt installed ssh ... ok + [2014-12-08 10:34:21 CET] read: passwd [\"-S\",\"root\"] + mordor root has password ... ok + [2014-12-08 10:34:21 CET] call: a2query [\"-q\",\"-s\",\"reprepro\"] + mordor create reprepro ... ok + mordor overall ... ok + +"""]] diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment new file mode 100644 index 00000000..5dc67fb0 --- /dev/null +++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment @@ -0,0 +1,11 @@ +[[!comment format=mdwn + username="picca" + subject="comment 3" + date="2014-12-08T10:47:59Z" + content=""" +I forgot to say that the content of + +/etc/apache2/site-xxx/reprepro[.conf] + +is unmodifed after this second run +"""]] diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment new file mode 100644 index 00000000..a9201541 --- /dev/null +++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment @@ -0,0 +1,16 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 4""" + date="2014-12-09T04:35:12Z" + content=""" +Pretty obvious why if you look at the code: + + enable = check (not <$> isenabled) $ + cmdProperty "a2ensite" ["--quiet", hn] + `describe` ("apache site enabled " ++ hn) + `requires` siteAvailable hn cf + +So that property was skipped entirely if the site was already enabled and never looked at the config file. + +I've put in a fix. +"""]] diff --git a/doc/forum/Propellor_without_superuser_privileges.mdwn b/doc/forum/Propellor_without_superuser_privileges.mdwn new file mode 100644 index 00000000..d7288a72 --- /dev/null +++ b/doc/forum/Propellor_without_superuser_privileges.mdwn @@ -0,0 +1,3 @@ +Joey uses propellor to popular his /home/joey on hosts he controls. I'd like to use it to populate my home directory on hosts where I don't have root. If someone gives me a shell account on a Debian box, it would be great to just run `propellor --spin` to have apply properties such as having certain stuff downloaded and compiled in `~/local/bin`, putting cronjobs in place, and checking stuff out with `myrepos`. + +Does propellor assume root access at a deep enough level that writing properties to do this stuff would be impractical? diff --git a/doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment b/doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment new file mode 100644 index 00000000..1a38ef94 --- /dev/null +++ b/doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment @@ -0,0 +1,26 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-12-26T19:26:00Z" + content=""" +I think that the root assumptions are in basically 3 places: + +* Many Properties assume they're run as root, and will fail if they're not. + Probably not a problem in practice for most of them. It might be nice + to make a few, such as `User.hasSomePassword` work when run as a normal + user. + +* Propellor's self-deployment involves running apt-get to instal ghc, + etc. This could be modified to check if it's not root and do a local + user of ghc if necessary. + +* `localdir = "/usr/local" and this is used in various places by eg, + `--spin`. It is, however, entirely possible to run "./propellor" in + some other directory, which causes it to run in that directory + and ensure the properties of localhost. `--spin` could certianly be + taught to run in a user mode where it uses "~/.propellor/" instead of + `localdir`. + +I think that's all! I don't plan to try to add this feature myself, but +will be happy to support anyone who wants to work on it. +"""]] diff --git a/doc/forum/Supported_OS.mdwn b/doc/forum/Supported_OS.mdwn new file mode 100644 index 00000000..f17b9054 --- /dev/null +++ b/doc/forum/Supported_OS.mdwn @@ -0,0 +1,5 @@ +What are the requirements for the configured OS ? Does it need to be Debian ? + +Would Propellor work for Arch linux, RHEL, Windows, AIX or linux on pSeries) ? + +Cheers diff --git a/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment new file mode 100644 index 00000000..3a2055ea --- /dev/null +++ b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment @@ -0,0 +1,23 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-12-07T15:58:03Z" + content=""" +I have heard of propellor being used on OSX. Probably that user wrote their +own code for OSX specific stuff. + +Propellor properites can be parameterized by OS. Currently it has support +for Debian and some untested support for Ubuntu. A property can be parameterized +like this: + + foo :: Property + foo = property "foo" withOS desc $ \o -> case o of + (Just (System (Debian _) _)) -> ensureProperty fooDebian + (Just (System (Ubuntu _) _)) -> ensureProperty fooUbuntu + +The first step for adding a new OS will be to modify <http://hackage.haskell.org/package/propellor-1.0.0/docs/Propellor-Types-OS.html>. +Compilation will then warn about all OS parameterized properties that +need to be updated to support your added OS, and it can be taken from there. + +I'll accept reasonable patches to support other OS's. +"""]] diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn new file mode 100644 index 00000000..c88defcf --- /dev/null +++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn @@ -0,0 +1,12 @@ +Hello, + +I am trying propellor on Debian Jessie (haskell is fantastic for this sort or things) to setup one of my computer. + +On my network, the system administrator set proxies for http and https. +These information are available via a http://proxy/proxy.pac URL. + +So I would like to know what should be done to extract this information and set it for all users on the system ? + +Cheers + +Frederic diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment new file mode 100644 index 00000000..6bf8844d --- /dev/null +++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-11-25T15:44:13Z" + content=""" +You could, for example, use Propellor.Propety.Cmd.cmdProperty +to run a command that sets up the proxying. If there's not a single command +that does it, you could cause propellor to fetch the url and deploy the +info itself. +"""]] diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment new file mode 100644 index 00000000..8458ee49 --- /dev/null +++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment @@ -0,0 +1,19 @@ +[[!comment format=mdwn + username="picca" + subject="comment 2" + date="2014-11-25T17:55:25Z" + content=""" +In my case I need to wget the proxy.pac file and parse it to find the right proxy. + +what worried me is that these proxy.pac things are dynamical depending on the ip of the sender AND the receive. +It work nicely with web browser, but not with the unix http_proxy and HTTPS_PROXY env. + +nevertheless, I can create something to parse my local setup and extract the right http_proxy. + +Is there something available in Propellor to set a global environment variable in /etc/environment (the right place for this ?) + +cheers + +Frederic + +"""]] diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment new file mode 100644 index 00000000..9bdcb4df --- /dev/null +++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment @@ -0,0 +1,11 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-11-25T19:37:46Z" + content=""" +There's no Property that handles setting global environment currently, but +it's a reasonable one to add. + +I think that /etc/environment is read by `pam_env` logins, but maybe not +other things, so dunno. +"""]] diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment new file mode 100644 index 00000000..d2a0b45e --- /dev/null +++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment @@ -0,0 +1,11 @@ +[[!comment format=mdwn + username="picca" + subject="comment 4" + date="2014-11-25T20:01:12Z" + content=""" +I saw that there is an haskell binding for augeas. + +Maybe this could be a nice uniform interface to deal with all the system configuration files. +then no need to deal with the config file formats. + +"""]] diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment new file mode 100644 index 00000000..d670fa3b --- /dev/null +++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 5" + date="2014-11-27T08:17:36Z" + content=""" +Just looked at augeas, and add it to propellor would be great. Much more robust than Propellor.Property.File.{containsLine,containsLines,lacksLine}, at least. +"""]] diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn new file mode 100644 index 00000000..0815b4b3 --- /dev/null +++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn @@ -0,0 +1 @@ +How can I modify the configuration of a managed host (which seems to be stored in /usr/local/propellor/.git/config) from the host on which I run propellor? diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment new file mode 100644 index 00000000..f034a377 --- /dev/null +++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-10-31T14:40:33Z" + content=""" +I'm curious what you need to configure there.. + +But, there seems to be a simple solution: Add a Property that configures +the .git/config however you need to! :) +"""]] diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn new file mode 100644 index 00000000..0a50fc91 --- /dev/null +++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn @@ -0,0 +1,177 @@ +Having taken the inital hurdle of getting propellor running +(cf. my last post in this forum), I am beginning to like propellor +quite a lot. - This comes not too much as a surprise, as I am +a Haskeller really. - I would love to use it for all my configuration +needs, and to that end ditch ansible. + +Propellor's biggest show stopper for me is this (maybe I am misunderstanding +propellor?): + +I can run + +``` + propellor --spin myhost +``` + +from the command line, and all the tasks/properties that I have +defined myhost to have beforehand will be executed/realized/configured. + +Say eg. I haved defined (sorry for the bad formatting, +seems I have to do it line by line to get the markdown look nice) + +``` +myhost :: Host +``` + +``` +myhost = host "myhost" + & os (System (Debian Testing) "amd64") + & emacs + & apt +``` + +``` +emacs :: Property HasInfo +``` + +``` +emacs = propertyList "install & configure emacs" $ props + & Apt.installed ["emacs" + , "auto-complete-el"] +``` + +``` + apt :: Property HasInfo +``` + +``` +apt = propertyList "apt