From 4cab90c13713025a66c4aec7074730faa2e2b4ed Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 12 Aug 2015 17:00:03 -0400 Subject: [PATCH 01/11] propellor spin --- config-joey.hs | 37 ++++++++++--------- src/Propellor/Property/Network.hs | 9 +++++ .../Property/SiteSpecific/GitAnnexBuilder.hs | 5 +-- src/Propellor/Property/SiteSpecific/IABak.hs | 1 + 4 files changed, 31 insertions(+), 21 deletions(-) diff --git a/config-joey.hs b/config-joey.hs index 32b70c1..5c3fbaa 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -145,29 +145,30 @@ orca = standardSystem "orca.kitenet.net" Unstable "amd64" honeybee :: Host honeybee = standardSystem "honeybee.kitenet.net" Testing "armhf" [ "Arm git-annex build box." ] + + -- I have to travel to get console access, so no automatic + -- upgrades, and try to be robust. + & "/etc/default/rcS" `File.containsLine` "FSCKFIX=yes" + + & Apt.installed ["flash-kernel"] + & "/etc/flash-kernel/machine" `File.hasContent` ["Cubietech Cubietruck"] + & Apt.installed ["linux-image-armmp"] + & Network.dhcp "eth0" `requires` Network.cleanInterfacesFile + & Postfix.satellite + + -- ipv6 used for remote access thru firewalls + & Apt.serviceInstalledRunning "aiccu" & ipv6 "2001:4830:1600:187::2" - -- No unattended upgrades as there is currently no console access. - -- (Also, system is not currently running a stock kernel, - -- although it should be able to.) - & Postfix.satellite - & Apt.serviceInstalledRunning "aiccu" + -- In case compiler needs more than available ram & Apt.serviceInstalledRunning "swapspace" + + -- No hardware clock. & Apt.serviceInstalledRunning "ntp" - -- Not using systemd-nspawn because it's broken (kernel issue?) - -- & Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer - -- GitAnnexBuilder.armAutoBuilder - -- builderos Cron.Daily "22h") - & Chroot.provisioned - (Chroot.debootstrapped builderos mempty "/var/lib/container/armel-git-annex-builder" - & "/etc/timezone" `File.hasContent` ["America/New_York"] - & GitAnnexBuilder.armAutoBuilder - builderos (Cron.Times "1 1 * * *") "12h" - ) - where - -- Using unstable to get new enough ghc for TH on arm. - builderos = System (Debian Unstable) "armel" + & Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer + GitAnnexBuilder.armAutoBuilder + (System (Debian Unstable) "armel") Cron.Daily "22h") -- This is not a complete description of kite, since it's a -- multiuser system with eg, user passwords that are not deployed diff --git a/src/Propellor/Property/Network.hs b/src/Propellor/Property/Network.hs index 4d7ccff..e01edb6 100644 --- a/src/Propellor/Property/Network.hs +++ b/src/Propellor/Property/Network.hs @@ -27,6 +27,15 @@ cleanInterfacesFile = hasContent interfacesFile ] `describe` ("clean " ++ interfacesFile) +-- | Configures an interface to get its address via dhcp. +dhcp :: Interface -> Property NoInfo +dhcp iface = hasContent (interfaceDFile iface) + [ "auto " ++ iface + , "iface " ++ iface ++ " inet dhcp" + ] + `describe` ("dhcp " ++ iface) + `requires` interfacesDEnabled + -- | Writes a static interface file for the specified interface. -- -- The interface has to be up already. It could have been brought up by diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index 5ccd999..6a6d5bf 100644 --- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -115,8 +115,8 @@ standardAutoBuilder osver@(System _ arch) = & User.accountFor (User builduser) & tree arch -armAutoBuilder :: System -> Times -> TimeOut -> Property HasInfo -armAutoBuilder osver@(System _ arch) crontime timeout = +armAutoBuilder :: System -> Property HasInfo +armAutoBuilder osver = propertyList "arm git-annex autobuilder" $ props & standardAutoBuilder osver & buildDepsNoHaskellLibs @@ -126,7 +126,6 @@ armAutoBuilder osver@(System _ arch) crontime timeout = -- Install patched haskell packages for portability to -- arm NAS's using old kernel versions. & haskellPkgsInstalled "linux" - & autobuilder arch crontime timeout androidAutoBuilderContainer :: Times -> TimeOut -> Systemd.Container androidAutoBuilderContainer crontimes timeout = diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs index 7740f82..8c9926b 100644 --- a/src/Propellor/Property/SiteSpecific/IABak.hs +++ b/src/Propellor/Property/SiteSpecific/IABak.hs @@ -36,6 +36,7 @@ gitServer knownhosts = propertyList "iabak git server" $ props "/usr/local/IA.BAK/shardstats-all" & Cron.niceJob "shardmaint" Cron.Daily (User "root") "/" "/usr/local/IA.BAK/shardmaint-fast; /usr/local/IA.BAK/shardmaint" + & Apt.installed ["git-annex"] registrationServer :: [Host] -> Property HasInfo registrationServer knownhosts = propertyList "iabak registration server" $ props From d62289af71194270f60af6ba7375443f6cdcdb3f Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 12 Aug 2015 17:00:35 -0400 Subject: [PATCH 02/11] propellor spin From bcc282db22131d437f4cb5bea06b29a341de0762 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 12 Aug 2015 17:01:47 -0400 Subject: [PATCH 03/11] propellor spin From 8a5f89a00e4a18bc3e5da137a5df57bfd87778b2 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 12 Aug 2015 17:05:28 -0400 Subject: [PATCH 04/11] propellor spin From 64cdb0d1801856e31799d0573afc65f56e487438 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 12 Aug 2015 18:24:43 -0400 Subject: [PATCH 05/11] propellor spin From eaca662dc1b31d7daf3eaa417aa10319e73da8f2 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 12 Aug 2015 19:19:45 -0400 Subject: [PATCH 06/11] Make sure that make is installed when bootstrapping propellor. --- debian/changelog | 6 ++++++ debian/control | 1 + src/Propellor/Bootstrap.hs | 1 + 3 files changed, 8 insertions(+) diff --git a/debian/changelog b/debian/changelog index 2decb1f..86b1139 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +propellor (2.7.1) UNRELEASED; urgency=medium + + * Make sure that make is installed when bootstrapping propellor. + + -- Joey Hess Wed, 12 Aug 2015 19:19:28 -0400 + propellor (2.7.0) unstable; urgency=medium * Ssh.permitRootLogin type changed to allow configuring WithoutPassword diff --git a/debian/control b/debian/control index 5110778..25c3d47 100644 --- a/debian/control +++ b/debian/control @@ -40,6 +40,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, libghc-transformers-dev, libghc-exceptions-dev (>= 0.6), git, + make, Description: property-based host configuration management in haskell Propellor enures that the system it's run in satisfies a list of properties, taking action as necessary when a property is not yet met. diff --git a/src/Propellor/Bootstrap.hs b/src/Propellor/Bootstrap.hs index 1cf921c..6812b4a 100644 --- a/src/Propellor/Bootstrap.hs +++ b/src/Propellor/Bootstrap.hs @@ -81,6 +81,7 @@ depsCommand = "( " ++ intercalate " ; " (concat [osinstall, cabalinstall]) ++ " , "libghc-mtl-dev" , "libghc-transformers-dev" , "libghc-exceptions-dev" + , "make" ] installGitCommand :: ShellCommand From fe2f95a43c36fd3328e7faaffd28657b70560ff3 Mon Sep 17 00:00:00 2001 From: Antoine Eiche Date: Thu, 13 Aug 2015 01:04:31 +0200 Subject: [PATCH 07/11] Propellor.Property.Firewall: fix Port datatype to iptable parameter translation --- src/Propellor/Property/Firewall.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index d643b18..dafdcc6 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -44,8 +44,8 @@ toIpTable r = map Param $ toIpTableArg :: Rules -> [String] toIpTableArg Everything = [] toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] -toIpTableArg (DPort port) = ["--dport", show port] -toIpTableArg (DPortRange (f,t)) = ["--dport", show f ++ ":" ++ show t] +toIpTableArg (DPort (Port port)) = ["--dport", show port] +toIpTableArg (DPortRange (Port f, Port t)) = ["--dport", show f ++ ":" ++ show t] toIpTableArg (IFace iface) = ["-i", iface] toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)] toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' From ea2fbd01fe3db1e9f38d2a965d5da7837e3ea657 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 13 Aug 2015 09:59:03 -0400 Subject: [PATCH 08/11] changelog --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/changelog b/debian/changelog index 86b1139..24bbe84 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ propellor (2.7.1) UNRELEASED; urgency=medium * Make sure that make is installed when bootstrapping propellor. + * Fix