merge from master

2014-08-19 17:33:00 -04:00 · 2014-08-19 17:33:00 -04:00 · 7a34a1efbf
parent 215a8e7f0e
commit 7a34a1efbf
15 changed files with 248 additions and 7 deletions
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@ -13,17 +13,17 @@ Properties are defined using Haskell. Edit `~/.propellor/config.hs`
 to get started. There is fairly complete 
 [API documentation](http://hackage.haskell.org/package/propellor/),
 which includes many built-in Properties for dealing with
-[Apt](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Apt.html)
+[Apt](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apt.html)
 and
-[Apache](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Apache.html)
+[Apache](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apache.html)
 ,
-[Cron](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Cron.html)
+[Cron](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cron.html)
 and
-[Commands](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Cmd.html)
+[Commands](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cmd.html)
 ,
-[Dns](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Dns.html)
+[Dns](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Dns.html)
 and
-[Docker](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Docker.html), etc.
+[Docker](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Docker.html), etc.

 There is no special language as used in puppet, chef, ansible, etc.. just
 the full power of Haskell. Hopefully that power can be put to good use in
--- a/doc/comments.mdwn
+++ b/doc/comments.mdwn
@ -0,0 +1,9 @@
+[[!sidebar content="""
+[[!inline pages="comment_pending(*)" feedfile=pendingmoderation
+description="comments pending moderation" show=-1]]
+Comments in the [[!commentmoderation desc="moderation queue"]]:
+[[!pagecount pages="comment_pending(*)"]]
+"""]]
+
+Recent comments posted to this site:
+[[!inline pages="comment(*)" template="comment"]]
--- a/doc/forum/Key_sign_problem.mdwn
+++ b/doc/forum/Key_sign_problem.mdwn
@ -0,0 +1,42 @@
+I am starting to use propellor and ran into a couple of issues that seems related to GPG keys handling.
+I followed install procedure, added a GPG key, and signed commits. Here is the output from a propellor execution:
+
+    if ! cabal build; then cabal configure; cabal build; fi
+    Building propellor-0.8.1...
+    Preprocessing library propellor-0.8.1...
+    In-place registering propellor-0.8.1...
+    Preprocessing executable 'propellor' for propellor-0.8.1...
+    Preprocessing executable 'propellor-config' for propellor-0.8.1...
+    [46 of 46] Compiling Main             ( src/config.hs, dist/build/propellor-config/propellor-config-tmp/Main.o )
+    Linking dist/build/propellor-config/propellor-config ...
+    ln -sf dist/build/propellor-config/propellor-config propellor
+
+
+    if ! cabal build; then cabal configure; cabal build; fi
+    Building propellor-0.8.1...
+    Preprocessing library propellor-0.8.1...
+    In-place registering propellor-0.8.1...
+    Preprocessing executable 'propellor' for propellor-0.8.1...
+    Preprocessing executable 'propellor-config' for propellor-0.8.1...
+    ln -sf dist/build/propellor-config/propellor-config propellor
+    Propellor build ... done
+    gpg: skipped "Arnaud Bailly <abailly@foldlabs.com>": No secret key
+    gpg: signing failed: No secret key
+    error: gpg failed to sign the data
+    fatal: failed to write commit object
+    Everything up-to-date
+    From https://github.com/joeyh/propellor
+       9a31b95..8aabde7  joeyconfig -> origin/joeyconfig
+    Git fetch ... done
+    ** warning: git branch origin/master is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)
+    propellor: Cannot continue!
+    ** error: Propellor does not know about host: 188.226.133.217
+    (Perhaps you should specify the real hostname on the command line?)
+    (Or, edit propellor's config.hs to configure this host)
+    Known hosts: mybox.example.com webserver.docker
+
+    ** error: protocol error (perhaps the remote propellor failed to run?)
+    propellor: user error (ssh ["-o","ControlPath=/Users/arnaud/.ssh/propellor/188.226.133.217.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@188.226.133.217","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot 188.226.133.217 ; fi'"] exited 1)
+
+
+I am puzzled...
