67 lines
2.9 KiB
Plaintext
67 lines
2.9 KiB
Plaintext
This is a work in progress configuration management system using Haskell
|
|
and Git.
|
|
|
|
Propellor enures that the system it's run in satisfies a list of
|
|
properties, taking action as necessary when a property is not yet met.
|
|
|
|
The design is intentionally very minimal.
|
|
|
|
Propellor lives in a git repository. You'll typically want to have
|
|
the repository checked out on a laptop, in order to make changes and push
|
|
them out to hosts. Each host will also have a clone of the repository,
|
|
and in that clone "make" can be used to build and run propellor.
|
|
This can be done by a cron job (which propellor can set up),
|
|
or a remote host can be triggered to update by running propellor
|
|
on your laptop: propellor --spin $host
|
|
|
|
Properties are defined using Haskell. Edit config.hs to get started.
|
|
|
|
There is no special language as used in puppet, chef, ansible, etc.. just
|
|
the full power of Haskell. Hopefully that power can be put to good use in
|
|
making declarative properties that are powerful, nicely idempotent, and
|
|
easy to adapt to a system's special needs.
|
|
|
|
Also avoided is any form of node classification. Ie, which hosts are part
|
|
of which classes and share which configuration. It might be nice to use
|
|
reclass[1], but then again a host is configured using simply haskell code,
|
|
and so it's easy to factor out things like classes of hosts as desired.
|
|
|
|
## bootstrapping and private data
|
|
|
|
To bootstrap propellor on a new host, use: propellor --spin $host
|
|
|
|
That clones the git repository to the remote host.
|
|
The repository on the remote host will have its origin set to the local git
|
|
repository's remote.origin.url (or remote.deploy.url if available).
|
|
This way, when propellor is run on the remote host, it can contact
|
|
whatever central git repository you're using.
|
|
|
|
Private data such as passwords, ssh private keys, etc should not be checked
|
|
into a propellor git repository in the clear, unless you want to restrict
|
|
access to the repository. Which would probably involve a separate fork
|
|
for each host and be annoying.
|
|
|
|
Instead, propellor --spin $host looks for a privdata/$host.gpg file and
|
|
if found decrypts it and sends it to the host using ssh. To set a field
|
|
in such a file, use: propellor --set $host $field
|
|
The field name will be something like 'Password "root"'; see PrivData.hs
|
|
for available fields.
|
|
|
|
## using git://... securely
|
|
|
|
It's often easiest for a remote host to use a git:// or http://
|
|
url to its origin repository, rather than ssh://. So, to avoid a MITM
|
|
attack, propellor checks that any commit it fetched from origin is gpg
|
|
signed by a trusted gpg key, and refuses to deploy it otherwise.
|
|
|
|
This is only done when privdata/keyring.gpg exists. To set it up:
|
|
|
|
gpg --gen-key # only if you don't already have a gpg key
|
|
propellor --add-key $MYKEYID
|
|
|
|
In order to be secure from the beginning propellor --spin is used
|
|
to bootstrap propellor on a new host, it transfers the local git repositry
|
|
to the host over ssh.
|
|
|
|
[1] http://reclass.pantsfullofunix.net/
|