From 9836bdf4c96eba09fbe4649e32240682566d4887 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 31 May 2014 13:41:28 -0400 Subject: propellor spin --- config-joey.hs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'config-joey.hs') diff --git a/config-joey.hs b/config-joey.hs index e67bcede..44e25338 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -76,9 +76,10 @@ hosts = -- (o) ` & alias "znc.kitenet.net" & JoeySites.ircBouncer - -- Nothing is using https on clam, so listen on that port - -- for ssh, for traveling on bad networks. - & "/etc/ssh/sshd_config" `File.containsLine` "Port 443" + -- Nothing is using http port 80 on clam, so listen on + -- that port for ssh, for traveling on bad networks that + -- block 22. + & "/etc/ssh/sshd_config" `File.containsLine` "Port 80" `onChange` Service.restarted "ssh" & Docker.garbageCollected `period` Daily @@ -307,7 +308,6 @@ monsters = -- but do want to track their public keys etc. & alias "www.wortroot.kitenet.net" & alias "joey.kitenet.net" & alias "anna.kitenet.net" - & alias "ipv6.kitenet.net" & alias "bitlbee.kitenet.net" {- Remaining services on kite: - @@ -333,7 +333,7 @@ monsters = -- but do want to track their public keys etc. - ftpd (EOL) - - user shell stuff: - - pine, zsh, make, ... + - pine, zsh, make, git-annex, myrepos, ... -} , host "mouse.kitenet.net" & ipv6 "2001:4830:1600:492::2" -- cgit v1.3-2-g0d8e From 2d740c92c9c392d7799d51140bf8691588fd68df Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 31 May 2014 13:44:28 -0400 Subject: propellor spin --- config-joey.hs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'config-joey.hs') diff --git a/config-joey.hs b/config-joey.hs index 44e25338..b14e06fd 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -42,6 +42,8 @@ hosts = -- (o) ` & Docker.docked hosts "android-git-annex" -- Nothing super-important lives here. + -- Any services I care about are containerized so they can easily + -- be moved. , standardSystem "clam.kitenet.net" Unstable "amd64" & ipv4 "162.248.143.249" & ipv6 "2002:5044:5531::1" @@ -54,7 +56,7 @@ hosts = -- (o) ` & Docker.configured & alias "shell.olduse.net" - & JoeySites.oldUseNetShellBox + & Docker.docked hosts "oldusenet-shellbox" & alias "openid.kitenet.net" & Docker.docked hosts "openid-provider" @@ -191,6 +193,10 @@ hosts = -- (o) ` & Git.cloned "root" "git://kitenet-net.branchable.com/" "/var/www" (Just "remotes/origin/old-kitenet.net") + , standardContainer "oldusenet-shellbox" Stable "amd64" + & Docker.publish "4200:4200" + & JoeySites.oldUseNetShellBox + -- git-annex autobuilder containers , GitAnnexBuilder.standardAutoBuilderContainer dockerImage "amd64" 15 "2h" , GitAnnexBuilder.standardAutoBuilderContainer dockerImage "i386" 45 "2h" -- cgit v1.3-2-g0d8e From 5a895c21b5a2f43ab74b3514b3c75f1dba09dd97 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 31 May 2014 14:15:16 -0400 Subject: propellor spin --- config-joey.hs | 9 ++++++--- src/Propellor/Property/SiteSpecific/JoeySites.hs | 22 ++++++++++++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) (limited to 'config-joey.hs') diff --git a/config-joey.hs b/config-joey.hs index b14e06fd..f5d226bc 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -41,9 +41,7 @@ hosts = -- (o) ` & Apt.buildDep ["git-annex"] `period` Daily & Docker.docked hosts "android-git-annex" - -- Nothing super-important lives here. - -- Any services I care about are containerized so they can easily - -- be moved. + -- Nothing super-important lives here and mostly it's docker containers. , standardSystem "clam.kitenet.net" Unstable "amd64" & ipv4 "162.248.143.249" & ipv6 "2002:5044:5531::1" @@ -78,6 +76,11 @@ hosts = -- (o) ` & alias "znc.kitenet.net" & JoeySites.ircBouncer + -- For https port 443, shellinabox with ssh login to + -- kitenet.net + & alias "shell.kitenet.net" + & JoeySites.kiteShellBox + -- Nothing is using http port 80 on clam, so listen on -- that port for ssh, for traveling on bad networks that -- block 22. diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 587e16af..51210819 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -317,3 +317,25 @@ ircBouncer = propertyList "IRC bouncer" ] where conf = "/home/znc/.znc/configs/znc.conf" + +kiteShellBox :: Property +kiteShellBox = propertyList "kitenet.net shellinabox" + [ Apt.installed ["shellinabox"] + + -- Install ssl cert, let shellinabox read