summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile4
l---------config.hs2
-rw-r--r--debian/changelog11
-rw-r--r--doc/forum/Adding_support_for_a_SQL_server/comment_8_2c604eb5c627c36ec68a1a7198e00710._comment18
-rw-r--r--doc/forum/Apt.backportInstalledMin___63__.mdwn1
-rw-r--r--doc/forum/Apt.backportInstalledMin___63__/comment_1_4e5e6b479e478897eea3337b9468db15._comment11
-rw-r--r--doc/forum/Make_clean_fails_in_openbsd.mdwn25
-rw-r--r--doc/forum/Make_clean_fails_in_openbsd/comment_1_27faa3850b462e8930752209f41e2c2f._comment8
-rw-r--r--doc/forum/Make_clean_fails_in_openbsd/comment_2_be7daa63ed7b5689f3e626eedd2fb648._comment10
-rw-r--r--doc/forum/__34__predictable__34___network_interface_names.mdwn3
-rw-r--r--doc/forum/__34__predictable__34___network_interface_names/comment_1_6bf05129a9aa5b427c0838753b5b0673._comment12
-rw-r--r--doc/forum/__34__predictable__34___network_interface_names/comment_2_25a2911fa57ea3da20f25b25d7c4406b._comment13
-rw-r--r--doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd.mdwn6
-rw-r--r--doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd/comment_1_ccf181b032aad9134ff513878956d1b2._comment14
-rw-r--r--doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd/comment_2_b9f9c1903f1a54bad8d9021702056f41._comment17
-rw-r--r--doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_3_a749abb97ebafd26bb695663b68673c5._comment8
-rw-r--r--doc/news/version_5.3.4.mdwn8
-rw-r--r--doc/news/version_5.5.0.mdwn20
-rw-r--r--doc/todo/support_for_libvirt_KVM_VMs/comment_4_dbd2c399c8ef8ac56ae06f1a701fdc45._comment19
-rw-r--r--doc/todo/support_for_libvirt_KVM_VMs/comment_5_364df45dda89ed83cf8db6fa4cbdc186._comment8
-rw-r--r--doc/todo/support_for_libvirt_KVM_VMs/comment_6_9c2792cec842dba7a8fabb24c2c33da0._comment14
-rw-r--r--doc/todo/support_for_libvirt_KVM_VMs/comment_7_246609ff0b30329fe64fe1c100b62c45._comment49
-rw-r--r--doc/todo/support_for_libvirt_KVM_VMs/comment_8_f7ceb2909d6884a9b13500b7c660469a._comment23
-rw-r--r--privdata/relocate1
-rw-r--r--src/Propellor/Property/Apt.hs19
-rw-r--r--src/Propellor/Property/Sudo.hs3
26 files changed, 307 insertions, 20 deletions
diff --git a/Makefile b/Makefile
index 84a92f0e..0e4b2ca3 100644
--- a/Makefile
+++ b/Makefile
@@ -30,8 +30,8 @@ install:
clean:
rm -rf dist Setup tags propellor propellor.1 privdata/local
- find -name \*.o -exec rm {} \;
- find -name \*.hi -exec rm {} \;
+ find . -name \*.o -exec rm {} \;
+ find . -name \*.hi -exec rm {} \;
# hothasktags chokes on some template haskell etc, so ignore errors
# duplicate tags with Propellor.Property. removed from the start, as we
diff --git a/config.hs b/config.hs
index 97d90636..ec313725 120000
--- a/config.hs
+++ b/config.hs
@@ -1 +1 @@
-joeyconfig.hs \ No newline at end of file
+config-simple.hs \ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index b0f7121b..e9c8bb00 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,10 @@
-propellor (5.5.0) UNRELEASED; urgency=medium
+propellor (5.5.1) UNRELEASED; urgency=medium
+
+ * Some openbsd portability fixes. Thanks, rsiddharth.