update + upgrade" $ props + & Apt.update + & Apt.upgrade +``` + + +Then running + +``` + propellor --spin myhost +``` + +will make sure, that emacs is installed, and all my +packages on myhost are up to date. + +It does so every time I run propellor, but normally I install +emacs only once (and I know it's installed), whereas +the apt update+upgrade combo I would want to run every other day. + +So what I would like is this: have just a minimal config for +myhost, like this: + +``` +myhost :: Host +``` + +``` +myhost = host "myhost" + & os (System (Debian Testing) "amd64") +``` + +and then run a task (require a property ?) on myhost, somehow +from the command line, like this + +``` + propellor --spin myhost --task apt +``` + +Many other properties / installation steps I could run in this +manner, like installing emacs initially + +``` + propellor --spin myhost --task emacs +``` + +In ansible I can do this with playbooks: + +``` + ansible-playbook -l myhost apt.yml +``` + +with some preconfigured playbook apt.yml that does just +the apt update + upgrade task and nothing else. But I would +have other tasks in other playbooks of course: I can install & configure +emacs on myhost + +``` + ansible-playbook -l myhost emacs.yml +``` + +etc. + +Related to that (but maybe not strictly the same question): + +I wouldn't mind writing my own haskell script that does +the command line parsing (with optparse applicative eg): +I could have options for + +``` + --host (myhost/...) +``` + +and + +``` + --task (emacs/apt/...) +``` + +and then just call into propellor. Unfortunately propellor's +defaultMain does more than I want: gets the command line +from processCmdLine. + +So I tried to create my own otherMain (similar to defaultMain, +but would let me do my own command line parsing): + +``` + otherMain :: [Host] -> CmdLine -> IO () +``` + +but then at some point just gave up: for one thing: things +were getting complicated, because of all the indirection: +the propellor command line tool recompiles itself (?), +does all this git stuff etc. + +And then: maybe I am approaching things in the wrong direction: +maybe it's just not meant to be used that way +(but ansible works fine for me in this regard)? + +And I thought: I don't really want to start a major programming +task just to get this thing working, the way that seems +reasonable to me. Or maybe it's possible already, and I just +don't know how to use it? (So I am stuck with ansible for the time +being). + +Still more or less related: + +Say this otherMain function existed, that allowed me to +to do my own command line parsing and just +call propellor on some host with the one or the other task, +I am not 100% what's the right +way to ensure/require/execute such a task on a host: + +above I am just using + +``` + host & property +``` + +(from PropAccum), but maybe ensureProperty is better suited +for that? + +Also for the wish list: some CONFIG_FILE env variable that +would allow me to keep my config.hs somewhere other than +in ~/.propellor/config.hs + + +Anyway, thanks so far +I would certainly want to switch to propellor completely. + + Andreas diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment new file mode 100644 index 00000000..273dc758 --- /dev/null +++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment @@ -0,0 +1,14 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2015-04-14T18:48:23Z" + content=""" +By composing these things at the command-line, you're using the +command-line, rather than haskell, for describing your system. I don't +think that's a win. + +As far as properties that you don't want to have run every time, see +`Propellor.Property.Scheduled.period`. For example: + + & Apt.update `period` Daily +"""]] diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment new file mode 100644 index 00000000..3eca3457 --- /dev/null +++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment @@ -0,0 +1,52 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0" + nickname="Andreas" + subject="comment 2" + date="2015-04-14T19:24:46Z" + content=""" +using the command line: well yes, that's right. +Still: I can configure a lot of details in haskell (ansible playbooks): + +my emacs task eg. is not only ensuring that emacs is installed +(as in the example above), but I also set some links to my +elisp config files, ensure that cask installed etc. + +another task for me is installing X windows: +again lots of details: not only the xorg packages, +but some links to .xsession files, window manager config +files etc. + +and yes: I am happy, that I can spell out the details +of these tasks in propellor/haskell. + +I just don't see the point of ensuring them again and again +with every spin of propellor, and I would want +to be able to run just this one task on the command line. + + +concerning +``` + Apt.update `period` Daily +``` +thanks, will have a look. +but I guess this is cron job (will see), +in general I think I will want to stick to my habit, that I want +to see what's going on (what is upgraded), thus prefer +to not run any cron jobs for apt upgrades + +My overall message / concern is: I don't want to completly change my +habits, just because I am using propellor + +I had the habit of installing my computers task by task + +I had the habit of logging in to one of my systems, and +doing apt-get update && apt-get upgrade + +I want my config tool to help me achieve things in my +way that I am used to. + + + + + +"""]] diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment new file mode 100644 index 00000000..144915df --- /dev/null +++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment @@ -0,0 +1,25 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 3""" + date="2015-04-14T19:42:22Z" + content=""" +[period](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-Scheduled.html) +is not a cron job, it just modifies the Property to only do anything +every so often. + +It's also possible to modify a Property so it only runs once. +[flagFile](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property.html#v:flagFile) +can be used to do that. + +But there are good reasons for propellor to default to checking all +Properties of a system each time: + +* It means that most Properties are idempotent, which has many good + features, like being able to recover from a crash. +* If a system no longer has a configured Property, to fix it back to having + the property it's supposed to have. +* Or, if it can't be fixed, to tell you with an error message in red. +* It keeps propellor mostly stateless; rather than having to record state + about how it thinks a system is, which could diverge from reality, + it just looks at how it actually is. +"""]] diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment new file mode 100644 index 00000000..ecd20630 --- /dev/null +++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment @@ -0,0 +1,44 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0" + nickname="Andreas" + subject="comment 4" + date="2015-04-15T10:15:17Z" + content=""" +Well thanks a lot, and yes I am learning: propellor has a lot +of powerful features under the hood already. + +I still remain sceptical for the time being: + +Propellor's overall approach seems: one spin of propellor does ensure +that a complete systems is properly installed (and then one can +declare exceptions: don't check this every time...). I can even see +how this is useful: if I where a sys admin with a huge farm of +systems, I wouldn't want to deal with half installed systems, but just +have propellor do a complete job. + +As far as I am only concerned with a few personal computers of mine, I +prefer to stick to my task by task approach, though, and for tasks +that come up reapeatedly (like keeping my apt cache + installed +packages up to date) that seems reasonable to me as well. - having +only a minimal required configuration for a host, and then building +upon that (I think/hope, you got the idea by now). The fact, that +this model is nicely supported by ansible, seems to suggest at least, +that this kind of reasoning/approach is not completely flawed. + +What is not 100% clear to me: if propellor could be bent to support my +kind of workflow: I would think that it's possible? (even though I +might not have the time to bend it that way myself). Or are there any +fundamental issues with it? + +What I am suggesting is: that propellor be at my disposal, +more as a library, and would not also impose a certain +command line interface / workflow on me. + +Anyway, you would certainly win me as a user (don't know +how much that counts, and cannot speak for other people's +needs). + +Thanks anyway. + Andreas + +"""]] diff --git a/doc/forum/propellor_with_no_central_repository__63__.mdwn b/doc/forum/propellor_with_no_central_repository__63__.mdwn new file mode 100644 index 00000000..5f322878 --- /dev/null +++ b/doc/forum/propellor_with_no_central_repository__63__.mdwn @@ -0,0 +1 @@ +Is there a way to use propellor with no central repository? diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment new file mode 100644 index 00000000..1f1456c5 --- /dev/null +++ b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-10-31T14:39:48Z" + content=""" +Not yet, but see [[todo/git_push_over_propellor_ssh_channel]] +"""]] diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment new file mode 100644 index 00000000..6a6aa946 --- /dev/null +++ b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment @@ -0,0 +1,9 @@ +[[!comment format=mdwn + username="joey" + subject="""yay!""" + date="2014-11-19T01:31:14Z" + content=""" +propellor now supports this mode by default, just use `propellor --spin +hostname` and the changes in the local repo will be pushed and deployed to +the host, w/o needing a centralized git repo. +"""]] diff --git a/doc/forum/property_combinator_ordering.mdwn b/doc/forum/property_combinator_ordering.mdwn new file mode 100644 index 00000000..25549bb4 --- /dev/null +++ b/doc/forum/property_combinator_ordering.mdwn @@ -0,0 +1,8 @@ +when I write + + setDistribution cfg = f `File.hasContent` cfg + `onChange` update + `requires` File.dirExists confDir + +is update called