From 0460a04474d2ea4f439708bb9f8ded24fba329ac Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 8 Apr 2014 16:58:11 -0400 Subject: propellor spin --- Propellor/Property/OpenId.hs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Propellor/Property/OpenId.hs (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs new file mode 100644 index 00000000..4ebf18f0 --- /dev/null +++ b/Propellor/Property/OpenId.hs @@ -0,0 +1,15 @@ +module Propellor.Property.OpenId where + +import Propellor +import qualified Propellor.Property.File as File +import qualified Propellor.Property.Apt as Apt + +providerFor :: [UserName] -> Property +providerFor users = propertyList ("openid provider") $ + [ serviceRunning "apache2" + `requires` Apt.installed ["apache2"] + , Apt.installed ["simpleid"] + ] ++ map identfile users + where + identfile u = File.hasPrivContent $ concat + [ "/var/lib/simpleid/identities/", u, ".identity" ] -- cgit v1.3-2-g0d8e From 4ea2771b69617bc537687f9b2fec4b0a32880de5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 8 Apr 2014 17:10:52 -0400 Subject: propellor spin --- Propellor/Property/Cmd.hs | 11 ++++++++++- Propellor/Property/OpenId.hs | 2 ++ config-joey.hs | 1 + 3 files changed, 13 insertions(+), 1 deletion(-) (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Property/Cmd.hs b/Propellor/Property/Cmd.hs index dc5073d3..f661cf81 100644 --- a/Propellor/Property/Cmd.hs +++ b/Propellor/Property/Cmd.hs @@ -4,6 +4,7 @@ module Propellor.Property.Cmd ( scriptProperty, userScriptProperty, serviceRunning, + serviceRestarted, ) where import Control.Monad @@ -47,13 +48,21 @@ userScriptProperty user script = cmdProperty "su" ["-c", shellcmd, user] where shellcmd = intercalate " ; " ("set -e" : "cd" : script) +type ServiceName = String + -- | Ensures that a service is running. -- -- Note that due to the general poor state of init scripts, the best -- we can do is try to start the service, and if it fails, assume -- this means it's already running. -serviceRunning :: String -> Property +serviceRunning :: ServiceName -> Property serviceRunning svc = Property ("running " ++ svc) $ do void $ ensureProperty $ scriptProperty ["service " ++ shellEscape svc ++ " start >/dev/null 2>&1 || true"] return NoChange + +serviceRestarted :: ServiceName -> Property +serviceRestarted svc = Property ("restarted " ++ svc) $ do + void $ ensureProperty $ + scriptProperty ["service " ++ shellEscape svc ++ " restart >/dev/null 2>&1 || true"] + return NoChange diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index 4ebf18f0..0f207a53 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -9,6 +9,8 @@ providerFor users = propertyList ("openid provider") $ [ serviceRunning "apache2" `requires` Apt.installed ["apache2"] , Apt.installed ["simpleid"] + `onChange` serviceRestarted "apache2" + , serviceRestarted "apache2" ] ++ map identfile users where identfile u = File.hasPrivContent $ concat diff --git a/config-joey.hs b/config-joey.hs index 4d4b8f1f..c57dd5a2 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -71,6 +71,7 @@ container _parenthost name & serviceRunning "apache2" `requires` Apt.installed ["apache2"] ] + -- My own openid provider. Uses php, so containerized for security -- and administrative sanity. | name == "openid-provider" = Just $ Docker.containerFrom -- cgit v1.3-2-g0d8e From e435d97927d37fbea032b83e791dd77dcbd47307 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 8 Apr 2014 17:29:56 -0400 Subject: propellor spin --- Propellor/Property/OpenId.hs | 13 ++++++++++--- config-joey.hs | 16 ++++++++++++---- 2 files changed, 22 insertions(+), 7 deletions(-) (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index 0f207a53..f7440370 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -4,14 +4,21 @@ import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt -providerFor :: [UserName] -> Property -providerFor users = propertyList ("openid provider") $ +import Data.List + +providerFor :: [UserName] -> HostName -> Property +providerFor users hostname = propertyList ("openid provider") $ [ serviceRunning "apache2" `requires` Apt.installed ["apache2"] , Apt.installed ["simpleid"] `onChange` serviceRestarted "apache2" - , serviceRestarted "apache2" + , File.fileProperty ("simpleid host " ++ hostname) + (map setbaseurl) "/etc/simpleid/config.inc" ] ++ map identfile users where identfile u = File.hasPrivContent $ concat [ "/var/lib/simpleid/identities/", u, ".identity" ] + setbaseurl l + | "SIMPLEID_BASE_URL" `isInfixOf` l = + "define('SIMPLEID_BASE_URL', 'http://"++hostname++"/simpleid');" + | otherwise = l diff --git a/config-joey.hs b/config-joey.hs index c57dd5a2..8445f7cd 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -61,7 +61,7 @@ host _ = Nothing -- | This is where Docker containers are set up. A container -- can vary by hostname where it's used, or be the same everywhere. container :: HostName -> Docker.ContainerName -> Maybe (Docker.Container) -container _parenthost name +container parenthost name -- Simple web server, publishing the outside host's /var/www | name == "webserver" = Just $ Docker.containerFrom (image $ System (Debian Unstable) "amd64") @@ -70,6 +70,7 @@ container _parenthost name , Docker.inside $ props & serviceRunning "apache2" `requires` Apt.installed ["apache2"] + & Apt.unattendedUpgrades ] -- My own openid provider. Uses php, so containerized for security @@ -78,8 +79,9 @@ container _parenthost name (image $ System (Debian Stable) "amd64") [ Docker.publish "8081:80" , Docker.inside $ props - & Apt.stdSourcesList Stable `onChange` Apt.upgrade - & OpenId.providerFor ["joey", "liw"] + & Apt.stdSourcesList Stable + & Apt.unattendedUpgrades + & OpenId.providerFor ["joey", "liw"] parenthost ] -- armel builder has a companion container that run amd64 and @@ -89,6 +91,8 @@ container _parenthost name | name == "armel-git-annex-builder-companion" = Just $ Docker.containerFrom (image $ System (Debian Unstable) "amd64") [ Docker.volume GitAnnexBuilder.homedir + , Docker.inside $ props + & Apt.unattendedUpgrades ] | name == "armel-git-annex-builder" = Just $ Docker.containerFrom (image $ System (Debian Unstable) "armel") @@ -96,13 +100,17 @@ container _parenthost name , Docker.volumes_from (name ++ "-companion") , Docker.inside $ props -- & GitAnnexBuilder.builder "armel" "15 * * * *" True + & Apt.unattendedUpgrades ] | "-git-annex-builder" `isSuffixOf` name = let arch = takeWhile (/= '-') name in Just $ Docker.containerFrom (image $ System (Debian Unstable) arch) - [ Docker.inside $ props & GitAnnexBuilder.builder arch "15 * * * *" True ] + [ Docker.inside $ props + & GitAnnexBuilder.builder arch "15 * * * *" True + & Apt.unattendedUpgrades + ] | otherwise = Nothing -- cgit v1.3-2-g0d8e From a04539a2ee46a3c040bf7a44a6954fa51a035315 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 8 Apr 2014 17:51:10 -0400 Subject: propellor spin --- Propellor/Property/OpenId.hs | 8 ++++---- config-joey.hs | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index f7440370..2a55ff31 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -6,13 +6,13 @@ import qualified Propellor.Property.Apt as Apt import Data.List -providerFor :: [UserName] -> HostName -> Property -providerFor users hostname = propertyList ("openid provider") $ +providerFor :: [UserName] -> String -> Property +providerFor users baseurl = propertyList ("openid provider") $ [ serviceRunning "apache2" `requires` Apt.installed ["apache2"] , Apt.installed ["simpleid"] `onChange` serviceRestarted "apache2" - , File.fileProperty ("simpleid host " ++ hostname) + , File.fileProperty ("simpleid host " ++ baseurl) (map setbaseurl) "/etc/simpleid/config.inc" ] ++ map identfile users where @@ -20,5 +20,5 @@ providerFor users hostname = propertyList ("openid provider") $ [ "/var/lib/simpleid/identities/", u, ".identity" ] setbaseurl l | "SIMPLEID_BASE_URL" `isInfixOf` l = - "define('SIMPLEID_BASE_URL', 'http://"++hostname++"/simpleid');" + "define('SIMPLEID_BASE_URL', 'http://"++baseurl++"/simpleid');" | otherwise = l diff --git a/config-joey.hs b/config-joey.hs index 8445f7cd..879e8baf 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -81,7 +81,8 @@ container parenthost name , Docker.inside $ props & Apt.stdSourcesList Stable & Apt.unattendedUpgrades - & OpenId.providerFor ["joey", "liw"] parenthost + & OpenId.providerFor ["joey", "liw"] + (parenthost++":8081") ] -- armel builder has a companion container