cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'joeyconfig'

This commit is contained in:
Joey Hess 2014-04-03 14:07:32 -04:00
parent 7c0b19218a 680d480921
commit ac480f6c85
3 changed files with 37 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Propellor/CmdLine.hs
View File

@ -68,24 +68,15 @@ defaultMain getprops = do
go True cmdline@(Spin _) = buildFirst cmdline $ go False cmdline go True cmdline@(Spin _) = buildFirst cmdline $ go False cmdline
go True cmdline = updateFirst cmdline $ go False cmdline go True cmdline = updateFirst cmdline $ go False cmdline
go False (Spin host) = withprops host $ const $ spin host go False (Spin host) = withprops host $ const $ spin host
go False cmdline@(Run host) = withprops host $ go False (Run host) = ifM ((==) 0 <$> getRealUserID)
asRoot cmdline . ensureProperties ( withprops host ensureProperties
, go True (Spin host)
)
go False (Boot host) = withprops host $ boot go False (Boot host) = withprops host $ boot
withprops host a = maybe (unknownhost host) a $ withprops host a = maybe (unknownhost host) a $
headMaybe $ catMaybes $ map (\get -> get host) getprops headMaybe $ catMaybes $ map (\get -> get host) getprops
asRoot :: CmdLine -> IO a -> IO a
asRoot cmdline a = ifM ((==) 0 <$> getRealUserID)
( a
, do
hPutStrLn stderr "Need to be root to provision the local host! Running sudo propellor..."
hFlush stderr
(_, _, _, pid) <- createProcess $
proc "sudo" ["./propellor", show (Continue cmdline)]
exitWith =<< waitForProcess pid
)
unknownhost :: HostName -> IO a unknownhost :: HostName -> IO a
unknownhost h = errorMessage $ unlines unknownhost h = errorMessage $ unlines
[ "Unknown host: " ++ h [ "Unknown host: " ++ h

21
README.md
View File

@ -35,7 +35,7 @@ and so it's easy to factor out things like classes of hosts as desired.
`apt-get install propellor` `apt-get install propellor`
2. Run propellor for the first time. It will set up a `~/.propellor/` git 2. Run propellor for the first time. It will set up a `~/.propellor/` git
repository for you. repository for you.
3. In `~/.propellor/`, use git to push the repository to a central 3. `cd ~/.propellor/`; use git to push the repository to a central
server (github, or your own git server). Configure that central server (github, or your own git server). Configure that central
server as the origin remote of the repository. server as the origin remote of the repository.
4. If you don't have a gpg private key, generate one: `gpg --gen-key` 4. If you don't have a gpg private key, generate one: `gpg --gen-key`
@ -49,19 +49,19 @@ and so it's easy to factor out things like classes of hosts as desired.
So, edit `~/.propellor/config.hs` to configure the host (maybe So, edit `~/.propellor/config.hs` to configure the host (maybe
start with a few simple properties), and re-run step 7. start with a few simple properties), and re-run step 7.
Repeat until happy and move on to the next host. :) Repeat until happy and move on to the next host. :)
9. To move beyond manually running propellor --spin against hosts 9. To move beyond manually running `propellor --spin` against hosts
when you change configuration, add a property to your hosts when you change their properties, add a property to your hosts
like: `Cron.runPropellor "30 * * * *"` like: `Cron.runPropellor "30 * * * *"`
Now they'll automatically update every 30 minutes, and you can Now they'll automatically update every 30 minutes, and you can
`git commit -S` and `git push` changes that affect any number of `git commit -S` and `git push` changes that affect any number of
hosts. hosts.
8. Write some neat new properties and send patches to <propellor@joeyh.name>! 10. Write some neat new properties and send patches to <propellor@joeyh.name>!
## security ## security
Propellor's security model is that the hosts it's used to deploy are Propellor's security model is that the hosts it's used to deploy are
untrusted, and that the central git repository server is untrusted. untrusted, and that the central git repository server is untrusted too.
The only trusted machine is the laptop where you run `propellor --spin` The only trusted machine is the laptop where you run `propellor --spin`
to connect to a remote host. And that one only because you have a ssh key to connect to a remote host. And that one only because you have a ssh key
@ -71,13 +71,13 @@ Since the hosts propellor deploys are not trusted by the central git
repository, they have to use git:// or http:// to pull from the central repository, they have to use git:// or http:// to pull from the central
git repository, rather than ssh://. git repository, rather than ssh://.
So, to avoid a MITM attack, propellor checks that any commit it fetched So, to avoid a MITM attack, propellor checks that any commit it fetches
from origin is gpg signed by a trusted gpg key, and refuses to deploy it from origin is gpg signed by a trusted gpg key, and refuses to deploy it
otherwise. otherwise.
That is only done when privdata/keyring.gpg exists. To set it up: That is only done when privdata/keyring.gpg exists. To set it up:
gpg --gen-key # only if you don't already have a gpg key gpg --gen-key # only if you don't already have a gpg key
propellor --add-key $MYKEYID propellor --add-key $MYKEYID
In order to be secure from the beginning, when `propellor --spin` is used In order to be secure from the beginning, when `propellor --spin` is used
@ -88,9 +88,10 @@ gpg key, and will use it to verify git fetches.
Since the propoellor git repository is public, you can't store Since the propoellor git repository is public, you can't store
in cleartext private data such as passwords, ssh private keys, etc. in cleartext private data such as passwords, ssh private keys, etc.
Instead, `propellor --spin $host` looks for a `~/.propellor/privdata/$host.gpg` file and Instead, `propellor --spin $host` looks for a
if found decrypts it and sends it to the remote host using ssh. This lets `~/.propellor/privdata/$host.gpg` file and if found decrypts it and sends
a remote host know its own private data, without seeing all the rest. it to the remote host using ssh. This lets a remote host know its own
private data, without seeing all the rest.
To securely store private data, use: `propellor --set $host $field` To securely store private data, use: `propellor --set $host $field`
The field name will be something like 'Password "root"'; see PrivData.hs The field name will be something like 'Password "root"'; see PrivData.hs