+
+ -- Joey Hess <id@joeyh.name> Tue, 23 Oct 2018 11:37:16 -0400
+
+propellor (5.5.0) unstable; urgency=medium
* letsencrypt': Pass --expand to support expanding the list of domains
* Split mailname property out of Hostname.sane, since bad mailname
@@ -17,8 +23,9 @@ propellor (5.5.0) UNRELEASED; urgency=medium
* Borg: Added UsesEnvVar.
* Added DiskImage.noBootloader, useful for eg, direct booting with
qemu. Thanks, David Bremner.
+ * Added Apt.backportInstalledMin.
- -- Joey Hess <id@joeyh.name> Thu, 09 Aug 2018 10:54:41 -0400
+ -- Joey Hess <id@joeyh.name> Sat, 20 Oct 2018 21:00:27 -0400
propellor (5.4.1) unstable; urgency=medium
diff --git a/doc/forum/Adding_support_for_a_SQL_server/comment_8_2c604eb5c627c36ec68a1a7198e00710._comment b/doc/forum/Adding_support_for_a_SQL_server/comment_8_2c604eb5c627c36ec68a1a7198e00710._comment
new file mode 100644
index 00000000..0724001b
--- /dev/null
+++ b/doc/forum/Adding_support_for_a_SQL_server/comment_8_2c604eb5c627c36ec68a1a7198e00710._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="Nicolas.Schodet"
+ avatar="http://cdn.libravatar.org/avatar/0d7ec808ec329d04ee9a93c0da3c0089"
+ subject="comment 8"
+ date="2018-10-19T20:34:10Z"
+ content="""
+Hello,
+
+I have made a second version.
+
+About reverting `installed`, I noticed that it only removes the meta package, which is quite useless. May be I should just drop revertability on this one.
+
+The problem of installing a software just to revert a property can also be seen in `Apache.modEnabled` for exemple.
+
+Any comments are welcome.
+
+Thanks.
+"""]]
diff --git a/doc/forum/Apt.backportInstalledMin___63__.mdwn b/doc/forum/Apt.backportInstalledMin___63__.mdwn
new file mode 100644
index 00000000..64d95c72
--- /dev/null
+++ b/doc/forum/Apt.backportInstalledMin___63__.mdwn
@@ -0,0 +1 @@
+I just installed git-annex using Apt.backportInstalled on a server and was kindof of horrified by the dependendencies dragged in. I suspect much of this is probably just youtube-dl, which should be fixed soon, but anyway, shouldn't there be a way to install from backports without recommends?
diff --git a/doc/forum/Apt.backportInstalledMin___63__/comment_1_4e5e6b479e478897eea3337b9468db15._comment b/doc/forum/Apt.backportInstalledMin___63__/comment_1_4e5e6b479e478897eea3337b9468db15._comment
new file mode 100644
index 00000000..83b976d2
--- /dev/null
+++ b/doc/forum/Apt.backportInstalledMin___63__/comment_1_4e5e6b479e478897eea3337b9468db15._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-10-14T16:28:46Z"
+ content="""
+Indeed, that's the kind of improvement I will gladly
+accept any time, and should be very easy to add. So don't hesitate to add
+properties like that and send patches.
+
+(In this case I had 5 minutes so I implemented it already.)
+"""]]
diff --git a/doc/forum/Make_clean_fails_in_openbsd.mdwn b/doc/forum/Make_clean_fails_in_openbsd.mdwn
new file mode 100644
index 00000000..0f73586a
--- /dev/null
+++ b/doc/forum/Make_clean_fails_in_openbsd.mdwn
@@ -0,0 +1,25 @@
+openbsd requires specifying the path for the [`find`][0] command. So this:
+
+ find -name \*.o
+ find: unknown option -- n
+ usage: find [-dHhLXx] [-f path] path ... [expression]
+
+
+fails.
+
+This works:
+
+
+ find . -name \*.o
+ ./dist/build/Utility/Applicative.o
+ ./dist/build/Utility/PosixFiles.o
+ ./dist/build/Utility/Split.o
+ ...
