merge from master

This commit is contained in:
Joey Hess 2014-08-19 17:33:00 -04:00
parent 215a8e7f0e
commit 7a34a1efbf
15 changed files with 248 additions and 7 deletions

View File

@ -13,17 +13,17 @@ Properties are defined using Haskell. Edit `~/.propellor/config.hs`
to get started. There is fairly complete to get started. There is fairly complete
[API documentation](http://hackage.haskell.org/package/propellor/), [API documentation](http://hackage.haskell.org/package/propellor/),
which includes many built-in Properties for dealing with which includes many built-in Properties for dealing with
[Apt](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Apt.html) [Apt](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apt.html)
and and
[Apache](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Apache.html) [Apache](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Apache.html)
, ,
[Cron](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Cron.html) [Cron](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cron.html)
and and
[Commands](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Cmd.html) [Commands](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Cmd.html)
, ,
[Dns](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Dns.html) [Dns](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Dns.html)
and and
[Docker](http://hackage.haskell.org/package/propellor-0.4.0/docs/Propellor-Property-Docker.html), etc. [Docker](http://hackage.haskell.org/package/propellor/docs/Propellor-Property-Docker.html), etc.
There is no special language as used in puppet, chef, ansible, etc.. just There is no special language as used in puppet, chef, ansible, etc.. just
the full power of Haskell. Hopefully that power can be put to good use in the full power of Haskell. Hopefully that power can be put to good use in

9
doc/comments.mdwn Normal file
View File

@ -0,0 +1,9 @@
[[!sidebar content="""
[[!inline pages="comment_pending(*)" feedfile=pendingmoderation
description="comments pending moderation" show=-1]]
Comments in the [[!commentmoderation desc="moderation queue"]]:
[[!pagecount pages="comment_pending(*)"]]
"""]]
Recent comments posted to this site:
[[!inline pages="comment(*)" template="comment"]]

View File

@ -0,0 +1,42 @@
I am starting to use propellor and ran into a couple of issues that seems related to GPG keys handling.
I followed install procedure, added a GPG key, and signed commits. Here is the output from a propellor execution:
if ! cabal build; then cabal configure; cabal build; fi
Building propellor-0.8.1...
Preprocessing library propellor-0.8.1...
In-place registering propellor-0.8.1...
Preprocessing executable 'propellor' for propellor-0.8.1...
Preprocessing executable 'propellor-config' for propellor-0.8.1...
[46 of 46] Compiling Main ( src/config.hs, dist/build/propellor-config/propellor-config-tmp/Main.o )
Linking dist/build/propellor-config/propellor-config ...
ln -sf dist/build/propellor-config/propellor-config propellor
if ! cabal build; then cabal configure; cabal build; fi
Building propellor-0.8.1...
Preprocessing library propellor-0.8.1...
In-place registering propellor-0.8.1...
Preprocessing executable 'propellor' for propellor-0.8.1...
Preprocessing executable 'propellor-config' for propellor-0.8.1...
ln -sf dist/build/propellor-config/propellor-config propellor
Propellor build ... done
gpg: skipped "Arnaud Bailly <abailly@foldlabs.com>": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object
Everything up-to-date
From https://github.com/joeyh/propellor
9a31b95..8aabde7 joeyconfig -> origin/joeyconfig
Git fetch ... done
** warning: git branch origin/master is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)
propellor: Cannot continue!
** error: Propellor does not know about host: 188.226.133.217
(Perhaps you should specify the real hostname on the command line?)
(Or, edit propellor's config.hs to configure this host)
Known hosts: mybox.example.com webserver.docker
** error: protocol error (perhaps the remote propellor failed to run?)
propellor: user error (ssh ["-o","ControlPath=/Users/arnaud/.ssh/propellor/188.226.133.217.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@188.226.133.217","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot 188.226.133.217 ; fi'"] exited 1)
I am puzzled...

View File

@ -0,0 +1,8 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="209.250.56.244"
subject="comment 1"
date="2014-08-17T23:43:03Z"
content="""
Looks like the gpg key you configured it to use does not have its secret key available on the computer where you're editing/signing the repository. `git commit` would then fail the same way.
"""]]

View File

@ -0,0 +1,5 @@
I just did a cabal install of propellor
The binaries it installs are called wrapper and config, although the makefile/documentation say that at least one of them should be called propellor.
Is this correct?