22
privdata/darkstar.kitenet.net.gpg Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
hQIMA7ODiaEXBlRZAQ/9HdpfvTbfOnyqLlEK1WC9QO3HrF9w9yrEH8hCrVFJ/86r
xHK62+7I6wrV2W1UAHRx1b4H9qEkbD8+MAmjB2JYVmJUqvdzNv1jhsWwPpAcTQN1
RVWR95Auc2rjXXSiZRudLaWdxZdDBg5PWApH5+NW5grtNRKsTbYB1/No2iYJvDuv
WcbBkuFyEa0WbRiqUaUIyO9XAGyj4hqVDQSXH2Gzei8oB3PZh9+Lwv7i05lvSup+
dtbtEsEdDiJbCTzIakV6vEQT1BDVMpe6jRQbv7c+LXLeM65Tpl+2hnTPSTy1zcr0
bjfkFa6A75sHmIf0WGKAZj+jmNchp4AMdjmoMiXkHacDsBw623NgiMgzUnfWVkFm
BIrdk5AGBi50nqPxwtY7nWd0cbApvNvT1zlx8MlRBSZQ2zcijo5AjiCwb+eLLVhv
6oiKqpYGC1XpdNFFsaKHnHBCgsPIIetwx4ng0+lvRgBO+DEQ4RvvdKMhy/3nXrpz
NVdr/gG+HMBW1BjyCd9ArmTtSITQWDT8vnLmyFbc0aJ88c2rEjv2BpXmhKjxEoEn
IMxc3/9cLrVVRocnlq7YvKDZpfuwjgDs86D3e03Up7hQZhLU4+r8Wq7azxk3wE06
lAQIS0OwCe75EZvVWYHwhZ3vEoBE/TeqeaRyhKpofFS5GvtIJsZBjenmRcdOJTPS
wDQB/c3XkjuIrJErMBx/KrNQc2mAjcUpvW4+Ukj5vtpusi3qmSfsyaVJ4ZS9SwVv
7RPqLsH5Iz3Ga6u4of/mg+iG/wqJPJy2A9A/XOnsNVCVR3a+NxjPqevEjW1Pr6RL
SOMQSK6OuwuT1H13M1Z7R6dbg+pCcbc+hek9/6KzeZS9q4Di7aqq7+XeDr4c51+Q
2ojS4DG0/vAJmOO+E8ZatGiwdI8kmELrzAF8zzGz+ZujXSuiPXVd2kw/JdfUaTRq
KrtNhiGWWM44YWS43TYuYCoVgokrdVXzsZyKyhHzgXKCits3R5+QcUgUx2vESuOs
+FdM8fAd
=a0dr
-----END PGP MESSAGE-----