--- a/doc/forum/Key_sign_problem/comment_1_52d33e2d0b4a1018b25a07f54b60c35a._comment
+++ b/doc/forum/Key_sign_problem/comment_1_52d33e2d0b4a1018b25a07f54b60c35a._comment
@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.244"
+ subject="comment 1"
+ date="2014-08-17T23:43:03Z"
+ content="""
+Looks like the gpg key you configured it to use does not have its secret key available on the computer where you're editing/signing the repository. `git commit` would then fail the same way.
+"""]]
--- a/doc/forum/cabal_install_problem.mdwn
+++ b/doc/forum/cabal_install_problem.mdwn
@ -0,0 +1,5 @@
+I just did a cabal install of propellor
+
+The binaries it installs are called wrapper and config, although the makefile/documentation say that at least one of them should be called propellor.
+
+Is this correct?
--- a/doc/forum/cabal_install_problem/comment_1_2201805f80683575c4675e3268dfabc0._comment
+++ b/doc/forum/cabal_install_problem/comment_1_2201805f80683575c4675e3268dfabc0._comment
@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="2001:4830:1600:187::2"
+ subject="comment 1"
+ date="2014-06-09T16:34:29Z"
+ content="""
+wrapper should be named propellor. This is fixed in git.
+"""]]
--- a/doc/forum/remote.origin_not_copied_to_managed_host63.mdwn
+++ b/doc/forum/remote.origin_not_copied_to_managed_host63.mdwn
@ -0,0 +1,95 @@
+The only remote which seems to be copied to /root/.propellor/.git/config is upstream... My /home/user/.propellor/.git/config contains a "origin" remote, but this part (as well as the master branch part) of my git config is not copied to the /root/.propellor/.git/config of a host I'm trying to manage...
+
+propellor fails with the following message:
+
+    user@laptop:~$ PROPELLOR_DEBUG=1 propellor --spin laptop.localdomain
+    if ! cabal build; then cabal configure; cabal build; fi
+    Building propellor-0.5.0...
+    Preprocessing library propellor-0.5.0...
+    In-place registering propellor-0.5.0...
+    Preprocessing executable 'propellor' for propellor-0.5.0...
+    Preprocessing executable 'config' for propellor-0.5.0...
+    ln -sf dist/build/config/config propellor
+    
+    
+    [2014-04-21 18:07:45 CEST] command line:  Spin "laptop.localdomain"
+    [2014-04-21 18:07:45 CEST] call: make ["build"]
+    if ! cabal build; then cabal configure; cabal build; fi
+    Building propellor-0.5.0...
+    Preprocessing library propellor-0.5.0...
+    In-place registering propellor-0.5.0...
+    Preprocessing executable 'propellor' for propellor-0.5.0...
+    Preprocessing executable 'config' for propellor-0.5.0...
+    ln -sf dist/build/config/config propellor
+    Propellor build ... done
+    [2014-04-21 18:07:48 CEST] read: git ["config","remote.deploy.url"]
+    [2014-04-21 18:07:48 CEST] read: git ["config","remote.origin.url"]
+    [2014-04-21 18:07:48 CEST] call: git ["commit","--gpg-sign","--allow-empty","-a","-m","propellor spin"]
+
+    You need a passphrase to unlock the secret key for
+    ...
+
+    [master ee393d6] propellor spin
+    [2014-04-21 18:07:48 CEST] call: git ["push"]
+    Counting objects: 1, done.
+    Writing objects: 100% (1/1), 852 bytes | 0 bytes/s, done.
+    Total 1 (delta 0), reused 0 (delta 0)
+    To git@remote-origin:propellor.git
+        16a1f8b..ee393d6  master -> master
+    [2014-04-21 18:08:21 CEST] chat: ssh ["-o","ControlPath=/home/user/.ssh/propellor/laptop.localdomain.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"]
+    Initialized empty Git repository in /root/.propellor/.git/
+    warning: no common commits
+    From https://github.com/joeyh/propellor
+    * [new branch]      joeyconfig -> upstream/joeyconfig
+    * [new branch]      master     -> upstream/master
+    * [new branch]      setup      -> upstream/setup
+    * [new tag]         0.1        -> 0.1
+    * [new tag]         0.1.1      -> 0.1.1
+    * [new tag]         0.1.2      -> 0.1.2
+    * [new tag]         0.2.0      -> 0.2.0
+    * [new tag]         0.2.1      -> 0.2.1
+    * [new tag]         0.2.2      -> 0.2.2
+    * [new tag]         0.2.3      -> 0.2.3
+    * [new tag]         0.3.0      -> 0.3.0
+    * [new tag]         0.3.1      -> 0.3.1
+    * [new tag]         0.4.0      -> 0.4.0
+    * [new tag]         0.5.0      -> 0.5.0
+    * [new tag]         debian/0.3.1 -> debian/0.3.1
+    * [new tag]         debian/0.4.0 -> debian/0.4.0
+    * [new tag]         debian/0.5.0 -> debian/0.5.0
+    Merge made by the 'ours' strategy.
