summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/HostingProvider
diff options
context:
space:
mode:
authorJoey Hess2016-06-13 17:54:19 -0400
committerJoey Hess2016-06-13 17:54:19 -0400
commitebaaa9db50691658094488d1d1956e6082305a1b (patch)
tree3504388f8ce082306c8e31470b13f0db838837cb /src/Propellor/Property/HostingProvider
parent697d18c018330611d389093f494915ceae9b6406 (diff)
parent5e65dc8abe3237fdc189d8a80d3eb3e193369011 (diff)
Merge remote-tracking branch 'spwhitton/reboot'
Diffstat (limited to 'src/Propellor/Property/HostingProvider')
-rw-r--r--src/Propellor/Property/HostingProvider/DigitalOcean.hs25
-rw-r--r--src/Propellor/Property/HostingProvider/Exoscale.hs32
2 files changed, 33 insertions, 24 deletions
diff --git a/src/Propellor/Property/HostingProvider/DigitalOcean.hs b/src/Propellor/Property/HostingProvider/DigitalOcean.hs
index c1e0ffc9..084faa36 100644
--- a/src/Propellor/Property/HostingProvider/DigitalOcean.hs
+++ b/src/Propellor/Property/HostingProvider/DigitalOcean.hs
@@ -7,8 +7,6 @@ import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Reboot as Reboot
-import Data.List
-
-- | Digital Ocean does not provide any way to boot
-- the kernel provided by the distribution, except using kexec.
-- Without this, some old, and perhaps insecure kernel will be used.
@@ -25,25 +23,4 @@ distroKernel = propertyList "digital ocean distro kernel hack" $ props
[ "LOAD_KEXEC=true"
, "USE_GRUB_CONFIG=true"
] `describe` "kexec configured"
- & check (not <$> runningInstalledKernel) Reboot.now
- `describe` "running installed kernel"
-
-runningInstalledKernel :: IO Bool
-runningInstalledKernel = do
- kernelver <- takeWhile (/= '\n') <$> readProcess "uname" ["-r"]
- when (null kernelver) $
- error "failed to read uname -r"
- kernelimages <- concat <$> mapM kernelsIn ["/", "/boot/"]
- when (null kernelimages) $
- error "failed to find any installed kernel images"
- findVersion kernelver <$>
- readProcess "file" ("-L" : kernelimages)
-
--- | File output looks something like this, we want to unambiguously
--- match the running kernel version:
--- Linux kernel x86 boot executable bzImage, version 3.16-3-amd64 (debian-kernel@lists.debian.org) #1 SMP Debian 3.1, RO-rootFS, swap_dev 0x2, Normal VGA
-findVersion :: String -> String -> Bool
-findVersion ver s = (" version " ++ ver ++ " ") `isInfixOf` s
-
-kernelsIn :: FilePath -> IO [FilePath]
-kernelsIn d = filter ("vmlinu" `isInfixOf`) <$> dirContents d
+ & Reboot.toDistroKernel
diff --git a/src/Propellor/Property/HostingProvider/Exoscale.hs b/src/Propellor/Property/HostingProvider/Exoscale.hs
new file mode 100644
index 00000000..c6244d46
--- /dev/null
+++ b/src/Propellor/Property/HostingProvider/Exoscale.hs
@@ -0,0 +1,32 @@
+-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name>
+
+module Propellor.Property.HostingProvider.Exoscale (
+ distroKernel,
+) where
+
+import Propellor.Base
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.Grub as Grub
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.Reboot as Reboot
+
+-- | The current Exoshare Debian image doesn't install GRUB, so this property
+-- makes sure GRUB is installed and correctly configured
+--
+-- In case an old, insecure kernel is running, we check for an old kernel
+-- version and reboot immediately if one is found.
+--
+-- Note that we ignore anything after the first hyphen when considering whether
+-- the running kernel's version is older than the Debian-supplied kernel's
+-- version.
+distroKernel :: Architecture -> Property DebianLike
+distroKernel arch = go `flagFile` theFlagFile
+ where
+ go = combineProperties "boots distro kernel" $ props
+ & Apt.installed ["grub2", "linux-image-" ++ arch]
+ & Grub.boots "/dev/vda"
+ & Grub.mkConfig
+ -- Since we're rebooting we have to manually create the flagfile
+ & File.hasContent theFlagFile [""]
+ & Reboot.toDistroKernel
+ theFlagFile = "/etc/propellor-distro-kernel"