bug in Firewall.toIpTableArg. + Thanks, Antoine Eiche. -- Joey Hess Wed, 12 Aug 2015 19:19:28 -0400 From f4abc3c1cb8f89ee23704b0833b5d72f53abd15b Mon Sep 17 00:00:00 2001 From: Antoine Eiche Date: Thu, 13 Aug 2015 01:21:23 +0200 Subject: [PATCH 09/11] Propellor.Property.Firewall: coding style --- debian/changelog | 2 +- src/Propellor/Property/Firewall.hs | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/debian/changelog b/debian/changelog index 24bbe84..3ee2708 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,7 @@ propellor (2.7.1) UNRELEASED; urgency=medium * Make sure that make is installed when bootstrapping propellor. - * Fix bug in Firewall.toIpTableArg. + * Fix bug in Firewall's Port datatype to iptable parameter translation code. Thanks, Antoine Eiche. -- Joey Hess Wed, 12 Aug 2015 19:19:28 -0400 diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index dafdcc6..dd82fcc 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -42,13 +42,14 @@ toIpTable r = map Param $ (toIpTableArg (ruleRules r)) ++ [ "-j" , show $ ruleTarget r ] toIpTableArg :: Rules -> [String] -toIpTableArg Everything = [] -toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] +toIpTableArg Everything = [] +toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] toIpTableArg (DPort (Port port)) = ["--dport", show port] -toIpTableArg (DPortRange (Port f, Port t)) = ["--dport", show f ++ ":" ++ show t] -toIpTableArg (IFace iface) = ["-i", iface] -toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)] -toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' +toIpTableArg (DPortRange + (Port f, Port t)) = ["--dport", show f ++ ":" ++ show t] +toIpTableArg (IFace iface) = ["-i", iface] +toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)] +toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' data Rule = Rule { ruleChain :: Chain From 3ee61b70bb37c358acb8e74ce46cab669e9fe171 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 13 Aug 2015 10:03:06 -0400 Subject: [PATCH 10/11] better comply with propellor's layout style --- src/Propellor/Property/Firewall.hs | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index dd82fcc..6c95a02 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -42,14 +42,18 @@ toIpTable r = map Param $ (toIpTableArg (ruleRules r)) ++ [ "-j" , show $ ruleTarget r ] toIpTableArg :: Rules -> [String] -toIpTableArg Everything = [] -toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] +toIpTableArg Everything = [] +toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] toIpTableArg (DPort (Port port)) = ["--dport", show port] -toIpTableArg (DPortRange - (Port f, Port t)) = ["--dport", show f ++ ":" ++ show t] -toIpTableArg (IFace iface) = ["-i", iface] -toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)] -toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' +toIpTableArg (DPortRange (Port f, Port t)) = + ["--dport", show f ++ ":" ++ show t] +toIpTableArg (IFace iface) = ["-i", iface] +toIpTableArg (Ctstate states) = + [ "-m" + , "conntrack" + , "--ctstate", concat $ intersperse "," (map show states) + ] +toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' data Rule = Rule { ruleChain :: Chain From eb76708b2023f214829d979673cd5e2721ba5fc5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 14 Aug 2015 15:01:44 -0400 Subject: [PATCH 11/11] prep release --- debian/changelog | 4 ++-- propellor.cabal | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 3ee2708..1116016 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,10 @@ -propellor (2.7.1) UNRELEASED; urgency=medium +propellor (2.7.1) unstable; urgency=medium * Make sure that make is installed when bootstrapping propellor. * Fix bug in Firewall's Port datatype to iptable parameter translation code. Thanks, Antoine Eiche. - -- Joey Hess Wed, 12 Aug 2015 19:19:28 -0400 + -- Joey Hess Fri, 14 Aug 2015 15:01:37 -0400 propellor (2.7.0) unstable; urgency=medium diff --git a/propellor.cabal b/propellor.cabal index 01c867c..f00e559 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -1,5 +1,5 @@ Name: propellor -Version: 2.7.0 +Version: 2.7.1 Cabal-Version: >= 1.8 License: BSD3 Maintainer: Joey Hess