+
+
+as expected.
+
+Here's a patch for it: [0001-Makefile-Update-clean.patch][1].
+
+[0]: https://man.openbsd.org/find
+[1]: https://ricketyspace.net/patch/0001-Makefile-Update-clean.patch
diff --git a/doc/forum/Make_clean_fails_in_openbsd/comment_1_27faa3850b462e8930752209f41e2c2f._comment b/doc/forum/Make_clean_fails_in_openbsd/comment_1_27faa3850b462e8930752209f41e2c2f._comment
new file mode 100644
index 00000000..c7939851
--- /dev/null
+++ b/doc/forum/Make_clean_fails_in_openbsd/comment_1_27faa3850b462e8930752209f41e2c2f._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-10-23T15:31:13Z"
+ content="""
+Thanks for the patch. The only thing you could have done better is post
+this in [[todo]].
+"""]]
diff --git a/doc/forum/Make_clean_fails_in_openbsd/comment_2_be7daa63ed7b5689f3e626eedd2fb648._comment b/doc/forum/Make_clean_fails_in_openbsd/comment_2_be7daa63ed7b5689f3e626eedd2fb648._comment
new file mode 100644
index 00000000..ca5c4c81
--- /dev/null
+++ b/doc/forum/Make_clean_fails_in_openbsd/comment_2_be7daa63ed7b5689f3e626eedd2fb648._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="s@aa9ff9ce06b08acfd2a93ebd342ce6879430fbdd"
+ nickname="s"
+ avatar="http://cdn.libravatar.org/avatar/81bf27f8b35011d1846711fa37a5588f"
+ subject="comment 2"
+ date="2018-10-28T19:43:55Z"
+ content="""
+Apologies for the haste. I'll post patches under [[/todo]] in<br/>
+the future
+"""]]
diff --git a/doc/forum/__34__predictable__34___network_interface_names.mdwn b/doc/forum/__34__predictable__34___network_interface_names.mdwn
new file mode 100644
index 00000000..88b4b414
--- /dev/null
+++ b/doc/forum/__34__predictable__34___network_interface_names.mdwn
@@ -0,0 +1,3 @@
+When using propellor to install/create VM images, one naturally wants to set some kind of sane network configuration. Unfortunately the name of the network interface in the guest (or newly installed system) varies according to the hardware setup. As a concrete example, in a newly created stretch amd64 image it is ens0, while in a stretch s390x image it is enc0. I guess the Debian installer must have some way of figuring this out and creating a sane /etc/network/interfaces. Is this something that Property.DiskImage can help with, or do I need to carry per-VM configuration information? I don't mind so much the extra config info, but it's a bit annoying that I need to boot the vm to see what the network device is called.
+
+I guess the Luddite solution is to turn off interface renaming via boot options; I'm not sure that option will always be available to me, e.g. when deploying images on someone else's host.
diff --git a/doc/forum/__34__predictable__34___network_interface_names/comment_1_6bf05129a9aa5b427c0838753b5b0673._comment b/doc/forum/__34__predictable__34___network_interface_names/comment_1_6bf05129a9aa5b427c0838753b5b0673._comment
new file mode 100644
index 00000000..c3e4e663
--- /dev/null
+++ b/doc/forum/__34__predictable__34___network_interface_names/comment_1_6bf05129a9aa5b427c0838753b5b0673._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-10-14T16:18:37Z"
+ content="""
+I don't think this is specific to disk image creation, you just need a
+property that arranges whatever configuration will lead to the names you
+want.
+
+You may be looking for /lib/systemd/network/99-default.link which can be
+masked to get the kernel's traditional names.
