propellor/src/Propellor/Property/OS.hs

module Propellor.Property.OS (
	cleanInstallOnce,
	Confirmed(..),
	fixupNetworkInterfaces,
	rootSshAuthorized,
	grubBoots,
	GrubDev(..),
	kernelInstalled,
	oldOSRemoved,
) where

import Propellor
import qualified Propellor.Property.Chroot as Chroot
import qualified Propellor.Property.Debootstrap as Debootstrap
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Ssh as Ssh
import Utility.FileMode

-- | Replaces whatever OS was installed before with a clean installation
-- of the OS that the Host is configured to have.
--
-- This can replace one Linux distribution with different one.
-- But, it can also fail and leave the system in an unbootable state.
--
-- To avoid this property being accidentially used, you have to provide
-- a Confirmed containing the name of the host that you intend to apply the
-- property to.
--
-- This property only runs once. The cleanly installed system will have
-- a file /etc/propellor-cleaninstall, which indicates it was cleanly
-- installed.
--
-- You will typically want to run some more properties after the clean
-- install, to bootstrap from the cleanly installed system to a fully
-- working system. For example:
--
-- > & os (System (Debian Unstable) "amd64")
-- > & cleanInstall (Confirmed "foo.example.com") [BackupOldOS, UseOldKernel]
-- >    `onChange` propertyList "fixing up after clean install"
-- >        [ fixupNetworkInterfaces
-- >        , rootSshAuthorized
-- >        -- , kernelInstalled
-- >        -- , grubBoots "hd0"
-- >        ]
-- > & Apt.installed ["ssh"]
-- > & User.hasSomePassword "root"
-- > & User.accountFor "joey"
-- > & User.hasSomePassword "joey"
-- > -- rest of system properties here
cleanInstallOnce :: Confirmed -> [Tweak] -> Property
cleanInstallOnce confirmed tweaks = check (not <$> doesFileExist flagfile) $
	property "OS cleanly installed" $ do
		checkConfirmed confirmed
		error "TODO"
		-- debootstrap /new-os chroot, but don't run propellor
		--   inside the chroot.
		-- unmount all mounts
		-- move all directories to /old-os,
		--   except for /boot and /lib/modules when UseOldKernel
		--   (or, delete when not BackupOldOS)
		-- move /new-os to /
		-- touch flagfile
		-- re-bootstrap propellor in /usr/local/propellor,
		--   (using git repo bundle, privdata file, and possibly
		--   git repo url, which all need to be arranged to
		--   be present in /old-os's /usr/local/propellor)
		-- enable shadow passwords (to avoid foot-shooting)
		-- return MadeChange
  where
	flagfile = "/etc/propellor-cleaninstall"

data Confirmed = Confirmed HostName

checkConfirmed :: Confirmed -> Propellor ()
checkConfirmed (Confirmed c) = do
	hostname <- asks hostName
	when (hostname /= c) $
		errorMessage "Run with a bad confirmation, not matching hostname."

-- | Sometimes you want an almost clean install, but with some tweaks.
data Tweak
	= UseOldKernel -- ^ Leave /boot and /lib/modules from old OS, so the system can boot using them as before
	| BackupOldOS -- ^ Back up old OS to /old-os, to avoid losing any important files

-- /etc/network/interfaces is configured to bring up all interfaces that
-- are currently up, using the same IP addresses.
fixupNetworkInterfaces :: Property
fixupNetworkInterfaces = undefined

-- Root's .ssh/authorized_keys has added to it any ssh keys that
-- were authorized in the old OS. Any other contents of the file are
-- retained.
rootSshAuthorized :: Property
rootSshAuthorized = check (doesDirectoryExist oldloc) $
	property (newloc ++ " copied from old OS") $ do
		ks <- liftIO $ lines <$> readFile oldloc
		ensureProperties (map (Ssh.authorizedKey "root") ks)
  where
	newloc = "/root/.ssh/authorized_keys"
	oldloc = oldOsDir ++ newloc

-- Installs an appropriate kernel from the OS distribution.
kernelInstalled :: Property
kernelInstalled = undefined

