summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJoey Hess2014-07-09 22:11:31 -0400
committerJoey Hess2014-07-09 22:11:31 -0400
commitf118c369d3240b656e4fef77b6efc758b3f714eb (patch)
tree0a3e0c6e134680e35665364b2cd6895863bcc990 /doc
parent17b21794a72f6cfaddda321d6f2cbdb87ce3dee0 (diff)
parent82da31b3e0e9acdfbca4c48eb12ab1f28515ba10 (diff)
Record propellor (0.8.1) in archive suite sid
Diffstat (limited to 'doc')
-rw-r--r--doc/news/version_0.5.0.mdwn8
-rw-r--r--doc/news/version_0.5.1.mdwn8
-rw-r--r--doc/news/version_0.7.0.mdwn9
-rw-r--r--doc/news/version_0.8.0.mdwn20
-rw-r--r--doc/security.mdwn15
-rw-r--r--doc/todo/better_privdata.mdwn12
-rw-r--r--doc/todo/info_propigation_out_of_nested_properties.mdwn28
7 files changed, 77 insertions, 23 deletions
diff --git a/doc/news/version_0.5.0.mdwn b/doc/news/version_0.5.0.mdwn
deleted file mode 100644
index 2d3e1470..00000000
--- a/doc/news/version_0.5.0.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-propellor 0.5.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * Removed root domain records from SOA. Instead, use RootDomain
- when calling Dns.primary.
- * Dns primary and secondary properties are now revertable.
- * When unattendedUpgrades is enabled on an Unstable or Testing system,
- configure it to allow the upgrades.
- * New website, https://propellor.branchable.com/"""]] \ No newline at end of file
diff --git a/doc/news/version_0.5.1.mdwn b/doc/news/version_0.5.1.mdwn
deleted file mode 100644
index c523ae60..00000000
--- a/doc/news/version_0.5.1.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-propellor 0.5.1 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * Primary DNS servers now have allow-transfer automatically populated
- with the IP addresses of secondary dns servers. So, it's important
- that all secondary DNS servers have an ipv4 (and/or ipv6) property
- configured.
- * Deal with old ssh connection caching sockets.
- * Add missing build deps and deps. Closes: #[745459](http://bugs.debian.org/745459)"""]] \ No newline at end of file
diff --git a/doc/news/version_0.7.0.mdwn b/doc/news/version_0.7.0.mdwn
new file mode 100644
index 00000000..6ce0b517
--- /dev/null
+++ b/doc/news/version_0.7.0.mdwn
@@ -0,0 +1,9 @@
+propellor 0.7.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * combineProperties no longer stops when a property fails; now it continues
+ trying to satisfy all properties on the list before propigating the
+ failure.
+ * Attr is renamed to Info.
+ * Renamed wrapper to propellor to make cabal installation of propellor work.
+ * When git gpg signature of a fetched git branch cannot be verified,
+ propellor will now continue running, but without merging in that branch."""]] \ No newline at end of file
diff --git a/doc/news/version_0.8.0.mdwn b/doc/news/version_0.8.0.mdwn
new file mode 100644
index 00000000..69dbb927
--- /dev/null
+++ b/doc/news/version_0.8.0.mdwn
@@ -0,0 +1,20 @@
+propellor 0.8.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Completely reworked privdata storage. There is now a single file,
+ and each host is sent only the privdata that its Properties actually use.
+ To transition existing privdata, run propellor against a host and
+ watch out for the red failure messages, and run the suggested commands
+ to store the privdata using the new storage scheme. You may find
+ it useful to run the old version of propellor to extract data from the old
+ privdata files during this migration.
+ Several properties that use privdata now require a context to be
+ specified. If in doubt, you can use anyContext, or
+ Context "hostname.example.com"
+ * Add --edit to edit a privdata value in $EDITOR.
+ * Add --list-fields to list all currently set privdata fields, along with
+ the hosts that use them.
+ * Fix randomHostKeys property to run openssh-server's postinst in a
+ non-failing way.
+ * Hostname.sane now cleans up the 127.0.0.1 localhost line in /etc/hosts,
+ to avoid eg, apache complaining "Could not reliably determine the
+ server's fully qualified domain name"."""]] \ No newline at end of file
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 5576bf06..075d68ec 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -27,10 +27,11 @@ Since the propoellor git repository is public, you can't store
in cleartext private data such as passwords, ssh private keys, etc.
Instead, `propellor --spin $host` looks for a
-`~/.propellor/privdata/$host.gpg` file and if found decrypts it and sends
-it to the remote host using ssh. This lets a remote host know its own
-private data, without seeing all the rest.
-
-To securely store private data, use: `propellor --set $host $field`
-The field name will be something like 'Password "root"'; see PrivData.hs
-for available fields.
+`~/.propellor/privdata/privdata.gpg` file and if found decrypts it,
+extracts the private that that the $host needs, and sends it to to the
+$host using ssh. This lets a host know its own private data, without
+seeing all the rest.
+
+To securely store private data, use: `propellor --set $field $context`
+Propellor will tell you the details when you use a Property that needs
+PrivData.
diff --git a/doc/todo/better_privdata.mdwn b/doc/todo/better_privdata.mdwn
new file mode 100644
index 00000000..1ee9e14f
--- /dev/null
+++ b/doc/todo/better_privdata.mdwn
@@ -0,0 +1,12 @@
+It can be annoying to need to move privdata values around when moving
+services between hosts, which is otherwise often just a cut-n-paste
+of a line in config.hs.
+
+It would be better if privdata were all stored in one Map, and the set of
+privdata that a host's current properties need were sent to it
+automatically, rather than the current 1-file-per-host separation.
+
+For this to work though, each property that uses privdata would need to add
+to the host's Info the privdata field it uses.
+
+> [[done]]! --[[Joey]]
diff --git a/doc/todo/info_propigation_out_of_nested_properties.mdwn b/doc/todo/info_propigation_out_of_nested_properties.mdwn
new file mode 100644
index 00000000..9e69b0b4
--- /dev/null
+++ b/doc/todo/info_propigation_out_of_nested_properties.mdwn
@@ -0,0 +1,28 @@
+Currently, Info about a Host's Properties is manually gathered and
+propigated. propertyList combines the Info of the Properties in the list.
+Docker.docked extracts relevant Info from the Properties of the container
+(but not al of it, intentionally!).
+
+This works, but it's error-prone. Consider this example:
+
+ withOS desc $ \o -> case o of
+ (Just (System (Debian Unstable) _)) -> ensureProperty foo
+ _ -> ensureProperty bar
+
+Here, the Info of `foo` is not propigated out. Nor is `bar`'s Info.
+Of course, only one of them will be run, and only its info should be propigated
+out..
+
+One approach might be to make the Propellor monad be able to be run in two
+modes. In one mode, it actually perform IO, etc. In the other mode, all
+liftIO is a no-op, but all Info encountered is accumulated using a Reader
+monad. This might need two separate monad definitions.
+
+That is surely doable, but the withOS example above shows a problem with it --
+the OS is itself part of a Host's info, so won't be known until all its
+properties have been examined for info!
+
+Perhaps that can be finessed. We don't really need to propigate out OS info.
+Just DNS and PrivDataField Info. So info could be collected in 2 passes,
+first as it's done now by static propertyInfo values. Then by running
+the Properties in the Reader monad.