before ensuring the confiDir Exist ? +It seems to me but who knows ? diff --git a/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment new file mode 100644 index 00000000..c41abd90 --- /dev/null +++ b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment @@ -0,0 +1,31 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-12-01T15:53:11Z" + content=""" +I think that should behave intuitively, but of course if you're unsure +of this kind of thing, adding parens is a good way to disambiguate the +code. + + (f `File.hasContent` cfg `onChange` update) + `requires` File.dirExists confDir + +Written that way, it's explicit that the parenthesized part runs +together as one action. + +Or, we can do a quick test in ghci: + + joey@darkstar:~/src/propellor/src#joeyconfig>ghci Propellor.hs Propellor/Property.hs + *Propellor> let f1 = property "hasContent" (liftIO (print "f1") >> return MadeChange) + *Propellor> let f2 = property "update" (liftIO (print "f2") >> return MadeChange) + *Propellor> let f3 = property "dirExists" (liftIO (print "f3") >> return MadeChange) + *Propellor> runPropellor (Host "foo" [] mempty) $ ensureProperty $ f1 `onChange` f2 `requires` f3 + "dirExists" + "hasContent" + "update" + MadeChange + +So, yes, it's behaving as it should, first ensuring that the `requires` +property is met, and then running the main property, and since it made a +change, following up by running the `onChange` property. +"""]] diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn new file mode 100644 index 00000000..1fde595c --- /dev/null +++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn @@ -0,0 +1,290 @@ +I'm trying to get propellor running, and for now, I'd prefer +to not use a central git repo, according to what I have read + +``` + propellor --spin host +``` + +should do just that: not use git. + +So I have cabal installed propellor locally, and +in addition cloned + +``` + git clone git://propellor.branchable.com/ .propellor +``` + +in my $HOME + +My local machine (from where I run propellor) runs debian testing, the +machine I want to spin to: softland, debian unstable+experimental, +ie. unstable in general + all things ghc from experimental, to get ghc +7.8.4 (but not any more than that from experimental). + +was not sure, what the right propellor config would be in that case: + +``` +& os (System (Debian Experimental) "amd64") +``` +which I have used, or + +``` + & os (System (Debian Unstable) "amd64") +``` +because in general I want Unstable + + +First thing I notice, when running + + +``` +$ propellor --spin softland +``` + +propellor nevertheless tries to git push (but fails, obviously, +somewhere down in propellors output): + +``` +... +Building propellor-2.2.1... +Preprocessing library propellor-2.2.1... +In-place registering propellor-2.2.1... +Preprocessing executable 'propellor' for propellor-2.2.1... +Preprocessing executable 'propellor-config' for propellor-2.2.1... +Propellor build ... done +[master 8ca2715] propellor spin +Git commit ... done +Counting objects: 10, done. +Delta compression using up to 2 threads. +Compressing objects: 100% (8/8), done. +Writing objects: 100% (10/10), 913 bytes | 0 bytes/s, done. +Total 10 (delta 6), reused 0 (delta 0) +remote: you are not allowed to change config.hs +To git://propellor.branchable.com/ + ! [remote rejected] master -> master (pre-receive hook declined) +error: failed to push some refs to 'git://propellor.branchable.com/' +Push to central git repository ... failed +Stop listening request sent. +Hit http://ftp.uk.debian.org sid InRelease +Hit http://ftp.uk.debian.org experimental InRelease +Get:1 http://ftp.uk.debian.org sid/main amd64 Packages/DiffIndex [7,876 B] +... +``` + +Note in particular the lines: + +``` + To git://propellor.branchable.com/ + ! [remote rejected] master -> master (pre-receive hook declined) + error: failed to push some refs to 'git://propellor.branchable.com/' + Push to central git repository ... failed +``` + +Shouldn't propellor be completely quiet about git / +not try to push at all? + +OK, never mind, let's see what's next: some long +output, propellor finally fails, I assume it's because +of my sid+experimental configuration? + + +``` +Stop listening request sent. +Hit http://ftp.uk.debian.org sid InRelease +Hit http://ftp.uk.debian.org experimental InRelease +Get:1 http://ftp.uk.debian.org sid/main amd64 Packages/DiffIndex [7,876 B] +Get:2 http://ftp.uk.debian.org sid/contrib amd64 Packages/DiffIndex [7,819 B] +Get:3 http://ftp.uk.debian.org sid/non-free amd64 Packages/DiffIndex [7,819 B] +Get:4 http://ftp.uk.debian.org sid/contrib Translation-en/DiffIndex [7,819 B] +Get:5 http://ftp.uk.debian.org sid/main Translation-en/DiffIndex [7,876 B] +Get:6 http://ftp.uk.debian.org sid/non-free Translation-en/DiffIndex [7,819 B] +Get:7 http://ftp.uk.debian.org sid/main Sources [7,633 kB] +Get:8 http://ftp.uk.debian.org sid/contrib Sources [57.1 kB] +Get:9 http://ftp.uk.debian.org sid/non-free Sources [105 kB] +Get:10 http://ftp.uk.debian.org experimental/main Sources/DiffIndex [7,819 B] +Get:11 http://ftp.uk.debian.org experimental/contrib Sources/DiffIndex [7,819 B] +Get:12 http://ftp.uk.debian.org experimental/non-free Sources/DiffIndex [7,819 B] +Get:13 http://ftp.uk.debian.org experimental/main amd64 Packages/DiffIndex [7,819 B] +Get:14 http://ftp.uk.debian.org experimental/contrib amd64 Packages/DiffIndex [7,819 B] +Get:15 http://ftp.uk.debian.org experimental/contrib Translation-en/DiffIndex [7,819 B] +Get:16 http://ftp.uk.debian.org experimental/main Translation-en/DiffIndex [7,819 B] +Fetched 7,897 kB in 6s (1,169 kB/s) +Reading package lists... +Reading package lists... +Building dependency tree... +Reading state information... +Skipping gnupg, it is already installed and upgrade is not set. +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +Reading package lists... +Building dependency tree... +Reading state information... +Skipping ghc, it is already installed and upgrade is not set. +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +Reading package lists... +Building dependency tree... +Reading state information... +Skipping cabal-install, it is already installed and upgrade is not set. +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +Reading package lists... +Building dependency tree... +Reading state information... +Skipping libghc-async-dev, it is already installed and upgrade is not set. +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +Reading package lists... +Building dependency tree... +Reading state information... +Some packages could not be installed. This may mean that you have +requested an impossible situation or if you are using the unstable +distribution that some required packages have not yet been created +or been moved out of Incoming. +The following information may help to resolve the situation: +The following packages have unmet dependencies: + libghc-missingh-dev : Depends: libghc-hunit-dev-1.2.5.2-6e02e + Depends: libghc-array-dev-0.4.0.1-3b784 + Depends: libghc-base-dev-4.6.0.1-8aa5d + Depends: libghc-containers-dev-0.5.0.0-ab1da + Depends: libghc-directory-dev-1.2.0.1-91a78 + Depends: libghc-filepath-dev-1.3.0.1-b12cb + Depends: libghc-hslogger-dev-1.2.1-028cc + Depends: libghc-mtl-dev-2.1.2-94c72 + Depends: libghc-network-dev-2.4.1.2-040ce + Depends: libghc-old-locale-dev-1.0.0.5-6729c + Depends: libghc-old-time-dev-1.1.0.1-2f8ea + Depends: libghc-parsec-dev-3.1.3-6c6e2 + Depends: libghc-process-dev-1.1.0.2-76e05 + Depends: libghc-random-dev-1.0.1.1-43fdc + Depends: libghc-regex-compat-dev-0.95.1-121c7 + Depends: libghc-time-dev-1.4.0.1-10dc4 + Depends: libghc-unix-dev-2.6.0.1-4f219 +E: Unable to correct problems, you have held broken packages. +Reading package lists... +Building dependency tree... +Reading state information... +Some packages could not be installed. This may mean that you have +requested an impossible situation or if you are using the unstable +distribution that some required packages have not yet been created +or been moved out of Incoming. +The following information may help to resolve the situation: +The following packages have unmet dependencies: + libghc-hslogger-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d + Depends: libghc-containers-dev-0.5.0.0-ab1da + Depends: libghc-directory-dev-1.2.0.1-91a78 + Depends: libghc-mtl-dev-2.1.2-94c72 + Depends: libghc-network-dev-2.4.1.2-040ce + Depends: libghc-old-locale-dev-1.0.0.5-6729c + Depends: libghc-process-dev-1.1.0.2-76e05 + Depends: libghc-time-dev-1.4.0.1-10dc4 + Depends: libghc-unix-dev-2.6.0.1-4f219 +E: Unable to correct problems, you have held broken packages. +Reading package lists... +Building dependency tree... +Reading state information... +Some packages could not be installed. This may mean that you have +requested an impossible situation or if you are using the unstable +distribution that some required packages have not yet been created +or been moved out of Incoming. +The following information may help to resolve the situation: +The following packages have unmet dependencies: + libghc-unix-compat-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d + Depends: libghc-unix-dev-2.6.0.1-4f219 +E: Unable to correct problems, you have held broken packages. +Reading package lists... +Building dependency tree... +Reading state information... +Skipping libghc-ansi-terminal-dev, it is already installed and upgrade is not set. +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +Reading package lists... +Building dependency tree... +Reading state information... +Some packages could not be installed. This may mean that you have +requested an impossible situation or if you are using the unstable +distribution that some required packages have not yet been created +or been moved out of Incoming. +The following information may help to resolve the situation: +The following packages have unmet dependencies: + libghc-ifelse-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d +E: Unable to correct problems, you have held broken packages. +Reading package lists... +Building dependency tree... +Reading state information... +Skipping libghc-network-dev, it is already installed and upgrade