Merge branch 'master' of ssh://propellor.branchable.com

2014-09-15 14:46:17 -04:00 · 2014-09-15 14:46:17 -04:00 · 475d78b37e
parent 7e64ee7334 4d9655b9e0
commit 475d78b37e
6 changed files with 72 additions and 3 deletions
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@ -44,9 +44,8 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask
 3. If you don't have a gpg private key already, generate one: `gpg --gen-key`
 4. Run: `propellor --add-key $KEYID`, which will make propellor trust
   your gpg key, and will sign your `~/.propellor` repository using it.
-5. `cd ~/.propellor/`; use git to push the repository to a central
-   server (github, or your own git server). Configure that central
-   server as the origin remote of the repository.
+5. Push the git repository to a central server (github or your own):
+   `cd ~/.propellor/; git remote add origin ssh://git.example.com/propellor.git; git push -u origin master`
 6. Edit `~/.propellor/config.hs`, and add a host you want to manage.
   You can start by not adding any properties, or only a few.
 7. Pick a host and run: `propellor --spin $HOST`
--- a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
+++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Is it ok to publish to a public repository?"
+ date="2014-08-29T21:13:19Z"
+ content="""
+It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong? 
+
+Thanks
+"""]]
--- a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
+++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="131.252.200.111"
+ subject="comment 2"
+ date="2014-08-29T21:52:02Z"
+ content="""
+--add-key puts your **public** key in the repository, not the private key.
+"""]]
--- a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
+++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Remote host fails to connect"
+ date="2014-08-30T06:40:33Z"
+ content="""
+Makes sense of course, but the message one gets when doing that is a bit misleading. 
+
+I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because:
+
+1. the host key is not initially present in root's known_hosts, then
+2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH
+
+I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore. 
+
+Thanks for your help
+"""]]
--- a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
+++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Output from propellor --spin $host"
+ date="2014-08-30T07:17:52Z"
+ content="""
+Here is the output (truncated):
+
+
+    Permission denied (publickey).
+    fatal: Could not read from remote repository.
+    
+    Please make sure you have the correct access rights
+    and the repository exists.
+    Git fetch ... failed
+    fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree.
+    Use '--' to separate paths from revisions, like this:
+    'git <command> [<revision>...] -- [<file>...]'
+    propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128)
+
+
+"""]]
--- a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
+++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Got it working..."
+ date="2014-08-31T12:50:17Z"
+ content="""
+OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations: 
+
+* Use a https:// based url for the first 
+* Use a git:// based url for the second
+
+I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url.
+"""]]