Merge branch 'joeyconfig'
This commit is contained in:
Joey Hess
commit
ac480f6c85
|
|
@ -68,24 +68,15 @@ defaultMain getprops = do
|
|||
go True cmdline@(Spin _) = buildFirst cmdline $ go False cmdline
|
||||
go True cmdline = updateFirst cmdline $ go False cmdline
|
||||
go False (Spin host) = withprops host $ const $ spin host
|
||||
go False cmdline@(Run host) = withprops host $
|
||||
asRoot cmdline . ensureProperties
|
||||
go False (Run host) = ifM ((==) 0 <$> getRealUserID)
|
||||
( withprops host ensureProperties
|
||||
, go True (Spin host)
|
||||
)
|
||||
go False (Boot host) = withprops host $ boot
|
||||
|
||||
withprops host a = maybe (unknownhost host) a $
|
||||
headMaybe $ catMaybes $ map (\get -> get host) getprops
|
||||
|
||||
asRoot :: CmdLine -> IO a -> IO a
|
||||
asRoot cmdline a = ifM ((==) 0 <$> getRealUserID)
|
||||
( a
|
||||
, do
|
||||
hPutStrLn stderr "Need to be root to provision the local host! Running sudo propellor..."
|
||||
hFlush stderr
|
||||
(_, _, _, pid) <- createProcess $
|
||||
proc "sudo" ["./propellor", show (Continue cmdline)]
|
||||
exitWith =<< waitForProcess pid
|
||||
)
|
||||
|
||||
unknownhost :: HostName -> IO a
|
||||
unknownhost h = errorMessage $ unlines
|
||||
[ "Unknown host: " ++ h
|
||||
|
|
|
|||
19
README.md
19
README.md
|
|
@ -35,7 +35,7 @@ and so it's easy to factor out things like classes of hosts as desired.
|
|||
`apt-get install propellor`
|
||||
2. Run propellor for the first time. It will set up a `~/.propellor/` git
|
||||
repository for you.
|
||||
3. In `~/.propellor/`, use git to push the repository to a central
|
||||
3. `cd ~/.propellor/`; use git to push the repository to a central
|
||||
server (github, or your own git server). Configure that central
|
||||
server as the origin remote of the repository.
|
||||
4. If you don't have a gpg private key, generate one: `gpg --gen-key`
|
||||
|
|
@ -49,19 +49,19 @@ and so it's easy to factor out things like classes of hosts as desired.
|
|||
So, edit `~/.propellor/config.hs` to configure the host (maybe
|
||||
start with a few simple properties), and re-run step 7.
|
||||
Repeat until happy and move on to the next host. :)
|
||||
9. To move beyond manually running propellor --spin against hosts
|
||||
when you change configuration, add a property to your hosts
|
||||
9. To move beyond manually running `propellor --spin` against hosts
|
||||
when you change their properties, add a property to your hosts
|
||||
like: `Cron.runPropellor "30 * * * *"`
|
||||
|
||||
Now they'll automatically update every 30 minutes, and you can
|
||||
`git commit -S` and `git push` changes that affect any number of
|
||||
hosts.
|
||||
8. Write some neat new properties and send patches to <propellor@joeyh.name>!
|
||||
10. Write some neat new properties and send patches to <propellor@joeyh.name>!
|
||||
|
||||
## security
|
||||
|
||||
Propellor's security model is that the hosts it's used to deploy are
|
||||
untrusted, and that the central git repository server is untrusted.
|
||||
untrusted, and that the central git repository server is untrusted too.
|
||||
|
||||
The only trusted machine is the laptop where you run `propellor --spin`
|
||||
to connect to a remote host. And that one only because you have a ssh key
|
||||
|
|
@ -71,7 +71,7 @@ Since the hosts propellor deploys are not trusted by the central git
|
|||
repository, they have to use git:// or http:// to pull from the central
|
||||
git repository, rather than ssh://.
|
||||
|
||||
So, to avoid a MITM attack, propellor checks that any commit it fetched
|
||||
So, to avoid a MITM attack, propellor checks that any commit it fetches
|
||||
from origin is gpg signed by a trusted gpg key, and refuses to deploy it
|
||||
otherwise.
