diff options
Diffstat (limited to 'doc')
21 files changed, 195 insertions, 1 deletions
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn new file mode 100644 index 00000000..0815b4b3 --- /dev/null +++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn @@ -0,0 +1 @@ +How can I modify the configuration of a managed host (which seems to be stored in /usr/local/propellor/.git/config) from the host on which I run propellor? diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment new file mode 100644 index 00000000..f034a377 --- /dev/null +++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-10-31T14:40:33Z" + content=""" +I'm curious what you need to configure there.. + +But, there seems to be a simple solution: Add a Property that configures +the .git/config however you need to! :) +"""]] diff --git a/doc/forum/propellor_with_no_central_repository__63__.mdwn b/doc/forum/propellor_with_no_central_repository__63__.mdwn new file mode 100644 index 00000000..5f322878 --- /dev/null +++ b/doc/forum/propellor_with_no_central_repository__63__.mdwn @@ -0,0 +1 @@ +Is there a way to use propellor with no central repository? diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment new file mode 100644 index 00000000..1f1456c5 --- /dev/null +++ b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-10-31T14:39:48Z" + content=""" +Not yet, but see [[todo/git_push_over_propellor_ssh_channel]] +"""]] diff --git a/doc/news/propellor_demo.mdwn b/doc/news/propellor_demo.mdwn new file mode 100644 index 00000000..362f56e6 --- /dev/null +++ b/doc/news/propellor_demo.mdwn @@ -0,0 +1,8 @@ +A quick demo of propellor. + +<video controls src="http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm"></video> + +[video](http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm) + +(Audio quality is clipped/fast in places, unfortunately this was a problem +with the source recording.) diff --git a/doc/news/version_0.8.2.mdwn b/doc/news/version_0.8.2.mdwn new file mode 100644 index 00000000..d1e9da18 --- /dev/null +++ b/doc/news/version_0.8.2.mdwn @@ -0,0 +1,10 @@ +propellor 0.8.2 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Fix bug in File.containsLines that caused lines that were already in the + file to sometimes be appended to the end. + * Hostname.sane also configures /etc/mailname. + * Fixed Postfix.satellite to really configure relayhost = smtp.domain. + * Avoid reconfiguring postfix unncessarily when it already has a relayhost. + * Deal with apache 2.4's change in the name of site-available config files. + * Hostname aliases can now be used in several places, including --spin + and Ssh.knownHost."""]]
\ No newline at end of file diff --git a/doc/news/version_0.8.3.mdwn b/doc/news/version_0.8.3.mdwn new file mode 100644 index 00000000..82f400c0 --- /dev/null +++ b/doc/news/version_0.8.3.mdwn @@ -0,0 +1,11 @@ +propellor 0.8.3 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * The Debian package now includes a single-revision git repository in + /usr/src/propellor/, and ~/.propellor/ is set up to use this repository as + its origin remote. This avoids relying on the security of the github + repository when using the Debian package. + * The /usr/bin/propellor wrapper will warn when ~/.propellor/ is out of date + and a newer version is available, after which git merge upstream/master + can be run to merge it. + * Included the config.hs symlink to config-simple.hs in the cabal and Debian + packages."""]]
\ No newline at end of file diff --git a/doc/news/version_0.9.0.mdwn b/doc/news/version_0.9.0.mdwn new file mode 100644 index 00000000..f50a6b29 --- /dev/null +++ b/doc/news/version_0.9.0.mdwn @@ -0,0 +1,12 @@ +propellor 0.9.0 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Avoid encoding the current stable suite in propellor's code, + since that poses a difficult transition around the release, + and can easily be wrong if an older version of propellor is used. + Instead, the os property for a stable system includes the suite name + to use, eg Stable "wheezy". + * stdSourcesList uses the stable suite name, to avoid unwanted + immediate upgrades to the next stable release. + * debCdn switched from cdn.debian.net to http.debian.net, which seems to be + better managed now. + * Docker: Avoid committing container every time it's started up."""]]
\ No newline at end of file diff --git a/doc/news/version_0.9.1.mdwn b/doc/news/version_0.9.1.mdwn new file mode 100644 index 00000000..1a7039cf --- /dev/null +++ b/doc/news/version_0.9.1.mdwn @@ -0,0 +1,6 @@ +propellor 0.9.1 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Docker: Add ability to control when containers restart. + * Docker: Default to always restarting containers, so they come back + up after reboots and docker daemon upgrades. + * Fix loop when a docker host that does not exist was docked."""]]
\ No newline at end of file diff --git a/doc/news/version_0.9.2.mdwn b/doc/news/version_0.9.2.mdwn new file mode 100644 index 00000000..ee7d618d --- /dev/null +++ b/doc/news/version_0.9.2.mdwn @@ -0,0 +1,8 @@ +propellor 0.9.2 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Added nginx module, contributed by FĂ©lix Sipma. + * Added firewall module, contributed by Arnaud Bailly. + * Apache: Fix daemon reload when enabling a new module or site. + * Docker: Stop using docker.io; that was a compat symlink in + the Debian package which has been removed in docker.io 1.3.1~dfsg1-2. + * Orphaned the Debian package, as I am retiring from Debian."""]]