+    if [ "cabal" = ./Setup ]; then ghc --make Setup; fi
+    cabal configure
+    Warning: The package list for 'hackage.haskell.org' does not exist. Run 'cabal
+    update' to download it.
+    Resolving dependencies...
+    Configuring propellor-0.5.0...
+    if ! cabal build; then cabal configure; cabal build; fi
+    Building propellor-0.5.0...
+    Preprocessing executable 'propellor' for propellor-0.5.0...
+    [ 1 of 14] Compiling Utility.Env      ( Utility/Env.hs, dist/build/propellor/propellor-tmp/Utility/Env.o )
+    ...
+    [14 of 14] Compiling Main             ( propellor.hs, dist/build/propellor/propellor-tmp/Main.o )
+    Linking dist/build/propellor/propellor ...
+    Preprocessing library propellor-0.5.0...
+    [ 1 of 58] Compiling Utility.QuickCheck ( Utility/QuickCheck.hs, dist/build/Utility/QuickCheck.o )
+    ...
+    [58 of 58] Compiling Propellor.CmdLine ( Propellor/CmdLine.hs, dist/build/Propellor/CmdLine.o )
+    In-place registering propellor-0.5.0...
+    Preprocessing executable 'config' for propellor-0.5.0...
+    [ 1 of 44] Compiling Utility.QuickCheck ( Utility/QuickCheck.hs, dist/build/config/config-tmp/Utility/QuickCheck.o )
+    ...
+    [44 of 44] Compiling Main             ( config.hs, dist/build/config/config-tmp/Main.o )
+    Linking dist/build/config/config ...
+    ln -sf dist/build/config/config propellor
+    fatal: No remote repository specified.  Please, specify either a URL or a
+    remote name from which new revisions should be fetched.
+    Git fetch ... failed
+    merge: origin/master - not something we can merge
+    propellor: /usr/local/propellor/.lock: openFd: does not exist (No such file or directory)
+    Setting up your propellor repo in /root/.propellor
+
+
+
+    ** error: protocol error (perhaps the remote propellor failed to run?)
+    propellor: user error (ssh ["-o","ControlPath=/home/user/.ssh/propellor/laptop.localdomain.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"] exited 1)
--- a/doc/forum/remote.origin_not_copied_to_managed_host63/comment_1_e9e7e5e728ec23fd6025203a1aa0596b._comment
+++ b/doc/forum/remote.origin_not_copied_to_managed_host63/comment_1_e9e7e5e728ec23fd6025203a1aa0596b._comment
@ -0,0 +1,25 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.114"
+ subject="comment 1"
+ date="2014-04-24T17:47:41Z"
+ content="""
+I tried using propellor from scratch on a fresh system, and I cannot reproduce this problem.
+
+/root/.propellor should only be created if /usr/bin/propellor is run as root. A normal use of propellor does not run /usr/bin/propellor as root (and your commands don't show you doing that).
+
+This is the instant where something unexplained happens:
+
+<pre>
+[2014-04-21 18:08:21 CEST] chat: ssh [\"-o\",\"ControlPath=/home/user/.ssh/propellor/laptop.localdomain.sock\",\"-o\",\"ControlMaster=auto\",\"-o\",\"ControlPersist=yes\",\"root@laptop.localdomain\",\"sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'\"]
+Initialized empty Git repository in /root/.propellor/.git/
+</pre>
+
+It ssh's in, and it apparently runs propellor. But apparently without running \"make deps build\" first, which is weird. (And as we see later, without /usr/local/propellor existing at all, which is weirder!)
