summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJoey Hess2014-09-15 14:46:17 -0400
committerJoey Hess2014-09-15 14:46:17 -0400
commit475d78b37e47015038b378db54e084232b496b1b (patch)
treeda421c19206c1b2d80b4d7d6c1d849d02a39fa02 /doc
parent7e64ee7334ba3f9eddc0540bfea7fde96f12ea96 (diff)
parent4d9655b9e00ceaeaad9247f7ca90601fe46b527c (diff)
Merge branch 'master' of ssh://propellor.branchable.com
Diffstat (limited to 'doc')
-rw-r--r--doc/README.mdwn5
-rw-r--r--doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment10
-rw-r--r--doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment8
-rw-r--r--doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment17
-rw-r--r--doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment22
-rw-r--r--doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment13
6 files changed, 72 insertions, 3 deletions
diff --git a/doc/README.mdwn b/doc/README.mdwn
index 71b265f5..2f402dc8 100644
--- a/doc/README.mdwn
+++ b/doc/README.mdwn
@@ -44,9 +44,8 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask
3. If you don't have a gpg private key already, generate one: `gpg --gen-key`
4. Run: `propellor --add-key $KEYID`, which will make propellor trust
your gpg key, and will sign your `~/.propellor` repository using it.
-5. `cd ~/.propellor/`; use git to push the repository to a central
- server (github, or your own git server). Configure that central
- server as the origin remote of the repository.
+5. Push the git repository to a central server (github or your own):
+ `cd ~/.propellor/; git remote add origin ssh://git.example.com/propellor.git; git push -u origin master`
6. Edit `~/.propellor/config.hs`, and add a host you want to manage.
You can start by not adding any properties, or only a few.
7. Pick a host and run: `propellor --spin $HOST`
diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
new file mode 100644
index 00000000..4ed9ecdb
--- /dev/null
+++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Is it ok to publish to a public repository?"
+ date="2014-08-29T21:13:19Z"
+ content="""
+It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong?
+
+Thanks
+"""]]
diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
new file mode 100644
index 00000000..4d209b03
--- /dev/null
+++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="131.252.200.111"
+ subject="comment 2"
+ date="2014-08-29T21:52:02Z"
+ content="""
+--add-key puts your **public** key in the repository, not the private key.
+"""]]
diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
new file mode 100644
index 00000000..4d75842d
--- /dev/null
+++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Remote host fails to connect"
+ date="2014-08-30T06:40:33Z"
+ content="""
+Makes sense of course, but the message one gets when doing that is a bit misleading.
+
+I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because:
+
+1. the host key is not initially present in root's known_hosts, then
+2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH
+
+I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore.
+
+Thanks for your help
+"""]]
diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
new file mode 100644
index 00000000..b2ac4d57
--- /dev/null
+++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Output from propellor --spin $host"
+ date="2014-08-30T07:17:52Z"
+ content="""
+Here is the output (truncated):
+
+
+ Permission denied (publickey).
+ fatal: Could not read from remote repository.
+
+ Please make sure you have the correct access rights
+ and the repository exists.
+ Git fetch ... failed
+ fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree.
+ Use '--' to separate paths from revisions, like this:
+ 'git <command> [<revision>...] -- [<file>...]'
+ propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128)
+
+
+"""]]
diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
new file mode 100644
index 00000000..cc26f42d
--- /dev/null
+++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Got it working..."
+ date="2014-08-31T12:50:17Z"
+ content="""
+OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations:
+
+* Use a https:// based url for the first
+* Use a git:// based url for the second
+
+I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url.
+"""]]