is not set. +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +Reading package lists... +Building dependency tree... +Reading state information... +Skipping libghc-quickcheck2-dev, it is already installed and upgrade is not set. +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +Reading package lists... +Building dependency tree... +Reading state information... +Skipping libghc-mtl-dev, it is already installed and upgrade is not set. +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +Reading package lists... +Building dependency tree... +Reading state information... +Some packages could not be installed. This may mean that you have +requested an impossible situation or if you are using the unstable +distribution that some required packages have not yet been created +or been moved out of Incoming. +The following information may help to resolve the situation: +The following packages have unmet dependencies: + libghc-monadcatchio-transformers-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d + Depends: libghc-extensible-exceptions-dev-0.1.1.4-255a3 + Depends: libghc-monads-tf-dev-0.1.0.2-731f0 + Depends: libghc-transformers-dev-0.3.0.0-ff2bb +E: Unable to correct problems, you have held broken packages. +Downloading the latest package list from hackage.haskell.org +Skipping download: Local and remote files match. +Resolving dependencies... +All the requested packages are already installed: +Use --reinstall if you want to reinstall anyway. +Resolving dependencies... +Configuring propellor-2.2.1... +Building propellor-2.2.1... +Preprocessing library propellor-2.2.1... +In-place registering propellor-2.2.1... +Preprocessing executable 'propellor' for propellor-2.2.1... +Preprocessing excaecutable 'propellor-bal: can't find source for configconf in src +ig' for propellor-2.2.1... +propellor: user error (ssh ["-o","ControlPath=/home/rx/.ssh/propellor/softland.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@softland","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! test -x ./propellor; then ( apt-get update ; apt-get --no-upgrade --no-install-recommends -y install gnupg ; apt-get --no-upgrade --no-install-recommends -y install ghc ; apt-get --no-upgrade --no-install-recommends -y install cabal-install ; apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-missingh-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-network-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-quickcheck2-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-monadcatchio-transformers-dev ; cabal update ; cabal install --only-dependencies ) || true && cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot softland ; fi'"] exited 1) +rx@varenne ~/work/propellor $ +``` + +I should add, that I have tried to --spin to another +machine, and ... finally got that working: + + +``` + , host "laptop" + & os (System (Debian Testing) "amd64") +``` + +Not sure, if I need more than that, want to keep it to the +minimum first, anyway: + + +``` + propellor --spin laptop +``` + +this works, yeah - sorry for the noise, above - but still I get + + +``` +Git commit ... done +To git://propellor.branchable.com/ + ! [rejected] master -> master (fetch first) +error: failed to push some refs to 'git://propellor.branchable.com/' +hint: Updates were rejected because the remote contains work that you do +hint: not have locally. This is usually caused by another repository pushing +hint: to the same ref. You may want to first integrate the remote changes +hint: (e.g., 'git pull ...') before pushing again. +hint: See the 'Note about fast-forwards' in 'git push --help' for details. +Push to central git repository ... failed +``` + +Possible to turn off these git push attempts? + + +Thanks, + Andreas diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment new file mode 100644 index 00000000..cfe1750a --- /dev/null +++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment @@ -0,0 +1,29 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0" + nickname="Andreas" + subject="finally got it working" + date="2015-03-27T05:15:26Z" + content=""" +can spin to softland, my sid+experimental host now. + +with recent git://propellor.branchable.com/ updates +and have used: + +``` + & os (System (Debian Experimental) \"amd64\") +``` + +so sorry for the noise, still not sure about: + +* how to express my installation properly: + mostly unstable, ghc stuff from experimental + +* how to turn off the git push to branchable attempts + when just spinning to one of my mashines: + have set now: + ``` + git branch --unset-upstream + ``` + which shortcuts these attempts at least. + +"""]] diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment new file mode 100644 index 00000000..51c3fc53 --- /dev/null +++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 2""" + date="2015-03-30T23:22:17Z" + content=""" +Pushing to origin is needed when using propellor in the central git +repository deployment mode. So it makes sense for --spin to try to push. +If that push fails for some reason, it's not a fatal error, since propellor +--spin also does peer-to-peer pushes. + +I don't think I want to get into trying to determine if a particular origin +repo url is read-only or read-write. It can be hard to tell with eg +a https url. + +Why don't you just `git remote rename origin upstream`? If the remote +is not called origin, propellor will ignore it. +"""]] diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment new file mode 100644 index 00000000..ed34d6a7 --- /dev/null +++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment @@ -0,0 +1,13 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 3""" + date="2015-03-30T23:26:38Z" + content=""" +As to a mixed unstable/experimental machine, such a machine has a Property +of having somepackage installed from experimental. One way to represent +that is by defining a property: + +installedFromExperimental :: [Package] -> Property NoInfo +installedFromExperimental = Apt.installed' ["-y", "-texperimental"] + +"""]] diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment new file mode 100644 index 00000000..72b21450 --- /dev/null +++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment @@ -0,0 +1,16 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0" + nickname="Andreas" + subject="thanks a lot" + date="2015-04-06T21:11:46Z" + content=""" +thanks for your your commments (both of them), +and fair enough: have just renamed my origin remote to upstream, +will try your installedFromExperimental suggestion next. + + +I will have more questions about propellor, +but aske them in a different thread +(as they are not really about installation) + +"""]] diff --git a/doc/haskell_newbie.mdwn b/doc/haskell_newbie.mdwn index 24839b12..ec42629c 100644 --- a/doc/haskell_newbie.mdwn +++ b/doc/haskell_newbie.mdwn @@ -114,7 +114,8 @@ That's really all there is to configuring Propellor. Once you have a `config.hs` ready to try out, you can run `propellor --spin $host` on one of the hosts configured in it. -See the [[README]] for a further quick start. +See the [[README]] for a further quick start and [[Writing Properties]] +for guidance on extending propellor with your own custom properties. (If you'd like to learn a little Haskell after all, check out [Learn You a Haskell for Great Good](http://learnyouahaskell.com/).) diff --git a/doc/news/propellor_demo.mdwn b/doc/news/propellor_demo.mdwn new file mode 100644 index 00000000..362f56e6 --- /dev/null +++ b/doc/news/propellor_demo.mdwn @@ -0,0 +1,8 @@ +A quick demo of propellor. + +<video controls src="http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm"></video> + +[video](http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm) + +(Audio quality is clipped/fast in places, unfortunately this was a problem +with the source recording.) diff --git a/doc/news/version_1.2.2.mdwn b/doc/news/version_1.2.2.mdwn new file mode 100644 index 00000000..c10940fd --- /dev/null +++ b/doc/news/version_1.2.2.mdwn @@ -0,0 +1,4 @@ +propellor 1.2.2 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Revert ensureProperty warning message, too many false positives in places + where Info is correctly propigated. Better approach needed."""]]
\ No newline at end of file diff --git a/doc/news/version_1.3.0.mdwn b/doc/news/version_1.3.0.mdwn new file mode 100644 index 00000000..87abb2f7 --- /dev/null +++ b/doc/news/version_1.3.0.mdwn @@ -0,0 +1,17 @@ +propellor 1.3.0 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * --spin checks if the DNS matches any configured IP address property + of the host, and if not, sshes to the host by IP address. + * Detect #774376 and refuse to use docker if the system is so broken + that docker exec doesn't enter a chroot. + * Update intermediary propellor in --spin --via + * Added support for DNSSEC. + * Ssh.hostKey and Ssh.hostKeys no longer install public keys from + the privdata. Instead, the public keys are included in the + configuration. (API change) + * Ssh.hostKeys now removes any host keys of types that the host is not + configured to have. + * sshPubKey is renamed to Ssh.pubKey, and has an added SshKeyType + parameter. (API change) + * CloudAtCost.deCruft no longer forces randomHostKeys. + * Fix build with process 1.2.1.0."""]]
\ No newline at end of file diff --git a/doc/news/version_1.3.1.mdwn b/doc/news/version_1.3.1.mdwn new file mode 100644 index 00000000..74a39ac4 --- /dev/null +++ b/doc/news/version_1.3.1.mdwn @@ -0,0 +1,6 @@ +propellor 1.3.1 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Fix bug that prevented deploying ssh host keys when the file for the + key didn't already exist. + * DNS records for hosts with known ssh public keys now automatically + include SSHFP records."""]]
\ No newline at end of file diff --git a/doc/news/version_1.3.2.mdwn b/doc/news/version_1.3.2.mdwn new file mode 100644 index 00000000..77902008 --- /dev/null +++ b/doc/news/version_1.3.2.mdwn @@ -0,0 +1,5 @@ +propellor 1.3.2 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * SSHFP records are also generated for CNAMES of hosts. + * Merge Utiity modules from git-annex. + * Ignore bogus DNS when spinning the local host."""]]