View File

@ -0,0 +1,8 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="2001:4830:1600:187::2"
subject="comment 1"
date="2014-06-09T16:34:29Z"
content="""
wrapper should be named propellor. This is fixed in git.
"""]]

View File

@ -0,0 +1,95 @@
The only remote which seems to be copied to /root/.propellor/.git/config is upstream... My /home/user/.propellor/.git/config contains a "origin" remote, but this part (as well as the master branch part) of my git config is not copied to the /root/.propellor/.git/config of a host I'm trying to manage...
propellor fails with the following message:
user@laptop:~$ PROPELLOR_DEBUG=1 propellor --spin laptop.localdomain
if ! cabal build; then cabal configure; cabal build; fi
Building propellor-0.5.0...
Preprocessing library propellor-0.5.0...
In-place registering propellor-0.5.0...
Preprocessing executable 'propellor' for propellor-0.5.0...
Preprocessing executable 'config' for propellor-0.5.0...
ln -sf dist/build/config/config propellor
[2014-04-21 18:07:45 CEST] command line: Spin "laptop.localdomain"
[2014-04-21 18:07:45 CEST] call: make ["build"]
if ! cabal build; then cabal configure; cabal build; fi
Building propellor-0.5.0...
Preprocessing library propellor-0.5.0...
In-place registering propellor-0.5.0...
Preprocessing executable 'propellor' for propellor-0.5.0...
Preprocessing executable 'config' for propellor-0.5.0...
ln -sf dist/build/config/config propellor
Propellor build ... done
[2014-04-21 18:07:48 CEST] read: git ["config","remote.deploy.url"]
[2014-04-21 18:07:48 CEST] read: git ["config","remote.origin.url"]
[2014-04-21 18:07:48 CEST] call: git ["commit","--gpg-sign","--allow-empty","-a","-m","propellor spin"]
You need a passphrase to unlock the secret key for
...
[master ee393d6] propellor spin
[2014-04-21 18:07:48 CEST] call: git ["push"]
Counting objects: 1, done.
Writing objects: 100% (1/1), 852 bytes | 0 bytes/s, done.
Total 1 (delta 0), reused 0 (delta 0)
To git@remote-origin:propellor.git
16a1f8b..ee393d6 master -> master
[2014-04-21 18:08:21 CEST] chat: ssh ["-o","ControlPath=/home/user/.ssh/propellor/laptop.localdomain.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"]
Initialized empty Git repository in /root/.propellor/.git/
warning: no common commits
From https://github.com/joeyh/propellor
* [new branch] joeyconfig -> upstream/joeyconfig
* [new branch] master -> upstream/master
* [new branch] setup -> upstream/setup
* [new tag] 0.1 -> 0.1
* [new tag] 0.1.1 -> 0.1.1
* [new tag] 0.1.2 -> 0.1.2
* [new tag] 0.2.0 -> 0.2.0
* [new tag] 0.2.1 -> 0.2.1
* [new tag] 0.2.2 -> 0.2.2
* [new tag] 0.2.3 -> 0.2.3
* [new tag] 0.3.0 -> 0.3.0
* [new tag] 0.3.1 -> 0.3.1
* [new tag] 0.4.0 -> 0.4.0
* [new tag] 0.5.0 -> 0.5.0
* [new tag] debian/0.3.1 -> debian/0.3.1
* [new tag] debian/0.4.0 -> debian/0.4.0
* [new tag] debian/0.5.0 -> debian/0.5.0
Merge made by the 'ours' strategy.
if [ "cabal" = ./Setup ]; then ghc --make Setup; fi
cabal configure
Warning: The package list for 'hackage.haskell.org' does not exist. Run 'cabal
update' to download it.
Resolving dependencies...
Configuring propellor-0.5.0...
if ! cabal build; then cabal configure; cabal build; fi
Building propellor-0.5.0...
Preprocessing executable 'propellor' for propellor-0.5.0...
[ 1 of 14] Compiling Utility.Env ( Utility/Env.hs, dist/build/propellor/propellor-tmp/Utility/Env.o )
...
[14 of 14] Compiling Main ( propellor.hs, dist/build/propellor/propellor-tmp/Main.o )
Linking dist/build/propellor/propellor ...
Preprocessing library propellor-0.5.0...
[ 1 of 58] Compiling Utility.QuickCheck ( Utility/QuickCheck.hs, dist/build/Utility/QuickCheck.o )
...
[58 of 58] Compiling Propellor.CmdLine ( Propellor/CmdLine.hs, dist/build/Propellor/CmdLine.o )
In-place registering propellor-0.5.0...
Preprocessing executable 'config' for propellor-0.5.0...
[ 1 of 44] Compiling Utility.QuickCheck ( Utility/QuickCheck.hs, dist/build/config/config-tmp/Utility/QuickCheck.o )
...
[44 of 44] Compiling Main ( config.hs, dist/build/config/config-tmp/Main.o )
Linking dist/build/config/config ...
ln -sf dist/build/config/config propellor
fatal: No remote repository specified. Please, specify either a URL or a
remote name from which new revisions should be fetched.
Git fetch ... failed
merge: origin/master - not something we can merge
propellor: /usr/local/propellor/.lock: openFd: does not exist (No such file or directory)
Setting up your propellor repo in /root/.propellor
** error: protocol error (perhaps the remote propellor failed to run?)
propellor: user error (ssh ["-o","ControlPath=/home/user/.ssh/propellor/laptop.localdomain.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"] exited 1)