-- Installs grub onto a device to boot the system.
--
-- You may want to install grub to multiple devices; eg for a system
-- that uses software RAID.
grubBoots :: GrubDev -> Property
grubBoots = undefined

type GrubDev = String

-- Removes the old OS's backup from /old-os
oldOSRemoved :: Confirmed -> Property
oldOSRemoved confirmed = check (doesDirectoryExist oldOsDir) $
	property "old OS backup removed" $ do
		checkConfirmed confirmed
		liftIO $ removeDirectoryRecursive oldOsDir
		return MadeChange

oldOsDir :: FilePath
oldOsDir = "/old-os"
WIP 2014-11-23 19:42:22 +00:00			`module Propellor.Property.OS (`
			`cleanInstallOnce,`
more work; builds now 2014-11-24 04:40:53 +00:00			`Confirmed(..),`
			`fixupNetworkInterfaces,`
better property names 2014-11-23 23:49:53 +00:00			`rootSshAuthorized,`
			`grubBoots,`
more work; builds now 2014-11-24 04:40:53 +00:00			`GrubDev(..),`
better property names 2014-11-23 23:49:53 +00:00			`kernelInstalled,`
WIP 2014-11-23 19:42:22 +00:00			`oldOSRemoved,`
			`) where`

			`import Propellor`
			`import qualified Propellor.Property.Chroot as Chroot`
			`import qualified Propellor.Property.Debootstrap as Debootstrap`
more work; builds now 2014-11-24 04:40:53 +00:00			`import qualified Propellor.Property.File as File`
move property to ssh module 2014-11-24 04:51:36 +00:00			`import qualified Propellor.Property.Ssh as Ssh`
more work; builds now 2014-11-24 04:40:53 +00:00			`import Utility.FileMode`

WIP 2014-11-23 19:42:22 +00:00			`-- \| Replaces whatever OS was installed before with a clean installation`
			`-- of the OS that the Host is configured to have.`
			`--`
			`-- This can replace one Linux distribution with different one.`
			`-- But, it can also fail and leave the system in an unbootable state.`
			`--`
hasSomePassword and hasPassword now default to using the name of the host as the Context for the password. To specify a different context, use hasSomePassword' and hasPassword' (API change) 2014-11-23 20:39:49 +00:00			`-- To avoid this property being accidentially used, you have to provide`
more work; builds now 2014-11-24 04:40:53 +00:00			`-- a Confirmed containing the name of the host that you intend to apply the`
hasSomePassword and hasPassword now default to using the name of the host as the Context for the password. To specify a different context, use hasSomePassword' and hasPassword' (API change) 2014-11-23 20:39:49 +00:00			`-- property to.`
			`--`
WIP 2014-11-23 19:42:22 +00:00			`-- This property only runs once. The cleanly installed system will have`
			`-- a file /etc/propellor-cleaninstall, which indicates it was cleanly`
			`-- installed.`
			`--`
			`-- You will typically want to run some more properties after the clean`
			`-- install, to bootstrap from the cleanly installed system to a fully`
			`-- working system. For example:`
			`--`
			`-- > & os (System (Debian Unstable) "amd64")`
more work; builds now 2014-11-24 04:40:53 +00:00			`-- > & cleanInstall (Confirmed "foo.example.com") [BackupOldOS, UseOldKernel]`
WIP 2014-11-23 19:42:22 +00:00			-- > `onChange` propertyList "fixing up after clean install"
			`-- > [ fixupNetworkInterfaces`
better property names 2014-11-23 23:49:53 +00:00			`-- > , rootSshAuthorized`
			`-- > -- , kernelInstalled`
			`-- > -- , grubBoots "hd0"`
WIP 2014-11-23 19:42:22 +00:00			`-- > ]`
			`-- > & Apt.installed ["ssh"]`
hasSomePassword and hasPassword now default to using the name of the host as the Context for the password. To specify a different context, use hasSomePassword' and hasPassword' (API change) 2014-11-23 20:39:49 +00:00			`-- > & User.hasSomePassword "root"`
			`-- > & User.accountFor "joey"`
			`-- > & User.hasSomePassword "joey"`
WIP 2014-11-23 19:42:22 +00:00			`-- > -- rest of system properties here`
more work; builds now 2014-11-24 04:40:53 +00:00			`cleanInstallOnce :: Confirmed -> [Tweak] -> Property`
			`cleanInstallOnce confirmed tweaks = check (not <$> doesFileExist flagfile) $`
			`property "OS cleanly installed" $ do`
			`checkConfirmed confirmed`
WIP 2014-11-23 19:42:22 +00:00			`error "TODO"`
hasSomePassword and hasPassword now default to using the name of the host as the Context for the password. To specify a different context, use hasSomePassword' and hasPassword' (API change) 2014-11-23 20:39:49 +00:00			`-- debootstrap /new-os chroot, but don't run propellor`
			`-- inside the chroot.`
WIP 2014-11-23 19:42:22 +00:00			`-- unmount all mounts`
			`-- move all directories to /old-os,`
more work; builds now 2014-11-24 04:40:53 +00:00			`-- except for /boot and /lib/modules when UseOldKernel`
			`-- (or, delete when not BackupOldOS)`
WIP 2014-11-23 19:42:22 +00:00			`-- move /new-os to /`
hasSomePassword and hasPassword now default to using the name of the host as the Context for the password. To specify a different context, use hasSomePassword' and hasPassword' (API change) 2014-11-23 20:39:49 +00:00			`-- touch flagfile`
WIP 2014-11-23 19:42:22 +00:00			`-- re-bootstrap propellor in /usr/local/propellor,`
			`-- (using git repo bundle, privdata file, and possibly`
			`-- git repo url, which all need to be arranged to`
			`-- be present in /old-os's /usr/local/propellor)`
hasSomePassword and hasPassword now default to using the name of the host as the Context for the password. To specify a different context, use hasSomePassword' and hasPassword' (API change) 2014-11-23 20:39:49 +00:00			`-- enable shadow passwords (to avoid foot-shooting)`
WIP 2014-11-23 19:42:22 +00:00			`-- return MadeChange`
			`where`
			`flagfile = "/etc/propellor-cleaninstall"`

