Configs
Go to file
Joey Hess 88d296d0de
propellor spin
2014-03-31 16:48:12 -04:00
Propellor propellor spin 2014-03-31 16:48:12 -04:00
Utility propellor spin 2014-03-31 16:20:38 -04:00
privdata propellor addkey 2014-03-31 11:30:55 -04:00
.gitignore propellor spin 2014-03-31 12:06:04 -04:00
GPL cabalized and added a wrapper program 2014-03-30 00:08:02 -04:00
Makefile propellor spin 2014-03-31 16:20:38 -04:00
Propellor.hs propellor spin 2014-03-31 16:20:38 -04:00
README propellor spin 2014-03-31 16:20:38 -04:00
Setup.hs fix 2014-03-30 23:39:07 -04:00
TODO propellor spin 2014-03-31 15:46:23 -04:00
config.hs propellor spin 2014-03-31 10:52:46 -04:00
propellor.cabal out of band keyring transfer is not necessary, since repo is cloned securely 2014-03-31 15:52:40 -04:00

README

This is a work in progress configuration management system using Haskell
and Git.

Propellor enures that the system it's run in satisfies a list of
properties, taking action as necessary when a property is not yet met.

The design is intentionally very minimal.

Propellor lives in a git repository. You'll typically want to have
the repository checked out on a laptop, in order to make changes and push
them out to hosts. Each host will also have a clone of the repository,
and in that clone "make" can be used to build and run propellor.
This can be done by a cron job (which propellor can set up),
or a remote host can be triggered to update by running propellor
on your laptop: propellor --spin $host

Properties are defined using Haskell. Edit config.hs to get started.

There is no special language as used in puppet, chef, ansible, etc.. just
the full power of Haskell. Hopefully that power can be put to good use in
making declarative properties that are powerful, nicely idempotent, and
easy to adapt to a system's special needs.

Also avoided is any form of node classification. Ie, which hosts are part
of which classes and share which configuration. It might be nice to use
reclass[1], but then again a host is configured using simply haskell code,
and so it's easy to factor out things like classes of hosts as desired.

## bootstrapping and private data

To bootstrap propellor on a new host, use: propellor --spin $host

That clones the git repository to the remote host. 
The repository on the remote host will have its origin set to the local git
repository's remote.origin.url (or remote.deploy.url if available).
This way, when propellor is run on the remote host, it can contact
whatever central git repository you're using.

Private data such as passwords, ssh private keys, etc should not be checked
into a propellor git repository in the clear, unless you want to restrict
access to the repository. Which would probably involve a separate fork 
for each host and be annoying. 

Instead, propellor --spin $host looks for a privdata/$host.gpg file and
if found decrypts it and sends it to the host using ssh. To set a field
in such a file, use: propellor --set $host $field
The field name will be something like 'Password "root"'; see PrivData.hs
for available fields.

## using git://... securely

It's often easiest for a remote host to use a git:// or http://
url to its origin repository, rather than ssh://. So, to avoid a MITM
attack, propellor checks that any commit it fetched from origin is gpg
signed by a trusted gpg key, and refuses to deploy it otherwise.

This is only done when privdata/keyring.gpg exists. To set it up:

gpg --gen-key                 # only if you don't already have a gpg key
propellor --add-key $MYKEYID

In order to be secure from the beginning propellor --spin is used
to bootstrap propellor on a new host, it transfers the local git repositry
to the host over ssh.

[1] http://reclass.pantsfullofunix.net/