+"""]]
diff --git a/doc/forum/__34__predictable__34___network_interface_names/comment_2_25a2911fa57ea3da20f25b25d7c4406b._comment b/doc/forum/__34__predictable__34___network_interface_names/comment_2_25a2911fa57ea3da20f25b25d7c4406b._comment
new file mode 100644
index 00000000..e284c8f1
--- /dev/null
+++ b/doc/forum/__34__predictable__34___network_interface_names/comment_2_25a2911fa57ea3da20f25b25d7c4406b._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="needs update-initramfs"
+ date="2018-10-14T21:03:28Z"
+ content="""
+I guess that's a more productive line of thinking, I wouldn't expect these vm's to have more than one network interface. One gotcha that took a bit to figure out is that the masking needs update-initramfs to be seen at boot. The following seems to be working for me:
+
+[[!format haskell \"\"\"
+& File.hasContent \"/etc/systemd/network/99-default.link\" []
+ `onChange` ( Cmd.cmdProperty \"update-initramfs\" [\"-u\"] `changesFile` \"/initrd.img\" )
+\"\"\"]]
+"""]]
diff --git a/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd.mdwn b/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd.mdwn
new file mode 100644
index 00000000..c66bbc23
--- /dev/null
+++ b/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd.mdwn
@@ -0,0 +1,6 @@
+The `-a` option is unfortunately [not available in openbsd's version][1] of the `cp` command.
+
+Here's a patch for it [0001-src-Update-Propellor.Bootstrap.cabalBuild.patch][2].
+
+[1]: https://man.openbsd.org/cp
+[2]: https://ricketyspace.net/patch/0001-src-Update-Propellor.Bootstrap.cabalBuild.patch
diff --git a/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd/comment_1_ccf181b032aad9134ff513878956d1b2._comment b/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd/comment_1_ccf181b032aad9134ff513878956d1b2._comment
new file mode 100644
index 00000000..f5ac7ae0
--- /dev/null
+++ b/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd/comment_1_ccf181b032aad9134ff513878956d1b2._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-10-23T15:34:56Z"
+ content="""
+Thanks for the patch. I've applied it. I suspect it would be sufficient to
+use -p?<Down>
+
+If you're going to be posting a bunch of openbsd porting patches,
+which I hope you are, please use [[todo]] so they don't flood the forum
+and so it's obvious which have been applied and which not.
+
+Also, see [[contributing]] for some other useful things to do.
+"""]]
diff --git a/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd/comment_2_b9f9c1903f1a54bad8d9021702056f41._comment b/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd/comment_2_b9f9c1903f1a54bad8d9021702056f41._comment
new file mode 100644
index 00000000..09a5b01e
--- /dev/null
+++ b/doc/forum/__96__Propellor.Bootstrap.cabalBuild__96___fails_in_openbsd/comment_2_b9f9c1903f1a54bad8d9021702056f41._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="s@aa9ff9ce06b08acfd2a93ebd342ce6879430fbdd"
+ nickname="s"
+ avatar="http://cdn.libravatar.org/avatar/81bf27f8b35011d1846711fa37a5588f"
+ subject="comment 2"
+ date="2018-10-28T19:43:21Z"
+ content="""
+> ...I suspect it would be sufficient to use -p?
+
+I think you're right, `-pf` should be sufficient.
+
+> If you're going to be posting a bunch of openbsd porting patches, which I hope you are, please use [[/todo]] so they don't flood the forum and so it's obvious which have been applied and which not.
+
+Apologies for the haste. I'll post patches under [[/todo]] in<br/>
+the future and take a look at [[/contributing]]. Thanks for<br/>
+pointing out.
+"""]]
diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_3_a749abb97ebafd26bb695663b68673c5._comment b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_3_a749abb97ebafd26bb695663b68673c5._comment
new file mode 100644
index 00000000..f4448ddf
--- /dev/null
+++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_3_a749abb97ebafd26bb695663b68673c5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="maybe some equivalent of CryptPassword"
+ date="2018-10-16T11:51:23Z"
+ content="""
+Storing plaintext luks passwords on disk doesn't sound great for most applications, but I wonder if the encrypted form could be stored in privdata. Something using e.g. \"cryptsetup luksDump\" or \"cryptsetup luksHeaderBackup\". I have no idea how practical it is to generate such data without being logged into the machine in question.