\ No newline at end of file diff --git a/doc/news/version_2.3.0.mdwn b/doc/news/version_2.3.0.mdwn new file mode 100644 index 00000000..232ab49c --- /dev/null +++ b/doc/news/version_2.3.0.mdwn @@ -0,0 +1,13 @@ +propellor 2.3.0 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Make propellor resistent to changes to shared libraries, such as libffi, + which might render the propellor binary unable to run. This is dealt with + by checking the binary both when running propellor on a remote host, + and by Cron.runPropellor. If the binary doesn't work, it will be rebuilt. + * Note that since a new switch had to be added to allow testing the binary, + upgrading to this version will cause a rebuild from scratch of propellor. + * Added hasLoginShell and shellEnabled. + * debCdn changed to new httpredir.debian.org official replacement for + http.debian.net. + * API change: Added User and Group newtypes, and Properties that + used to use the type UserName = String were changed to use them."""]]
\ No newline at end of file diff --git a/doc/security.mdwn b/doc/security.mdwn index 12ae18de..831b2b41 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -29,7 +29,7 @@ in cleartext private data such as passwords, ssh private keys, etc. Instead, `propellor --spin $host` looks for a `~/.propellor/privdata/privdata.gpg` file and if found decrypts it, -extracts the private that that the $host needs, and sends it to to the +extracts the private data that the $host needs, and sends it to to the $host using ssh. This lets a host know its own private data, without seeing all the rest. diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment new file mode 100644 index 00000000..4ed9ecdb --- /dev/null +++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Is it ok to publish to a public repository?" + date="2014-08-29T21:13:19Z" + content=""" +It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong? + +Thanks +"""]] diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment new file mode 100644 index 00000000..4d209b03 --- /dev/null +++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="131.252.200.111" + subject="comment 2" + date="2014-08-29T21:52:02Z" + content=""" +--add-key puts your **public** key in the repository, not the private key. +"""]] diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment new file mode 100644 index 00000000..4d75842d --- /dev/null +++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Remote host fails to connect" + date="2014-08-30T06:40:33Z" + content=""" +Makes sense of course, but the message one gets when doing that is a bit misleading. + +I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because: + +1. the host key is not initially present in root's known_hosts, then +2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH + +I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore. + +Thanks for your help +"""]] diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment new file mode 100644 index 00000000..b2ac4d57 --- /dev/null +++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment @@ -0,0 +1,22 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Output from propellor --spin $host" + date="2014-08-30T07:17:52Z" + content=""" +Here is the output (truncated): + + + Permission denied (publickey). + fatal: Could not read from remote repository. + + Please make sure you have the correct access rights + and the repository exists. + Git fetch ... failed + fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree. + Use '--' to separate paths from revisions, like this: + 'git <command> [<revision>...] -- [<file>...]' + propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128) + + +"""]] diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment new file mode 100644 index 00000000..cc26f42d --- /dev/null +++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment @@ -0,0 +1,13 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Got it working..." + date="2014-08-31T12:50:17Z" + content=""" +OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations: + +* Use a https:// based url for the first +* Use a git:// based url for the second + +I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url. +"""]] diff --git a/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment new file mode 100644 index 00000000..be8ac7f9 --- /dev/null +++ b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment @@ -0,0 +1,11 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 6""" + date="2014-11-19T01:35:59Z" + content=""" +@Arnaud, see [[centralized_repository]], including its documentation of a +"deploy" remote, which can be used to configure the url that remote hosts +should pull from. + +Also, propellor can be used now without any centralized repository. +"""]] diff --git a/doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment b/doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment new file mode 100644 index 00000000..e9d20642 --- /dev/null +++ b/doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawkgUir7k_amh9RFp4D3QutX1fGh_nd7ko4" + nickname="Philipp" + subject="Passwords in PrivData" + date="2014-12-13T18:25:23Z" + content=""" +I wonder if there could be a shortcut in PrivData handling that hashes the input with crypt() instead of passing it raw to a machine. For instance passwords are stored in plain on the target machines, while this is not required to set the password in shadow: the hash would suffice. I think this page should at least spell out that fact. +"""]] diff --git a/doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn b/doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn new file mode 100644 index 00000000..7a59fc20 --- /dev/null +++ b/doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn @@ -0,0 +1,8 @@ +If Ssh.authorizedKey in propellor 2.0.0 is used to create .ssh/authorized_keys for +a user other than root, it will be owned by root:root and won't +work for the user. Adding a key to an existing authorized_keys +file doesn't change its ownership and therefore works fine. + +-- weinzwang + +> Thanks, [[fixed|done]] this and will make a release. diff --git a/doc/todo/Wishlist:_User.hasLoginShell.mdwn b/doc/todo/Wishlist:_User.hasLoginShell.mdwn new file mode 100644 index 00000000..cf8aa73c --- /dev/null +++ b/doc/todo/Wishlist:_User.hasLoginShell.mdwn @@ -0,0 +1,9 @@ +As far as I can tell there is no easy way to set a user's +login shell. A Property User.hasLoginShell, which ensures +that a user has a specified login shell and that said shell +is in /etc/shells would be really helpful. Sadly, I lack the +skills to put this together myself :( + +-- weinzwang + +> patched in and so [[done]] --[[Joey]] diff --git a/doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment b/doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment new file mode 100644 index 00000000..52043406 --- /dev/null +++ b/doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment @@ -0,0 +1,59 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2015-04-19T16:07:24Z" + content=""" +Propellor makes it very easy to put together a property like this. + +Let's start with a property that combines the two properties you mentioned: + + hasLoginShell :: UserName -> FilePath -> Property + hasLoginShell user shell = shellSetTo user shell `requires` shellEnabled shell + +The shellEnabled property can be easily written using propellor's file +manipulation properties. + + -- Need to add an import to the top of the source file. + import qualified Propellor.Property.File as File + + shellEnabled :: FilePath -> Property + shellEnabled shell = "/etc/shells" `File.containsLine` shell + +And then, we want to actually change the user's shell. The `chsh(1)` +program can do that, so we can simply tell propellor the command line to +run: + + shellSetTo :: UserName -> FilePath -> Property + shellSetTo user shell = cmdProperty "chsh" ["--shell", shell, user] + +The only remaining problem with this is that shellSetTo runs chsh every +time, and propellor will always display that it's made a change each time +it runs, even when it didn't really do much. Now, there's an easy way to +avoid that problem, we could just tell propellor that it's a trivial +property, and then it will run chsh every time and not think it made any +change: + + shellSetTo :: UserName -> FilePath -> Property + shellSetTo user shell = trivial $ + cmdProperty "chsh" ["--shell", shell, user] + +But, it's not much harder to do this right. Let's make the property +check if the user's shell is already set to the desired value and avoid +doing anything in that case. + + shellSetTo :: UserName -> FilePath -> Property + shellSetTo user shell = check needchangeshell $ + cmdProperty "chsh" ["--shell", shell, user] + where + needchangeshell = do + currshell <- userShell <$> getUserEntryForName user + return (currshell /= shell) + +And that will probably all work, although I've not tested it. You might +want to throw in some uses of `describe` to give the new properties +more useful descriptions. + +I hope this has been helpful as an explanation of how to add properties to +Propellor, and if you get these properties to work, a patch adding them +to Propellor.User would be happily merged. +"""]] diff --git a/doc/todo/bytes_in_privData__63__.mdwn b/doc/todo/bytes_in_privData__63__.mdwn new file mode 100644 index 00000000..27297fd5 --- /dev/null +++ b/doc/todo/bytes_in_privData__63__.mdwn @@ -0,0 +1,17 @@ +It seems like I can't set the content of a PrivFile to arbitrary bytes. + + $ propellor --set 'PrivFile "mysecret.key"' 'mycontext' < ~/mysecret.key + find . | grep -v /.git/ | grep -v /tmp/ | grep -v /dist/ | grep -v /doc/ | egrep '\.hs$' | xargs hothasktags | perl -ne 'print; s/Propellor\.Property\.