that run amd64 and -- cgit v1.3-2-g0d8e From e2d1cf70eb9bfc613d0723c0cc6e0fd2ca6e656c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 8 Apr 2014 17:52:14 -0400 Subject: propellor spin --- Propellor/Property/OpenId.hs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index 2a55ff31..4f22bdb9 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -7,18 +7,20 @@ import qualified Propellor.Property.Apt as Apt import Data.List providerFor :: [UserName] -> String -> Property -providerFor users baseurl = propertyList ("openid provider") $ +providerFor users baseurl = propertyList desc $ [ serviceRunning "apache2" `requires` Apt.installed ["apache2"] , Apt.installed ["simpleid"] `onChange` serviceRestarted "apache2" - , File.fileProperty ("simpleid host " ++ baseurl) + , File.fileProperty desc (map setbaseurl) "/etc/simpleid/config.inc" ] ++ map identfile users where identfile u = File.hasPrivContent $ concat [ "/var/lib/simpleid/identities/", u, ".identity" ] + url = "http://"++baseurl++"/simpleid" + desc = "openid provider " ++ url setbaseurl l | "SIMPLEID_BASE_URL" `isInfixOf` l = - "define('SIMPLEID_BASE_URL', 'http://"++baseurl++"/simpleid');" + "define('SIMPLEID_BASE_URL', '"++url++"');" | otherwise = l -- cgit v1.3-2-g0d8e From a52a2a89dfe92d7bed4a6446101657a288fd3bae Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 8 Apr 2014 19:31:03 -0400 Subject: serviceInstalledRunning --- Propellor/Property/Apt.hs | 12 ++++++++--- Propellor/Property/Cmd.hs | 23 -------------------- Propellor/Property/Cron.hs | 3 +-- Propellor/Property/OpenId.hs | 6 +++--- Propellor/Property/Service.hs | 25 ++++++++++++++++++++++ Propellor/Property/SiteSpecific/GitAnnexBuilder.hs | 2 +- config-joey.hs | 3 +-- config-simple.hs | 3 +-- 8 files changed, 41 insertions(+), 36 deletions(-) create mode 100644 Propellor/Property/Service.hs (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Property/Apt.hs b/Propellor/Property/Apt.hs index ac1d9a12..ff9b3de9 100644 --- a/Propellor/Property/Apt.hs +++ b/Propellor/Property/Apt.hs @@ -8,6 +8,7 @@ import Control.Monad import Propellor import qualified Propellor.Property.File as File +import qualified Propellor.Property.Service as Service import Propellor.Property.File (Line) sourcesList :: FilePath @@ -149,9 +150,7 @@ autoRemove = runApt ["-y", "autoremove"] unattendedUpgrades :: RevertableProperty unattendedUpgrades = RevertableProperty enable disable where - enable = setup True - `before` installed ["cron"] - `before` serviceRunning "cron" + enable = setup True `before` Service.running "cron" disable = setup False setup enabled = (if enabled then installed else removed) ["unattended-upgrades"] @@ -176,3 +175,10 @@ reConfigure package vals = reconfigure `requires` setselections hPutStrLn h $ unwords [package, template, tmpltype, value] hClose h reconfigure = cmdProperty "dpkg-reconfigure" ["-fnone", package] + +-- | Ensures that a service is installed and running. +-- +-- Assumes that there is a 1:1 mapping between service names and apt +-- package names. +serviceInstalledRunning :: Package -> Property +serviceInstalledRunning svc = Service.running svc `requires` installed [svc] diff --git a/Propellor/Property/Cmd.hs b/Propellor/Property/Cmd.hs index f661cf81..c715fd2a 100644 --- a/Propellor/Property/Cmd.hs +++ b/Propellor/Property/Cmd.hs @@ -3,16 +3,12 @@ module Propellor.Property.Cmd ( cmdProperty', scriptProperty, userScriptProperty, - serviceRunning, - serviceRestarted, ) where -import Control.Monad import Control.Applicative import Data.List import Propellor.Types -import Propellor.Engine import Utility.Monad import Utility.SafeCommand import Utility.Env @@ -47,22 +43,3 @@ userScriptProperty :: UserName -> [String] -> Property userScriptProperty user script = cmdProperty "su" ["-c", shellcmd, user] where shellcmd = intercalate " ; " ("set -e" : "cd" : script) - -type ServiceName = String - --- | Ensures that a service is running. --- --- Note that due to the general poor state of init scripts, the best --- we can do is try to start the service, and if it fails, assume --- this means it's already running. -serviceRunning :: ServiceName -> Property -serviceRunning svc = Property ("running " ++ svc) $ do - void $ ensureProperty $ - scriptProperty ["service " ++ shellEscape svc ++ " start >/dev/null 2>&1 || true"] - return NoChange - -serviceRestarted :: ServiceName -> Property -serviceRestarted svc = Property ("restarted " ++ svc) $ do - void $ ensureProperty $ - scriptProperty ["service " ++ shellEscape svc ++ " restart >/dev/null 2>&1 || true"] - return NoChange diff --git a/Propellor/Property/Cron.hs b/Propellor/Property/Cron.hs index 30bdb510..fa6019ea 100644 --- a/Propellor/Property/Cron.hs +++ b/Propellor/Property/Cron.hs @@ -18,8 +18,7 @@ job desc times user cddir command = ("/etc/cron.d/" ++ desc) `File.hasContent` , "" , times ++ "\t" ++ user ++ "\t" ++ "cd " ++ cddir ++ " && " ++ command ] - `requires` Apt.installed ["cron"] - `requires` serviceRunning "cron" + `requires` Apt.serviceInstalledRunning "cron" `describe` ("cronned " ++ desc) -- | Installs a cron job, and runs it niced and ioniced. diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index 4f22bdb9..c397bdb8 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -3,15 +3,15 @@ module Propellor.Property.OpenId where import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.Service as Service import Data.List providerFor :: [UserName] -> String -> Property providerFor users baseurl = propertyList desc $ - [ serviceRunning "apache2" - `requires` Apt.installed ["apache2"] + [ Apt.serviceInstalledRunning "apache2" , Apt.installed ["simpleid"] - `onChange` serviceRestarted "apache2" + `onChange` Service.restarted "apache2" , File.fileProperty desc (map setbaseurl) "/etc/simpleid/config.inc" ] ++ map identfile users diff --git a/Propellor/Property/Service.hs b/Propellor/Property/Service.hs new file mode 100644 index 00000000..2fb3e0c6 --- /dev/null +++ b/Propellor/Property/Service.hs @@ -0,0 +1,25 @@ +module Propellor.Property.Service where + +import Propellor +import Utility.SafeCommand + +type ServiceName = String + +-- | Ensures that a service is running. Does not ensure that +-- any package providing that service is installed. See +-- Apt.serviceInstalledRunning +-- +-- Note that due to the general poor state of init scripts, the best +-- we can do is try to start the service, and if it fails, assume +-- this means it's already running. +running :: ServiceName -> Property +running svc = Property ("running " ++ svc) $ do + void $ ensureProperty $ + scriptProperty ["service " ++ shellEscape svc ++ " start >/dev/null 2>&1 || true"] + return NoChange + +restarted :: ServiceName -> Property +restarted svc = Property ("restarted " ++ svc) $ do + void $ ensureProperty $ + scriptProperty ["service " ++ shellEscape svc ++ " restart >/dev/null 2>&1 || true"] + return NoChange diff --git a/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index 149c8e6c..580a52dc 100644 --- a/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -24,7 +24,7 @@ builder arch crontimes rsyncupload = combineProperties "gitannexbuilder" , Apt.buildDep ["git-annex"] , Apt.installed ["git", "rsync", "moreutils", "ca-certificates", "liblockfile-simple-perl", "cabal-install", "vim", "less"] - , serviceRunning "cron" `requires` Apt.installed ["cron"] + , Apt.serviceInstalledRunning "cron" , User.accountFor builduser , check (not <$> doesDirectoryExist gitbuilderdir) $ userScriptProperty builduser [ "git clone git://git.kitenet.net/gitannexbuilder " ++ gitbuilderdir diff --git a/config-joey.hs b/config-joey.hs index 6e58d5d6..baabd8cb 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -68,8 +68,7 @@ container _parenthost name [ Docker.publish "8080:80" , Docker.volume "/var/www:/var/www" , Docker.inside $ props - & serviceRunning "apache2" - `requires` Apt.installed ["apache2"] + & Apt.serviceInstalledRunning "apache2" & Apt.unattendedUpgrades ] diff --git a/config-simple.hs b/config-simple.hs index d5015ef3..5e43b467 100644 --- a/config-simple.hs +++ b/config-simple.hs @@ -47,7 +47,6 @@ container _ "webserver" = Just $ Docker.containerFrom "joeyh/debian-unstable" [ Docker.publish "80:80" , Docker.volume "/var/www:/var/www" , Docker.inside $ props - & serviceRunning "apache2" - `requires` Apt.installed ["apache2"] + & Apt.serviceInstalledRunning "apache2" ] container _ _ = Nothing -- cgit v1.3-2-g0d8e