summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
l---------config.hs2
-rw-r--r--doc/forum/Certbot_cert_expanding.mdwn16
-rw-r--r--doc/forum/Certbot_cert_expanding/comment_1_1f6b33d757294b69172a9b59b2c0ea4f._comment15
-rw-r--r--doc/todo/support_for_libvirt_KVM_VMs.mdwn27
-rw-r--r--doc/todo/support_for_libvirt_KVM_VMs/comment_1_c73740e45387fe817280b55bb0e32c12._comment29
-rw-r--r--privdata/relocate1
6 files changed, 88 insertions, 2 deletions
diff --git a/config.hs b/config.hs
index 97d90636..ec313725 120000
--- a/config.hs
+++ b/config.hs
@@ -1 +1 @@
-joeyconfig.hs \ No newline at end of file
+config-simple.hs \ No newline at end of file
diff --git a/doc/forum/Certbot_cert_expanding.mdwn b/doc/forum/Certbot_cert_expanding.mdwn
new file mode 100644
index 00000000..90be60d6
--- /dev/null
+++ b/doc/forum/Certbot_cert_expanding.mdwn
@@ -0,0 +1,16 @@
+When adding a name to the list for a `letsEncrypt` property, certbot fails thusly:
+
+ Saving debug log to /var/log/letsencrypt/letsencrypt.log
+ Plugins selected: Authenticator webroot, Installer None
+ Missing command line flag or config entry for this setting:
+ You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/…)
+
+ It contains these names: …
+
+ You requested these names for the new certificate: …
+
+ Do you want to expand and replace this existing certificate with the new certificate?
+
+ (You can set this with the --expand flag)
+
+I think maybe Propellor should always pass --expand? I haven't tested if that works correctly when not changing the names.
diff --git a/doc/forum/Certbot_cert_expanding/comment_1_1f6b33d757294b69172a9b59b2c0ea4f._comment b/doc/forum/Certbot_cert_expanding/comment_1_1f6b33d757294b69172a9b59b2c0ea4f._comment
new file mode 100644
index 00000000..fb7354d1
--- /dev/null
+++ b/doc/forum/Certbot_cert_expanding/comment_1_1f6b33d757294b69172a9b59b2c0ea4f._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-07-31T14:25:34Z"
+ content="""
+Makes sense. The man page says:
+
+ --expand If an existing certificate is a strict subset of the
+ requested names, always expand and replace it with the
+ additional names. (default: Ask)
+
+Which reads like it will not change behavior in other cases.
+Still, it would be good for someone to test it before the change is
+made to propellor..
+"""]]
diff --git a/doc/todo/support_for_libvirt_KVM_VMs.mdwn b/doc/todo/support_for_libvirt_KVM_VMs.mdwn
new file mode 100644
index 00000000..529cf721
--- /dev/null
+++ b/doc/todo/support_for_libvirt_KVM_VMs.mdwn
@@ -0,0 +1,27 @@
+I've been thinking about how to add support for libvirt VMs to
+propellor. TTBOMK setting up the VMs is a matter of creating some
+files in /etc, so that part is straightforward; might not want very
+much abstraction in propellor at all. The interesting part is
+creating the corresponding disk images.
+
+I first thought that I could just extend propellor's existing support
+for generating disk images by debootstrapping in a chroot and then
+generating an image based on that chroot. It would just be a matter
+of using `.qcow2` images rather than `.img`. But the problem with
+this is that once the VM is in use, propellor should not just be
+overwriting the `.qcow2` file. So something different is needed.
+
+What I have in mind is a conditional property that works something
+like this:
+
+ ifM ( doesFileExist "/path/to/image.qcow2"
+ , debootstrapTheChrootAndPackIntoQcow2File theHost
+ , conducts [theHost] `requires` KVM.booted theHost
+ )
+
+where `theHost :: Host` and either the user's libvirt config or some
+property somewhere ensures it can be SSHed to from localhost.
+
+Does this seem like the right approach?
+
+--spwhitton
diff --git a/doc/todo/support_for_libvirt_KVM_VMs/comment_1_c73740e45387fe817280b55bb0e32c12._comment b/doc/todo/support_for_libvirt_KVM_VMs/comment_1_c73740e45387fe817280b55bb0e32c12._comment
new file mode 100644
index 00000000..f4ff3615
--- /dev/null
+++ b/doc/todo/support_for_libvirt_KVM_VMs/comment_1_c73740e45387fe817280b55bb0e32c12._comment
@@ -0,0 +1,29 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-07-20T15:54:17Z"
+ content="""
+That seems like a good plan to me, and nice use of the Conductor module.
+
+Of course, `conducts` is a Property, not an IO action and presumably
+so is `debootstrapTheChrootAndPackIntoQcow2File`,
+so to check if the disk image exists, you'll instead
+want to use the `check` combinator. Something like:
+
+ & check (not <$> doesFileExist "/path/to/image.qcow2")
+ debootstrapTheChrootAndPackIntoQcow2File theHost
+ & check (doesFileExist "/path/to/image.qcow2")
+ conducts [theHost] `requires` KVM.booted theHost
+
+Perhaps the redundancy in that can be reduced with a new combinator
+that chooses which action to run.
+
+You may want to also delete the chroot once the disk image is built.
+
+There could also be a minor gotcha with the Conductor module trying to
+conduct the VM before it's gotten set up yet, at worst this would make
+propellor display a warning.
+
+Let me know if you need help with this,
+although I will next be available on July 30th.
+"""]]
diff --git a/privdata/relocate b/privdata/relocate
deleted file mode 100644
index 271692d8..00000000
--- a/privdata/relocate
+++ /dev/null
@@ -1 +0,0 @@
-.joeyconfig