//; print' | sort > tags 2>/dev/null || true + cabal build + Building propellor-2.2.1... + Preprocessing library propellor-2.2.1... + In-place registering propellor-2.2.1... + Preprocessing executable 'propellor' for propellor-2.2.1... + Preprocessing executable 'propellor-config' for propellor-2.2.1... + [70 of 70] Compiling Main ( src/config.hs, dist/build/propellor-config/propellor-config-tmp/Main.o ) + Linking dist/build/propellor-config/propellor-config ... + ln -sf dist/build/propellor-config/propellor-config propellor + + + Enter private data on stdin; ctrl-D when done: + propellor: <stdin>: hGetContents: invalid argument (invalid byte sequence) diff --git a/doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment b/doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment new file mode 100644 index 00000000..5c1508fd --- /dev/null +++ b/doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment @@ -0,0 +1,19 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2015-04-20T01:04:26Z" + content=""" +I imagine that adding `fileEncoding stdin` to setPrivData will fix +this crash, but I'd expect there are also other problems with encodings +for privdata that haskell doesn't like. Similar fixes would probably +be needed in several other places. + +Probably cleaner and better to convert +`PrivData` from a String to a ByteString, and so avoid encodings +being applied to it. I think this could be done without changing the +file format; the privdata file uses Read/Show for serialization, +and happily ByteString uses the same Read/Show format as String does. + +So, changing the type and following the compile errors should get you +there, I think! +"""]] diff --git a/doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment b/doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment new file mode 100644 index 00000000..10ff956a --- /dev/null +++ b/doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 2" + date="2015-04-21T12:59:42Z" + content=""" +Would you accept a patch converting PrivData from String to ByteString? +"""]] diff --git a/doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment b/doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment new file mode 100644 index 00000000..a1c7f62f --- /dev/null +++ b/doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 3""" + date="2015-04-21T16:52:06Z" + content=""" +Absolutely. Thought that went w/o saying. ;) +"""]] diff --git a/doc/todo/bytes_in_privData__63__/comment_4_f34a8f82c7bce7224e4edc59410c741f._comment b/doc/todo/bytes_in_privData__63__/comment_4_f34a8f82c7bce7224e4edc59410c741f._comment new file mode 100644 index 00000000..bd7a0618 --- /dev/null +++ b/doc/todo/bytes_in_privData__63__/comment_4_f34a8f82c7bce7224e4edc59410c741f._comment @@ -0,0 +1,19 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 4" + date="2015-04-23T09:21:07Z" + content=""" +I tried to do the conversion, but then it started a kind of chain reaction... (PrivData=ByteString to writeFileProtected to Line=ByteString to ... to readProcess to ...) Should I use FilePath=String? ... To be honest, the patch became a lot bigger that what I am comfortable with. :-) + +I guess you should have a look at it... + +At least, I think there is a type bug in Propellor.Property.File: + + hasPrivContent' :: (IsContext c, IsPrivDataSource s) => (String -> FilePath -> IO ()) -> s -> FilePath -> c -> Property HasInfo + +but it should be + + hasPrivContent' :: (IsContext c, IsPrivDataSource s) => (FilePath -> String -> IO ()) -> s -> FilePath -> c -> Property HasInfo + +(it is hidden by FilePath = String) +"""]] diff --git a/doc/todo/bytes_in_privData__63__/comment_5_f4db6ffad054feb7eb299708fcd7d05c._comment b/doc/todo/bytes_in_privData__63__/comment_5_f4db6ffad054feb7eb299708fcd7d05c._comment new file mode 100644 index 00000000..45c97b97 --- /dev/null +++ b/doc/todo/bytes_in_privData__63__/comment_5_f4db6ffad054feb7eb299708fcd7d05c._comment @@ -0,0 +1,15 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 5""" + date="2015-04-23T13:25:50Z" + content=""" +Can you put the patch up somewhere? I'll take a look. Might see a way to +short-curcuit the bytestring before everything becomes one.. + +One way might be: + + writeFileProtected :: FileContent content => FilePath -> content -> IO () + +Which would also at least partly avoid foot-shooting over which parameter is which. +(Fixed that type signature.) +"""]] diff --git a/doc/todo/bytes_in_privData__63__/comment_6_545e1c26a042b9f8347496a1bfb61548._comment b/doc/todo/bytes_in_privData__63__/comment_6_545e1c26a042b9f8347496a1bfb61548._comment new file mode 100644 index 00000000..29b07e5c --- /dev/null +++ b/doc/todo/bytes_in_privData__63__/comment_6_545e1c26a042b9f8347496a1bfb61548._comment @@ -0,0 +1,48 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 6""" + date="2015-04-28T19:24:12Z" + content=""" +I've followed the same path in the wip-bytestring-privdata branch. + +It needs to round trip through String anyway to handle Read/Show +serialization the same as before. I think this is doable without falling +over on invalid encodings, but it's certianly ugly. + +And yeah, changing Line to ByteString and all the other follow-on changes +just don't seem right. Everything that uses withPrivData would need to deal +with it being a ByteString, and would need to worry about encoding problems +when it needed to convert to a String, or Text, or whatever. + +So this feels like kicking the can down the road in the wrong direction... + +---- + +Maybe it would be better to handle this by adding a type to wrap up an +encoded ByteString in the PrivData. Could use base64 or something like +that for the encoding. Then only consumers of these ByteStrings would be a +little complicated by needing to unwrap it. + +Then it would be handly to give --set, --dump and --edit some +special handling of fields encoded like that. They could operate on raw +ByteStrings when handling such fields, and take care of the encoding +details. + +Add a new constructor to PrivDataField for binary files: + + | PrivBinaryFile FilePath + +And a function to get the encoder and decoder: + + type Encoder = ByteString -> PrivData + type Decoder = PrivData -> ByteString + + privDataEncoding :: PrivDataField -> Maybe (Encoder, Decoder) + +Then --set, --dump, and --edit could use that to encode and decode the +data. + +And finally, a `withBinaryPrivData` that uses ByteString. + +(Maybe this could be made more type safe though..) +"""]] diff --git a/doc/todo/docker_todo_list.mdwn b/doc/todo/docker_todo_list.mdwn index 72ded426..1321445d 100644 --- a/doc/todo/docker_todo_list.mdwn +++ b/doc/todo/docker_todo_list.mdwn @@ -1,5 +1,3 @@ * There is no way for a property of a docker container to require some property be met outside the container. For example, some servers need ntp installed for a good date source. -* The SimpleSh was added before `docker exec` existed, and could probably - be eliminated by using that. diff --git a/doc/todo/editor_for_privdata__63__.mdwn b/doc/todo/editor_for_privdata__63__.mdwn new file mode 100644 index 00000000..8b91338c --- /dev/null +++ b/doc/todo/editor_for_privdata__63__.mdwn @@ -0,0 +1,4 @@ +Would adding a way to call $EDITOR to edit privdata be possible? +It would make sense for editing data like logcheck files. + +> [[done]] diff --git a/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment new file mode 100644 index 00000000..bbe93fe3 --- /dev/null +++ b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment @@ -0,0 +1,9 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + subject="comment 2" + date="2014-11-11T21:16:09Z" + content=""" +Already exists in `propellor --edit` + +Documentation patches accepted! :) +"""]] diff --git a/doc/todo/etckeeper.mdwn b/doc/todo/etckeeper.mdwn new file mode 100644 index 00000000..7dc80cef --- /dev/null +++ b/doc/todo/etckeeper.mdwn @@ -0,0 +1 @@ +It would be cool to have an etckeeper module :-). diff --git a/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment new file mode 100644 index 00000000..f080f70e --- /dev/null +++ b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment @@ -0,0 +1,9 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-11-06T15:46:56Z" + content=""" +All I've needed for this is `& Apt.installed ["etckeeper"]` + +Patches welcome, I suppose. +"""]] diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn new file mode 100644 index 00000000..046f4a6f --- /dev/null +++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn @@ -0,0 +1,3 @@ +Sometimes I forget to commit a modification, and running "propellor --spin" automatically commits this stuff. It would be better if "propellor --spin" failed (or, even better, warned the user) that there are uncommited changes, and "propellor --spin" would just always add an empty commit. + +> --merge added; [[done]] --[[Joey]] diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment new file mode 100644 index 00000000..19b2fab6 --- /dev/null +++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment @@ -0,0 +1,30 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-11-23T18:41:40Z" + content=""" +Letting --spin commit is part of my workflow. It's great when you're just +changing config.hs to quickly blast out the changes. + +Granted, it is not so nice when doing Property development, as changes get +fragmented across the spins used to test them. I'd be happy to find some +way to improve that. Perhaps a way could be found to get this structure of +git commits: + + manual commit------------------------->manual commit--merge + \--spin--spin--spin--spin--spin------------/ + +Where the second manual commit has an identical tree committed as does the +spin just underneath it, and so the following merge doesn't change any files, +just grafts the two branches back together. + +I guess that could be handled by haing a checkpoint command, that squashes +all the previous spins since the last checkpoint together into one commit, +lets the user edit the commit message of that, and the juggles the branches +into place and creates the merge commit -- which then becomes the new last +checkpoint. + +I'll take patches for such a thing, or more simply a way to configure --spin's +auto-committing behavior. However, I don't want to change the default +behavior to not commit. +"""]] diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment new file mode 100644 index 00000000..3e8e5f62 --- /dev/null +++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 2" + date="2014-11-23T20:23:24Z" + content=""" +Your solution seems a lot better :-). +"""]] diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment new file mode 100644 index 00000000..8ad6ab49 --- /dev/null +++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment @@ -0,0 +1,19 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 3""" + date="2014-11-23T21:12:19Z" + content=""" +Here's a almost-script to do it, which worked when it did it by hand: + +<pre> +get old-head (git show-ref HEAD -s) +get curr-branch (refs/heads/master eg) +find old-commit (look back through git log for the first commit that was not "propellor spin") +git reset old-commit +git commit -a # user gets to edit commit message for all the spins and any staged changes here +git merge -S -s ours old-head +get current-commit (result of merge) +git update-ref curr-branch current-commit +git checkout curr-branch +</pre> +"""]] diff --git a/doc/todo/git_push_over_propellor_ssh_channel.mdwn b/doc/todo/git_push_over_propellor_ssh_channel.mdwn new file mode 100644 index 00000000..c6d42fcf --- /dev/null +++ b/doc/todo/git_push_over_propellor_ssh_channel.mdwn @@ -0,0 +1,13 @@ +Propellor currently needs a central git server. And it has a special-cased +protocol during bootstrap that transfers the git repo over to a new host, +using the ssh connection that will be used to run propellor. + +This could be improved by making a git push be done whenever +`propellor spin $host` runs. The remote propellor runs `git receive-pack`; +the local one runs `git send-pack`. + +Then there would be no need for a central git repo. Although still very +useful if you have multiple propellor driven hosts and you want to just git +commit and let cron sort them out. + +> [[done]]! --[[Joey]] diff --git a/doc/todo/info_propigation_out_of_nested_properties.mdwn b/doc/todo/info_propigation_out_of_nested_properties.mdwn index e6427069..536d6719 100644 --- a/doc/todo/info_propigation_out_of_nested_properties.mdwn +++ b/doc/todo/info_propigation_out_of_nested_properties.mdwn @@ -1,36 +1,97 @@ > Now [[fixed|done]]!! --[[Joey]] -Currently, Info about a Host's Properties is manually gathered and -propigated. propertyList combines the Info of the Properties in the list. -Docker.docked extracts relevant Info from the Properties of the container -(but not al of it, intentionally!). +Currently, Info about a Host's Properties is propigated to the host by +examining the tree of Properties. -This works, but it's error-prone. Consider this example: +This works, but there's one problem. Consider this example: withOS desc $ \o -> case o of (Just (System (Debian Unstable) _)) -> ensureProperty foo _ -> ensureProperty bar Here, the Info of `foo` is not propigated out. Nor is `bar`'s Info. -Of course, only one of them will be run, and only its info should be propigated -out.. +It's not really clear if just one Info, or both should be propigated out. -This commonly afflicts eg, privData. For example, `User.hasPassword'` -has this problem, and this prevents --list-fields from listing privdata -that's not set from that property. +---- One approach might be to make the Propellor monad be able to be run in two -modes. In one mode, it actually perform IO, etc. In the other mode, all -liftIO is a no-op, but all Info encountered is accumulated using a Reader -monad. This might need two separate monad definitions. +modes. In run mode, it actually performs IO, etc. In introspection mode, all +liftIO is a no-op, but all Info encountered is accumulated using a Reader. +This might need two separate monad definitions. -That is surely doable, but the withOS example above shows a problem with it -- -the OS is itself part of a Host's info, so won't be known until all its -properties have been examined for info! +That is surely doable, but consider this example: -Perhaps that can be finessed. We don't really need to propigate out OS info. -Just DNS and PrivDataField Info. So info could be collected in 2 passes, -first as it's done now by static propertyInfo values. Then take that -and use it as the Info when running the Properties in the Reader monad. -Combine what the Reader accumulates with the static info to get the full -info. + property "demo" = do + needfoo <- liftIO checkFoo + if needfoo + then ensureProperty foo + else ensureProperty . bar =<< liftIO (getBarParam) + +In introspection mode, the liftIO is a no-op, but needs to return a Bool. +That seems unlikely (how to pick which?), but even if some defaulting is +used, only one of foo or bar's info will be seen. + +Worse, the bar property is not fully known until IO can be performed to get +its parameter. + +---- + +Another approach could be something like this: + + withInfoFrom foo $ \callfoo -> + withInfoFrom bar $ \callbar -> + property "demo" = do + needfoo <- liftIO checkFoo + if needfoo + then callfoo + else callbar + +Here withInfoFrom adds foo and bar as child properties of the demo property +that (may) call them. + +This approach is not fully type safe; it would be possible to call +withInfoFrom in a way that didn't let it propigate the info. + +And again this doesn't solve the problem that IO can be needed to get +a parameter of a child property. + +---- + +Another approach would be to add a new SimpleProperty, which is a property +that has no Info. Only allow calling ensureProperty on this new type. + +(Or, remove propertyInfo from Property, and add a new InfoProperty that +has the info.) + +But, propertyList can only contain one type at a time, +not a mixed list of Property and SimpleProperty. + +Could a GADT be used instead? + + {-# LANGUAGE GADTs #-} + {-# LANGUAGE EmptyDataDecls #-} + + data HasInfo + data NoInfo + + data Property = IProperty (GProperty HasInfo) | SProperty (GProperty NoInfo) + + data GProperty i where + GIProperty :: Desc -> Propellor Result -> Info -> GProperty HasInfo + GSProperty :: Desc -> Propellor Result -> GProperty NoInfo + + ensureProperty :: GProperty NoInfo -> Propellor Result + ensureProperty (GSProperty d r) = r + +That works. I made a `gadtwip` git branch that elaborated on that, +to the point that Property.File compiles, but is otherwise +unfinished. Most definitions of `Property` need to be changed to +`GProperty NoInfo`, so that ensureProperty can call them. It's a big, +intrusive change, and it may complicate propellor too much. + +I've tried to make this change a couple times now, and not been completely +successful so far. + +(I may need to make instances of Prop for `GProperty NoInfo` and `GProperty +HasInfo`, if that's possible, and make more Property combinators work on +Prop.) diff --git a/doc/todo/issue_after_upgrading_shared_library.mdwn b/doc/todo/issue_after_upgrading_shared_library.mdwn new file mode 100644 index 00000000..52e72d4a --- /dev/null +++ b/doc/todo/issue_after_upgrading_shared_library.mdwn @@ -0,0 +1,25 @@ +After upgrading my server to jessie, I noticed that propellor does not work anymore. The issue seems to be that, libffi was upgraded from libffi5:amd64 to libffi6:amd64 + + $ ./propellor --spin myserver + Building propellor-2.2.1... + Preprocessing library propellor-2.2.1... + In-place registering propellor-2.2.1... + Preprocessing executable 'propellor' for propellor-2.2.1... + Preprocessing executable 'propellor-config' for propellor-2.2.1... + Propellor build ... done + + You need a passphrase to unlock the secret key for + user: bla + + [master 2aabb40] propellor spin + Git commit ... done + Counting objects: 1, done. + Writing objects: 100% (1/1), 852 bytes | 0 bytes/s, done. + Total 1 (delta 0), reused 0 (delta 0) + To root@myserver:/var/lib/git/private/propellor.git + b16f1a6..2aabb40 master -> master + Push to central git repository ... done + ./propellor: error while loading shared libraries: libffi.so.5: cannot open shared object file: No such file or directory + propellor: user error (ssh ["-o","ControlPath=/home/myuser/.ssh/propellor/myserver.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@myserver","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! test -x ./propellor; then ( apt-get update ; apt-get --no-upgrade --no-install-recommends -y install gnupg ; apt-get --no-upgrade --no-install-recommends -y install ghc ; apt-get --no-upgrade --no-install-recommends -y install cabal-install ; apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-missingh-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-network-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-quickcheck2-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-monadcatchio-transformers-dev ; cabal update ; cabal install --only-dependencies ) || true && cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot myserver ; fi'"] exited 127) + +> [[fixed|done]] --[[Joey]] diff --git a/doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment b/doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment new file mode 100644 index 00000000..77c7df83 --- /dev/null +++ b/doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment @@ -0,0 +1,20 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2015-04-02T01:14:06Z" + content=""" +I think I saw this once myself (have no servers older than jessie left +now). + +I believe the problem can be worked around by running make clean +in /usr/local/propellor on the server. + +I'm not clear yet on a good way for --spin to detect that propellor +has failed due to this, rather than some other problem, and try +a clean and rebuild. + +Hmm, xmonad should have a similar problem, since it builds a haskell +program locally. I wonder how the debian package deals with it there. + +Note there's a libffi6, so this will presumably happen again.. +"""]] diff --git a/doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment b/doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment new file mode 100644 index 00000000..3f7a7bbc --- /dev/null +++ b/doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="gueux" + subject="comment 2" + date="2015-04-02T09:24:07Z" + content=""" +Indeed, \"make clean\" on the server worked. I don't know it could be made more robust to this kind of upgrade... +"""]] diff --git a/doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment b/doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment new file mode 100644 index 00000000..bc89ad7f --- /dev/null +++ b/doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 2""" + date="2015-04-02T14:27:26Z" + content=""" +So I thought of two approaches. + +1. Propellor could copy in all the shared libraries. It already contains + code to do this. But, this would add overhead to every build. And it + might not guard against all snafus. + +2. Make propellor --check that should exit 0. Make --spin check that + propellor works and rebuild if not. Also make the runPropellor cron job + do that. + +I've gone with option #2. +"""]] diff --git a/doc/todo/lxc_containers_support.mdwn b/doc/todo/lxc_containers_support.mdwn new file mode 100644 index 00000000..5e9da306 --- /dev/null +++ b/doc/todo/lxc_containers_support.mdwn @@ -0,0 +1 @@ +Adding lxc containers support would be great, as an alternative to docker, chroot, or systemd containers. diff --git a/doc/todo/port_info_for_properties_for_firewall.mdwn b/doc/todo/port_info_for_properties_for_firewall.mdwn new file mode 100644 index 00000000..efaaba05 --- /dev/null +++ b/doc/todo/port_info_for_properties_for_firewall.mdwn @@ -0,0 +1,24 @@ +The firewall module could be improved if properties that set up a service +on a port included info (see Propellor.Info and Propellor.Types.Info) +about the port(s) used. + +While currently the ports have to be explicitly listed: + + & Apache.installed + & Firewall.installed + & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 80)) + & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 443)) + +Instead the ports would be derived from the installed services. + + & Apache.installed + & Firewall.installed + +There could also be some combinators to adjust the exposed +ports of a property. + + & localOnly Apache.installed + & exposedPorts [443,80] (Apt.serviceInstalledRunning "apache2") + +Such port enformation is also going to be needed as a basis of +[[type_level_port_conflict_detection]]. --[[Joey]] diff --git a/doc/todo/publish_propellor_as_library_to_hackage.mdwn b/doc/todo/publish_propellor_as_library_to_hackage.mdwn new file mode 100644 index 00000000..709ee35b --- /dev/null +++ b/doc/todo/publish_propellor_as_library_to_hackage.mdwn @@ -0,0 +1,4 @@ +Currently, AFAIK, one needs to fork propellor repo, add its own configuration and compile propellor binary from all the source tree. +It would be handy and more modular to allow one to have a propellor configuration linked to propellor as a library, hosted on hackage. + +> [[done]] --[[Joey]] diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment new file mode 100644 index 00000000..8d56f0f1 --- /dev/null +++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment @@ -0,0 +1,27 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2015-02-28T15:01:24Z" + content=""" +Unusual as it is for propellor's configuration git repo to include the full +source code to propellor, I like this approach. It lets users change any +existing property that is not generic enough, or makes assumptions they +don't like, or needs porting to their OS of choice. + +But still, propellor is +[on hackage](http://hackage.haskell.org/package/propellor), as +a library. It can be used that way if you want to. + +I don't think that any of propellor's code cares how it's distributed, +except for src/wrapper.hs (which cabal will install as +~/.cabal/bin/propellor), which sets up the ~/.propellor/ repository. You +can bypass using that wrapper if you like, and cabal install propellor and +create your own ~/.propellor/ repository containing only your own +config.hs, and build and use propellor that way. + +Where that approach becomes a problem is that propellor --spin currently +relies on propellor's Makefile being in the repository, when bootstrapping +propellor on a remote host. So you'll need to include a copy of that in +your repo for --spin to work. I'd like to get rid of the need for the +Makefile. (Only the build and deps targets are used by --spin.) +"""]] diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment new file mode 100644 index 00000000..af61b1db --- /dev/null +++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 2""" + date="2015-02-28T17:08:28Z" + content=""" +Ok, I got --spin to not use the Makefile any more. So with the 2.2.0 +release, if you want to make ~/.propellor contain only a config.hs +file and a foo.cabal file, that will work. The cabal file would contain +something like: + +<pre> +Executable propellor-config + Main-Is: config.hs + GHC-Options: -Wall -threaded -O0 + Build-Depends: propellor, base >= 4.5, base < 5 +</pre> +"""]] diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment new file mode 100644 index 00000000..09628e53 --- /dev/null +++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="You rocks!" + date="2015-03-05T15:24:49Z" + content=""" +Apologies for wrong information, I did not check if propellor was on hackage. Anyway, thanks a lot for caring to \"fix\" that, will give it a try this week and keep you posted. + +Thanks a lot +"""]] diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment new file mode 100644 index 00000000..737e7066 --- /dev/null +++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Propellor 2.2.0 not on hackage" + date="2015-03-08T20:21:42Z" + content=""" +So I cannot depend on it right now. Do you know when it will be available there? +"""]] diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment new file mode 100644 index 00000000..85f95c17 --- /dev/null +++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 5""" + date="2015-03-09T17:00:35Z" + content=""" +SImply because 2.2.0 had not been released yet. (UNRELEASED in +changelog..) +"""]] diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment new file mode 100644 index 00000000..143f1dea --- /dev/null +++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="comment 6" + date="2015-03-10T06:28:52Z" + content=""" +Sorry, I did not read the changelog. Thanks for all the hard work on propellor. +"""]] diff --git a/doc/todo/type_level_port_conflict_detection.mdwn b/doc/todo/type_level_port_conflict_detection.mdwn new file mode 100644 index 00000000..5aec5775 --- /dev/null +++ b/doc/todo/type_level_port_conflict_detection.mdwn @@ -0,0 +1,5 @@ +See <http://stackoverflow.com/questions/26027765/using-types-to-prevent-conflicting-port-numbers-in-a-list> --[[Joey]] + +Needs ghc newer than 7.6.3. It may be possible to port Data.Type.Equality +and Data.Type.Bool to older versions; I got them to compile but they didn't +work right. --[[Joey]] diff --git a/doc/writing_properties.mdwn b/doc/writing_properties.mdwn new file mode 100644 index 00000000..c7183e09 --- /dev/null +++ b/doc/writing_properties.mdwn @@ -0,0 +1,82 @@ +Propellor comes with a lot of properties you can use. But eventually, +you'll want to write a property of your own. + +This isn't hard. Often propellor has some properties you can use to build +the property you want. Need to modify the content of a file? Use any of +the properties in +[Propellor.Property.File](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-File.htm) +Need to run some commands? Use [Propellor.Property.Cmd](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-Cmd.html). + +To combine properties, the easiest way is to use `requires`. + + someproperty `requires` otherproperty + +[Propellor.Property.List](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-List.html) +has a `propertyList` combinator that's also useful. + +[Propellor.Property](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property.html) +has some other functions to modify Properties in useful ways. +For example, `check` makes a Property call an `IO Bool` to check if the +Property needs be run. + +## example: User.hasLoginShell + +> As far as I can tell there is no easy way to set a user's +> login shell. A Property User.hasLoginShell, which ensures +> that a user has a specified login shell and that said shell +> is in /etc/shells would be really helpful. Sadly, I lack the +> skills to put this together myself :( -- weinzwang + +Propellor makes it very easy to put together a property like this. + +Let's start with a property that combines the two properties you mentioned: + + hasLoginShell :: UserName -> FilePath -> Property + hasLoginShell user shell = shellSetTo user shell `requires` shellEnabled shell + +The shellEnabled property can be easily written using propellor's file +manipulation properties. + + -- Need to add an import to the top of the source file. + import qualified Propellor.Property.File as File + + shellEnabled :: FilePath -> Property + shellEnabled shell = "/etc/shells" `File.containsLine` shell + +And then, we want to actually change the user's shell. The `chsh(1)` +program can do that, so we can simply tell propellor the command line to +run: + + shellSetTo :: UserName -> FilePath -> Property + shellSetTo user shell = cmdProperty "chsh" ["--shell", shell, user] + +The only remaining problem with this is that shellSetTo runs chsh every +time, and propellor will always display that it's made a change each time +it runs, even when it didn't really do much. Now, there's an easy way to +avoid that problem, we could just tell propellor that it's a trivial +property, and then it will run chsh every time and not think it made any +change: + + shellSetTo :: UserName -> FilePath -> Property + shellSetTo user shell = trivial $ + cmdProperty "chsh" ["--shell", shell, user] + +But, it's not much harder to do this right. Let's make the property +check if the user's shell is already set to the desired value and avoid +doing anything in that case. + + shellSetTo :: UserName -> FilePath -> Property + shellSetTo user shell = check needchangeshell $ + cmdProperty "chsh" ["--shell", shell, user] + where + needchangeshell = do + currshell <- userShell <$> getUserEntryForName user + return (currshell /= shell) + +And that will probably all work, although I've not tested it. You might +want to throw in some uses of `describe` to give the new properties +more useful descriptions. + +I hope this has been helpful as an explanation of how to add properties to +Propellor, and if you get these properties to work, a patch adding them +to Propellor.User would be happily merged. |