\ No newline at end of file diff --git a/doc/security.mdwn b/doc/security.mdwn index 075d68ec..fb174cb7 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -28,7 +28,7 @@ in cleartext private data such as passwords, ssh private keys, etc. Instead, `propellor --spin $host` looks for a `~/.propellor/privdata/privdata.gpg` file and if found decrypts it, -extracts the private that that the $host needs, and sends it to to the +extracts the private data that the $host needs, and sends it to to the $host using ssh. This lets a host know its own private data, without seeing all the rest. diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment new file mode 100644 index 00000000..4ed9ecdb --- /dev/null +++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Is it ok to publish to a public repository?" + date="2014-08-29T21:13:19Z" + content=""" +It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong? + +Thanks +"""]] diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment new file mode 100644 index 00000000..4d209b03 --- /dev/null +++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="131.252.200.111" + subject="comment 2" + date="2014-08-29T21:52:02Z" + content=""" +--add-key puts your **public** key in the repository, not the private key. +"""]] diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment new file mode 100644 index 00000000..4d75842d --- /dev/null +++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Remote host fails to connect" + date="2014-08-30T06:40:33Z" + content=""" +Makes sense of course, but the message one gets when doing that is a bit misleading. + +I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because: + +1. the host key is not initially present in root's known_hosts, then +2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH + +I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore. + +Thanks for your help +"""]] diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment new file mode 100644 index 00000000..b2ac4d57 --- /dev/null +++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment @@ -0,0 +1,22 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Output from propellor --spin $host" + date="2014-08-30T07:17:52Z" + content=""" +Here is the output (truncated): + + + Permission denied (publickey). + fatal: Could not read from remote repository. + + Please make sure you have the correct access rights + and the repository exists. + Git fetch ... failed + fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree. + Use '--' to separate paths from revisions, like this: + 'git <command> [<revision>...] -- [<file>...]' + propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128) + + +"""]] diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment new file mode 100644 index 00000000..cc26f42d --- /dev/null +++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment @@ -0,0 +1,13 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Got it working..." + date="2014-08-31T12:50:17Z" + content=""" +OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations: + +* Use a https:// based url for the first +* Use a git:// based url for the second + +I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url. +"""]] diff --git a/doc/todo/etckeeper.mdwn b/doc/todo/etckeeper.mdwn new file mode 100644 index 00000000..7dc80cef --- /dev/null +++ b/doc/todo/etckeeper.mdwn @@ -0,0 +1 @@ +It would be cool to have an etckeeper module :-). diff --git a/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment new file mode 100644 index 00000000..f080f70e --- /dev/null +++ b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment @@ -0,0 +1,9 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2014-11-06T15:46:56Z" + content=""" +All I've needed for this is `& Apt.installed ["etckeeper"]` + +Patches welcome, I suppose. +"""]] diff --git a/doc/todo/git_push_over_propellor_ssh_channel.mdwn b/doc/todo/git_push_over_propellor_ssh_channel.mdwn new file mode 100644 index 00000000..cac0bfea --- /dev/null +++ b/doc/todo/git_push_over_propellor_ssh_channel.mdwn @@ -0,0 +1,11 @@ +Propellor currently needs a central git server. And it has a special-cased +protocol during bootstrap that transfers the git repo over to a new host, +using the ssh connection that will be used to run propellor. + +This could be improved by making a git push be done whenever +`propellor spin $host` runs. The remote propellor runs `git receive-pack`; +the local one runs `git send-pack`. + +Then there would be no need for a central git repo. Although still very +useful if you have multiple propellor driven hosts and you want to just git +commit and let cron sort them out. diff --git a/doc/todo/port_info_for_properties_for_firewall.mdwn b/doc/todo/port_info_for_properties_for_firewall.mdwn new file mode 100644 index 00000000..efaaba05 --- /dev/null +++ b/doc/todo/port_info_for_properties_for_firewall.mdwn @@ -0,0 +1,24 @@ +The firewall module could be improved if properties that set up a service +on a port included info (see Propellor.Info and Propellor.Types.Info) +about the port(s) used. + +While currently the ports have to be explicitly listed: + + & Apache.installed + & Firewall.installed + & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 80)) + & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 443)) + +Instead the ports would be derived from the installed services. + + & Apache.installed + & Firewall.installed + +There could also be some combinators to adjust the exposed +ports of a property. + + & localOnly Apache.installed + & exposedPorts [443,80] (Apt.serviceInstalledRunning "apache2") + +Such port enformation is also going to be needed as a basis of +[[type_level_port_conflict_detection]]. --[[Joey]] diff --git a/doc/todo/type_level_port_conflict_detection.mdwn b/doc/todo/type_level_port_conflict_detection.mdwn new file mode 100644 index 00000000..5aec5775 --- /dev/null +++ b/doc/todo/type_level_port_conflict_detection.mdwn @@ -0,0 +1,5 @@ +See <http://stackoverflow.com/questions/26027765/using-types-to-prevent-conflicting-port-numbers-in-a-list> --[[Joey]] + +Needs ghc newer than 7.6.3. It may be possible to port Data.Type.Equality +and Data.Type.Bool to older versions; I got them to compile but they didn't +work right. --[[Joey]] |