foo
This commit is contained in:
parent
0a20f7b787
commit
33d2d65c78
|
@ -1,7 +1,8 @@
|
|||
This is a configuration management system using Haskell and Git.
|
||||
|
||||
Propellor enures that the system it's run against satisfies a list of
|
||||
properties, taking action as necessary when a property is not yet met.
|
||||
[Propellor](https://propellor.branchable.com/) enures that the system it's
|
||||
run against satisfies a list of properties, taking action as necessary when
|
||||
a property is not yet met.
|
||||
|
||||
Propellor is configured via a git repository, which typically lives
|
||||
in ~/.propellor/. The git repository contains a config.hs file,
|
||||
|
@ -53,45 +54,6 @@ easy to adapt to a system's special needs.
|
|||
hosts.
|
||||
10. Write some neat new properties and send patches to <propellor@joeyh.name>!
|
||||
|
||||
## security
|
||||
|
||||
Propellor's security model is that the hosts it's used to deploy are
|
||||
untrusted, and that the central git repository server is untrusted too.
|
||||
|
||||
The only trusted machine is the laptop where you run `propellor --spin`
|
||||
to connect to a remote host. And that one only because you have a ssh key
|
||||
or login password to the host.
|
||||
|
||||
Since the hosts propellor deploys are not trusted by the central git
|
||||
repository, they have to use git:// or http:// to pull from the central
|
||||
git repository, rather than ssh://.
|
||||
|
||||
So, to avoid a MITM attack, propellor checks that any commit it fetches
|
||||
from origin is gpg signed by a trusted gpg key, and refuses to deploy it
|
||||
otherwise.
|
||||
|
||||
That is only done when privdata/keyring.gpg exists. To set it up:
|
||||
|
||||
gpg --gen-key # only if you don't already have a gpg key
|
||||
propellor --add-key $MYKEYID
|
||||
|
||||
In order to be secure from the beginning, when `propellor --spin` is used
|
||||
to bootstrap propellor on a new host, it transfers the local git repositry
|
||||
to the remote host over ssh. After that, the remote host knows the
|
||||
gpg key, and will use it to verify git fetches.
|
||||
|
||||
Since the propoellor git repository is public, you can't store
|
||||
in cleartext private data such as passwords, ssh private keys, etc.
|
||||
|
||||
Instead, `propellor --spin $host` looks for a
|
||||
`~/.propellor/privdata/$host.gpg` file and if found decrypts it and sends
|
||||
it to the remote host using ssh. This lets a remote host know its own
|
||||
private data, without seeing all the rest.
|
||||
|
||||
To securely store private data, use: `propellor --set $host $field`
|
||||
The field name will be something like 'Password "root"'; see PrivData.hs
|
||||
for available fields.
|
||||
|
||||
## debugging
|
||||
|
||||
Set `PROPELLOR_DEBUG=1` to make propellor print out all the commands it runs
|
||||
|
|
Loading…
Reference in New Issue