View File

@ -0,0 +1,25 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="209.250.56.114"
subject="comment 1"
date="2014-04-24T17:47:41Z"
content="""
I tried using propellor from scratch on a fresh system, and I cannot reproduce this problem.
/root/.propellor should only be created if /usr/bin/propellor is run as root. A normal use of propellor does not run /usr/bin/propellor as root (and your commands don't show you doing that).
This is the instant where something unexplained happens:
<pre>
[2014-04-21 18:08:21 CEST] chat: ssh [\"-o\",\"ControlPath=/home/user/.ssh/propellor/laptop.localdomain.sock\",\"-o\",\"ControlMaster=auto\",\"-o\",\"ControlPersist=yes\",\"root@laptop.localdomain\",\"sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'\"]
Initialized empty Git repository in /root/.propellor/.git/
</pre>
It ssh's in, and it apparently runs propellor. But apparently without running \"make deps build\" first, which is weird. (And as we see later, without /usr/local/propellor existing at all, which is weirder!)
The ./propellor (in /usr/local/propellor) that it's supposed to run should be a symlink to dist/build/config/config, which is the program built from config.hs. It's not the same program as /usr/bin/propellor, which is a wrapper build from propellor.hs. However, it appears that in your case, when it sshed in, it ran /usr/bin/propellor, or something that behaves a lot like it..
My guesses:
1. Perhaps you modified the source tree in some strange way. (Doubtful)
2. Perhaps you have some other configuration, eg a ssh authorized keys file for root with a forced command that runs /usr/bin/propellor. This will defeat propellor's own bootstrap code, and would exactly explain what you pasted.
"""]]

View File

@ -23,7 +23,7 @@ import qualified Propellor.Property.User as User
import qualified Propellor.Property.Cron as Cron import qualified Propellor.Property.Cron as Cron
"""]] """]]
This loads up Propellor's modules. You'll almost certianly want these; This loads up Propellor's modules. You'll almost certainly want these;
many more can be found in the [API documentation](http://hackage.haskell.org/package/propellor). many more can be found in the [API documentation](http://hackage.haskell.org/package/propellor).
[[!format haskell """ [[!format haskell """

View File

@ -0,0 +1,10 @@
[[!comment format=mdwn
username="gueux"
ip="109.190.19.251"
subject="CMD"
date="2014-04-21T13:49:08Z"
content="""
It would be great to be able to set the CMD of a docker container.
http://docs.docker.io/reference/builder/#cmd
"""]]

View File

@ -0,0 +1,10 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="209.250.56.114"
subject="comment 2"
date="2014-04-24T23:31:09Z"
content="""
propellor does not build docker containers, I think that's the point where a CMD is set.
It would probably make sense to have a mode where docker run is not passed any explicit command to run, which would let the predefined CMD be used. Although this would not let propellor run inside the container, so it could not perform any provisioning of it. In this mode, propellor would only be able to ensure that a container was installed and start it running with its default configuration.
"""]]

View File

@ -0,0 +1 @@
It would be great to be able to ssh to a user different from root, and then to use sudo to run commands.

View File

@ -0,0 +1,10 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="209.250.56.214"
subject="comment 1"
date="2014-04-21T13:31:13Z"
content="""
Running propellor that way would probably need ssh to allocate a tty in order for sudo's password prompt to work. And it adds complexity. Does it add security? I don't think so, PermitRootLogin=without-password or PasswordAuthentication=no is not going to let anyone brute force the root account.
PermitRootLogin=forced-commands-only might be worth making easy to set up, so the only command that can be run with some special propellor-specific ssh key is propellor.
"""]]

View File

@ -0,0 +1,8 @@
[[!comment format=mdwn
username="gueux"
ip="109.190.19.251"
subject="comment 2"
date="2014-04-21T13:54:39Z"
content="""
I didn't knew \"PermitRootLogin=forced-commands-only\", it seems great!
"""]]

View File

@ -0,0 +1,10 @@
[[!comment format=mdwn
username="http://joeyh.name/"
ip="209.250.56.114"
subject="comment 3"
date="2014-04-24T22:17:31Z"
content="""
Except that it led you to run into the failure mode described at [[forum/remote.origin_not_copied_to_managed_host?]]
So now we have a concrete change to make: Make /usr/bin/propellor work if it's forced as the only command that can be run. Including making propellor's host bootstrapping work via it.
"""]]