more work; builds now 2014-11-24 04:40:53 +00:00			`data Confirmed = Confirmed HostName`

			`checkConfirmed :: Confirmed -> Propellor ()`
			`checkConfirmed (Confirmed c) = do`
			`hostname <- asks hostName`
			`when (hostname /= c) $`
			`errorMessage "Run with a bad confirmation, not matching hostname."`

			`-- \| Sometimes you want an almost clean install, but with some tweaks.`
			`data Tweak`
WIP 2014-11-23 19:42:22 +00:00			`= UseOldKernel -- ^ Leave /boot and /lib/modules from old OS, so the system can boot using them as before`
			`\| BackupOldOS -- ^ Back up old OS to /old-os, to avoid losing any important files`

			`-- /etc/network/interfaces is configured to bring up all interfaces that`
			`-- are currently up, using the same IP addresses.`
			`fixupNetworkInterfaces :: Property`
			`fixupNetworkInterfaces = undefined`

more work; builds now 2014-11-24 04:40:53 +00:00			`-- Root's .ssh/authorized_keys has added to it any ssh keys that`
			`-- were authorized in the old OS. Any other contents of the file are`
			`-- retained.`
better property names 2014-11-23 23:49:53 +00:00			`rootSshAuthorized :: Property`
more work; builds now 2014-11-24 04:40:53 +00:00			`rootSshAuthorized = check (doesDirectoryExist oldloc) $`
			`property (newloc ++ " copied from old OS") $ do`
			`ks <- liftIO $ lines <$> readFile oldloc`
move property to ssh module 2014-11-24 04:51:36 +00:00			`ensureProperties (map (Ssh.authorizedKey "root") ks)`
more work; builds now 2014-11-24 04:40:53 +00:00			`where`
			`newloc = "/root/.ssh/authorized_keys"`
			`oldloc = oldOsDir ++ newloc`
WIP 2014-11-23 19:42:22 +00:00
more work; builds now 2014-11-24 04:40:53 +00:00			`-- Installs an appropriate kernel from the OS distribution.`
better property names 2014-11-23 23:49:53 +00:00			`kernelInstalled :: Property`
			`kernelInstalled = undefined`
WIP 2014-11-23 19:42:22 +00:00
more work; builds now 2014-11-24 04:40:53 +00:00			`-- Installs grub onto a device to boot the system.`
			`--`
			`-- You may want to install grub to multiple devices; eg for a system`
			`-- that uses software RAID.`
better property names 2014-11-23 23:49:53 +00:00			`grubBoots :: GrubDev -> Property`
			`grubBoots = undefined`
WIP 2014-11-23 19:42:22 +00:00
more work; builds now 2014-11-24 04:40:53 +00:00			`type GrubDev = String`

WIP 2014-11-23 19:42:22 +00:00			`-- Removes the old OS's backup from /old-os`
more work; builds now 2014-11-24 04:40:53 +00:00			`oldOSRemoved :: Confirmed -> Property`
			`oldOSRemoved confirmed = check (doesDirectoryExist oldOsDir) $`
			`property "old OS backup removed" $ do`
			`checkConfirmed confirmed`
			`liftIO $ removeDirectoryRecursive oldOsDir`
WIP 2014-11-23 19:42:22 +00:00			`return MadeChange`

			`oldOsDir :: FilePath`
			`oldOsDir = "/old-os"`