+The ./propellor (in /usr/local/propellor) that it's supposed to run should be a symlink to dist/build/config/config, which is the program built from config.hs. It's not the same program as /usr/bin/propellor, which is a wrapper build from propellor.hs. However, it appears that in your case, when it sshed in, it ran /usr/bin/propellor, or something that behaves a lot like it..
+
+My guesses:
+
+1. Perhaps you modified the source tree in some strange way. (Doubtful)
+2. Perhaps you have some other configuration, eg a ssh authorized keys file for root with a forced command that runs /usr/bin/propellor. This will defeat propellor's own bootstrap code, and would exactly explain what you pasted.
+"""]]
--- a/doc/haskell_newbie.mdwn
+++ b/doc/haskell_newbie.mdwn
@ -23,7 +23,7 @@ import qualified Propellor.Property.User as User
 import qualified Propellor.Property.Cron as Cron
 """]]

-This loads up Propellor's modules. You'll almost certianly want these;
+This loads up Propellor's modules. You'll almost certainly want these;
 many more can be found in the [API documentation](http://hackage.haskell.org/package/propellor).

 [[!format haskell """
--- a/doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment
+++ b/doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment
@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="gueux"
+ ip="109.190.19.251"
+ subject="CMD"
+ date="2014-04-21T13:49:08Z"
+ content="""
+It would be great to be able to set the CMD of a docker container.
+
+http://docs.docker.io/reference/builder/#cmd
+"""]]
--- a/doc/todo/docker_todo_list/comment_2_441591f9aa106e8d6d1fa7fd6be0fc6f._comment
+++ b/doc/todo/docker_todo_list/comment_2_441591f9aa106e8d6d1fa7fd6be0fc6f._comment
@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.114"
+ subject="comment 2"
+ date="2014-04-24T23:31:09Z"
+ content="""
+propellor does not build docker containers, I think that's the point where a CMD is set.
+
+It would probably make sense to have a mode where docker run is not passed any explicit command to run, which  would let the predefined CMD be used. Although this would not let propellor run inside the container, so it could not perform any provisioning of it. In this mode, propellor would only be able to ensure that a container was installed and start it running with its default configuration.
+"""]]
--- a/doc/todo/ssh95user_+_sudo.mdwn
+++ b/doc/todo/ssh95user_+_sudo.mdwn
@ -0,0 +1 @@
+It would be great to be able to ssh to a user different from root, and then to use sudo to run commands.
--- a/doc/todo/ssh95user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment
+++ b/doc/todo/ssh95user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment
@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.214"
+ subject="comment 1"
+ date="2014-04-21T13:31:13Z"
+ content="""
+Running propellor that way would probably need ssh to allocate a tty in order for sudo's password prompt to work. And it adds complexity. Does it add security? I don't think so, PermitRootLogin=without-password or PasswordAuthentication=no is not going to let anyone brute force the root account.
+
+PermitRootLogin=forced-commands-only might be worth making easy to set up, so the only command that can be run with some special propellor-specific ssh key is propellor.
+"""]]
--- a/doc/todo/ssh95user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment
+++ b/doc/todo/ssh95user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment
@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="gueux"
+ ip="109.190.19.251"
+ subject="comment 2"
+ date="2014-04-21T13:54:39Z"
+ content="""
+I didn't knew \"PermitRootLogin=forced-commands-only\", it seems great!
+"""]]
--- a/doc/todo/ssh95user_+_sudo/comment_3_d1e4040677b39342be00359210c02156._comment
+++ b/doc/todo/ssh95user_+_sudo/comment_3_d1e4040677b39342be00359210c02156._comment
@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="209.250.56.114"
+ subject="comment 3"
+ date="2014-04-24T22:17:31Z"
+ content="""
+Except that it led you to run into the failure mode described at [[forum/remote.origin_not_copied_to_managed_host?]]
+
+So now we have a concrete change to make: Make /usr/bin/propellor work if it's forced as the only command that can be run. Including making propellor's host bootstrapping work via it.
+"""]]
				`@ -0,0 +1 @@`
				`It would be great to be able to ssh to a user different from root, and then to use sudo to run commands.`