|
||||
|
||||
|
|
@ -88,9 +88,10 @@ gpg key, and will use it to verify git fetches.
|
|||
Since the propoellor git repository is public, you can't store
|
||||
in cleartext private data such as passwords, ssh private keys, etc.
|
||||
|
||||
Instead, `propellor --spin $host` looks for a `~/.propellor/privdata/$host.gpg` file and
|
||||
if found decrypts it and sends it to the remote host using ssh. This lets
|
||||
a remote host know its own private data, without seeing all the rest.
|
||||
Instead, `propellor --spin $host` looks for a
|
||||
`~/.propellor/privdata/$host.gpg` file and if found decrypts it and sends
|
||||
it to the remote host using ssh. This lets a remote host know its own
|
||||
private data, without seeing all the rest.
|
||||
|
||||
To securely store private data, use: `propellor --set $host $field`
|
||||
The field name will be something like 'Password "root"'; see PrivData.hs
|
||||
|
|
|
|||
|
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN PGP MESSAGE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
hQIMA7ODiaEXBlRZAQ/9HdpfvTbfOnyqLlEK1WC9QO3HrF9w9yrEH8hCrVFJ/86r
|
||||
xHK62+7I6wrV2W1UAHRx1b4H9qEkbD8+MAmjB2JYVmJUqvdzNv1jhsWwPpAcTQN1
|
||||
RVWR95Auc2rjXXSiZRudLaWdxZdDBg5PWApH5+NW5grtNRKsTbYB1/No2iYJvDuv
|
||||
WcbBkuFyEa0WbRiqUaUIyO9XAGyj4hqVDQSXH2Gzei8oB3PZh9+Lwv7i05lvSup+
|
||||
dtbtEsEdDiJbCTzIakV6vEQT1BDVMpe6jRQbv7c+LXLeM65Tpl+2hnTPSTy1zcr0
|
||||
bjfkFa6A75sHmIf0WGKAZj+jmNchp4AMdjmoMiXkHacDsBw623NgiMgzUnfWVkFm
|
||||
BIrdk5AGBi50nqPxwtY7nWd0cbApvNvT1zlx8MlRBSZQ2zcijo5AjiCwb+eLLVhv
|
||||
6oiKqpYGC1XpdNFFsaKHnHBCgsPIIetwx4ng0+lvRgBO+DEQ4RvvdKMhy/3nXrpz
|
||||
NVdr/gG+HMBW1BjyCd9ArmTtSITQWDT8vnLmyFbc0aJ88c2rEjv2BpXmhKjxEoEn
|
||||
IMxc3/9cLrVVRocnlq7YvKDZpfuwjgDs86D3e03Up7hQZhLU4+r8Wq7azxk3wE06
|
||||
lAQIS0OwCe75EZvVWYHwhZ3vEoBE/TeqeaRyhKpofFS5GvtIJsZBjenmRcdOJTPS
|
||||
wDQB/c3XkjuIrJErMBx/KrNQc2mAjcUpvW4+Ukj5vtpusi3qmSfsyaVJ4ZS9SwVv
|
||||
7RPqLsH5Iz3Ga6u4of/mg+iG/wqJPJy2A9A/XOnsNVCVR3a+NxjPqevEjW1Pr6RL
|
||||
SOMQSK6OuwuT1H13M1Z7R6dbg+pCcbc+hek9/6KzeZS9q4Di7aqq7+XeDr4c51+Q
|
||||
2ojS4DG0/vAJmOO+E8ZatGiwdI8kmELrzAF8zzGz+ZujXSuiPXVd2kw/JdfUaTRq
|
||||
KrtNhiGWWM44YWS43TYuYCoVgokrdVXzsZyKyhHzgXKCits3R5+QcUgUx2vESuOs
|
||||
+FdM8fAd
|
||||
=a0dr
|
||||
-----END PGP MESSAGE-----
|
||||
Loading…
Reference in New Issue