it. + , File.dirExists certdir + , File.ownerGroup certdir "shellinabox" "shellinabox" + , File.mode certdir (combineModes [ownerWriteMode, ownerReadMode, ownerExecuteMode]) + , File.hasPrivContentExposed (certdir "certificate.pem") + + , File.hasContent "/etc/default/shellinabox" + [ "# Deployed by propellor" + , "SHELLINABOX_DAEMON_START=1" + , "SHELLINABOX_PORT=443" + , "SHELLINABOX_ARGS=\"--no-beep --service=/:SSH:kitenet.net --cert=" ++ certdir ++ "\"" + ] + `onChange` Service.restarted "shellinabox" + , Service.running "shellinabox" + ] + where + certdir = "/etc/shellinabox/certs" -- cgit v1.3-2-g0d8e From 1a83bf26300a225f044205e2208783e664377e25 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 31 May 2014 15:54:41 -0400 Subject: propellor spin --- config-joey.hs | 1 - 1 file changed, 1 deletion(-) (limited to 'config-joey.hs') diff --git a/config-joey.hs b/config-joey.hs index f5d226bc..7a99b9b1 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -338,7 +338,6 @@ monsters = -- but do want to track their public keys etc. - (branchable is still pushing to here - (thinking it's ns2.branchable.com), but it's no - longer a primary or secondary for anything) - - ajaxterm - ftpd (EOL) - - user shell stuff: -- cgit v1.3-2-g0d8e From 6383d8c38893c160382eb9bf69e0315c5e87269e Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 31 May 2014 16:48:14 -0400 Subject: propellor spin --- config-joey.hs | 2 +- debian/changelog | 9 +++++++++ doc/todo/docker_todo_list.mdwn | 2 -- propellor.cabal | 2 +- src/Propellor/Attr.hs | 26 ++++++++++++++++++-------- src/Propellor/Property/Docker.hs | 24 +++++++++++++++++++----- 6 files changed, 48 insertions(+), 17 deletions(-) (limited to 'config-joey.hs') diff --git a/config-joey.hs b/config-joey.hs index 7a99b9b1..b667f790 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -53,7 +53,6 @@ hosts = -- (o) ` & Postfix.satellite & Docker.configured - & alias "shell.olduse.net" & Docker.docked hosts "oldusenet-shellbox" & alias "openid.kitenet.net" @@ -198,6 +197,7 @@ hosts = -- (o) ` , standardContainer "oldusenet-shellbox" Stable "amd64" & Docker.publish "4200:4200" + & alias "shell.olduse.net" & JoeySites.oldUseNetShellBox -- git-annex autobuilder containers diff --git a/debian/changelog b/debian/changelog index 916b9b3b..98cbee18 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +propellor (0.6.0) UNRELEASED; urgency=medium + + * Docker containers now propigate DNS attributes out to the host they're + docked in. So if a docker container sets a DNS alias, every container + it's docked in will automatically become part of a round-robin DNS, + if propellor is used to manage DNS for the domain. + + -- Joey Hess Sat, 31 May 2014 16:41:56 -0400 + propellor (0.5.3) unstable; urgency=medium * Fix unattended-upgrades config for !stable. diff --git a/doc/todo/docker_todo_list.mdwn b/doc/todo/docker_todo_list.mdwn index 65762cff..2bf095f1 100644 --- a/doc/todo/docker_todo_list.mdwn +++ b/doc/todo/docker_todo_list.mdwn @@ -4,5 +4,3 @@ * There is no way for a property of a docker container to require some property be met outside the container. For example, some servers need ntp installed for a good date source. -* Docking a container in a host should add to the host any cnames that - are assigned to the container. diff --git a/propellor.cabal b/propellor.cabal index 80c353bc..1ca9f3a5 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -1,5 +1,5 @@ Name: propellor -Version: 0.5.3 +Version: 0.6.0 Cabal-Version: >= 1.6 License: BSD3 Maintainer: Joey Hess diff --git a/src/Propellor/Attr.hs b/src/Propellor/Attr.hs index 98cfc64d..e2b64bf0 100644 --- a/src/Propellor/Attr.hs +++ b/src/Propellor/Attr.hs @@ -33,21 +33,31 @@ getOS = asks _os -- TODO check at run time if the host really has this address. -- (Can't change the host's address, but as a sanity check.) ipv4 :: String -> Property -ipv4 addr = pureAttrProperty ("ipv4 " ++ addr) - (addDNS $ Address $ IPv4 addr) +ipv4 = addDNS . Address . IPv4 -- | Indidate that a host has an AAAA record in the DNS. ipv6 :: String -> Property -ipv6 addr = pureAttrProperty ("ipv6 " ++ addr) - (addDNS $ Address $ IPv6 addr) +ipv6 = addDNS . Address . IPv6 -- | Indicates another name for the host in the DNS. alias :: Domain -> Property -alias domain = pureAttrProperty ("alias " ++ domain) - (addDNS $ CNAME $ AbsDomain domain) +alias = addDNS . CNAME . AbsDomain -addDNS :: Record -> SetAttr -addDNS record d = d { _dns = S.insert record (_dns d) } +addDNS :: Record -> Property +addDNS r = pureAttrProperty (rdesc r) $ + \d -> d { _dns = S.insert r (_dns d) } + where + rdesc (CNAME d) = unwords ["alias", ddesc d] + rdesc (Address (IPv4 addr)) = unwords ["ipv4", addr] + rdesc (Address (IPv6 addr)) = unwords ["ipv6", addr] + rdesc (MX n d) = unwords ["MX", show n, ddesc d] + rdesc (NS d) = unwords ["NS", ddesc d] + rdesc (TXT s) = unwords ["TXT", s] + rdesc (SRV x y z d) = unwords ["SRV", show x, show y, show z, ddesc d] + + ddesc (AbsDomain domain) = domain + ddesc (RelDomain domain) = domain + ddesc RootDomain = "@" -- | Adds a DNS NamedConf stanza. -- diff --git a/src/Propellor/Property/Docker.hs b/src/Propellor/Property/Docker.hs index 68fbced5..465fe0b4 100644 --- a/src/Propellor/Property/Docker.hs +++ b/src/Propellor/Property/Docker.hs @@ -21,6 +21,7 @@ import System.Posix.Directory import System.Posix.Process import Data.List import Data.List.Utils +import qualified Data.Set as S -- | Configures docker with an authentication file, so that images can be -- pushed to index.docker.io. @@ -54,7 +55,10 @@ cn2hn cn = cn ++ ".docker" -- | Ensures that a docker container is set up and running. The container -- has its own Properties which are handled by running propellor --- inside the container. +-- inside the container. +-- +-- Additionally, the container can have DNS attributes, such as a CNAME. +-- These become attributes of the host(s) it's docked in. -- -- Reverting this property ensures that the container is stopped and -- removed. @@ -62,12 +66,16 @@ docked :: [Host] -> ContainerName -> RevertableProperty -docked hosts cn = RevertableProperty (go "docked" setup) (go "undocked" teardown) +docked hosts cn = RevertableProperty + (go "docked" setup) + (go "undocked" teardown) where go desc a = property (desc ++ " " ++ cn) $ do hn <- getHostName let cid = ContainerId hn cn - ensureProperties [findContainer hosts cid cn $ a cid] + ensureProperties [findContainer mhost cid cn $ a cid] + + mhost = findHost hosts (cn2hn cn) setup cid (Container image runparams) = provisionContainer cid @@ -86,13 +94,19 @@ docked hosts cn = RevertableProperty (go "docked" setup) (go "undocked" teardown ] ] +exposeDnsAttrs :: Host -> Property -> Property +exposeDnsAttrs (Host _ containerattr) p = combineProperties (propertyDesc p) $ + p : map addDNS (S.toList containerdns) + where + containerdns = _dns $ containerattr $ newAttr undefined + findContainer - :: [Host] + :: Maybe Host -> ContainerId -> ContainerName -> (Container -> Property) -> Property -findContainer hosts cid cn mk = case findHost hosts (cn2hn cn) of +findContainer mhost cid cn mk = case mhost of Nothing -> cantfind Just h -> maybe cantfind mk (mkContainer cid h) where -- cgit v1.3-2-g0d8e From 44244b5094032e5dba906490a58c422f2183a41b Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 31 May 2014 18:35:17 -0400 Subject: propellor spin --- config-joey.hs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'config-joey.hs') diff --git a/config-joey.hs b/config-joey.hs index b667f790..ae575ea7 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -54,12 +54,8 @@ hosts = -- (o) ` & Docker.configured & Docker.docked hosts "oldusenet-shellbox" - - & alias "openid.kitenet.net" & Docker.docked hosts "openid-provider" `requires` Apt.serviceInstalledRunning "ntp" - - & alias "ancient.kitenet.net" & Docker.docked hosts "ancient-kitenet" -- I'd rather this were on diatom, but it needs unstable. @@ -184,20 +180,22 @@ hosts = -- (o) ` -- My own openid provider. Uses php, so containerized for security -- and administrative sanity. , standardContainer "openid-provider" Stable "amd64" + & alias "openid.kitenet.net" & Docker.publish "8081:80" & OpenId.providerFor ["joey", "liw"] "openid.kitenet.net:8081" -- Exhibit: kite's 90's website. , standardContainer "ancient-kitenet" Stable "amd64" + & alias "ancient.kitenet.net" & Docker.publish "1994:80" & Apt.serviceInstalledRunning "apache2" & Git.cloned "root" "git://kitenet-net.branchable.com/" "/var/www" (Just "remotes/origin/old-kitenet.net") , standardContainer "oldusenet-shellbox" Stable "amd64" - & Docker.publish "4200:4200" & alias "shell.olduse.net" + & Docker.publish "4200:4200" & JoeySites.oldUseNetShellBox -- git-annex autobuilder containers -- cgit v1.3-2-g0d8e