+"""]]
diff --git a/doc/news/version_5.3.4.mdwn b/doc/news/version_5.3.4.mdwn
deleted file mode 100644
index 09358138..00000000
--- a/doc/news/version_5.3.4.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-propellor 5.3.4 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * Apt.trustsKey: Use apt-key to add key rather than manually driving gpg,
- which seems to not work anymore.
- Thanks, Russell Sim.
- * Firewall: Reorder iptables parameters that are order
- dependant to make --to-dest and --to-source work.
- Thanks, Russell Sim"""]] \ No newline at end of file
diff --git a/doc/news/version_5.5.0.mdwn b/doc/news/version_5.5.0.mdwn
new file mode 100644
index 00000000..360a5314
--- /dev/null
+++ b/doc/news/version_5.5.0.mdwn
@@ -0,0 +1,20 @@
+propellor 5.5.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * letsencrypt': Pass --expand to support expanding the list of domains
+ * Split mailname property out of Hostname.sane, since bad mailname
+ guesses can lead to ugly surprises. (API change)
+ * Removed HostingProvider.CloudatCost module as it lacks a maintainer.
+ (If anyone would like to maintain it, send a patch adding it back.)
+ (API change)
+ * Added Systemd.escapePath helper function useful when creating mount
+ units.
+ * Added Sudo.sudoersDFile property.
+ * Sudo.enabledFor: Write to /etc/sudoers.d/000users rather than to
+ /etc/sudoers. (Any old lines it wrote to /etc/sudoers will be removed.)
+ This fixes a potential ordering problem; the property used to append
+ the line to /etc/sudoers, but that would override more specific lines
+ in the include directory.
+ * Borg: Added UsesEnvVar.
+ * Added DiskImage.noBootloader, useful for eg, direct booting with
+ qemu. Thanks, David Bremner.
+ * Added Apt.backportInstalledMin."""]] \ No newline at end of file
diff --git a/doc/todo/support_for_libvirt_KVM_VMs/comment_4_dbd2c399c8ef8ac56ae06f1a701fdc45._comment b/doc/todo/support_for_libvirt_KVM_VMs/comment_4_dbd2c399c8ef8ac56ae06f1a701fdc45._comment
new file mode 100644
index 00000000..8ce06a1c
--- /dev/null
+++ b/doc/todo/support_for_libvirt_KVM_VMs/comment_4_dbd2c399c8ef8ac56ae06f1a701fdc45._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2018-10-14T01:10:16Z"
+ content="""
+I do think that the conditional property would be a good way for this to
+work.
+
+I think there could also be VMs where you don't want the overhead of
+running propellor inside the VM (especially if the emulation is slow, or
+you don't want to allocate that much memory to the VM, or just have a lot
+of VMs), and the content is disposable. Then propellor could restart the VM
+when it changes the disk image.
+
+There's room for multiple ways to do it..
+
+The disk image building side of this looks easy to me, so if you do the libvirt
+stuff, Sean, I might contribute something. :)
+"""]]
diff --git a/doc/todo/support_for_libvirt_KVM_VMs/comment_5_364df45dda89ed83cf8db6fa4cbdc186._comment b/doc/todo/support_for_libvirt_KVM_VMs/comment_5_364df45dda89ed83cf8db6fa4cbdc186._comment
new file mode 100644
index 00000000..5062ed5d
--- /dev/null
+++ b/doc/todo/support_for_libvirt_KVM_VMs/comment_5_364df45dda89ed83cf8db6fa4cbdc186._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="insufficient magic"
+ date="2018-10-14T11:12:36Z"
+ content="""
+right, changing the backing image would probably break everything.
+"""]]
diff --git a/doc/todo/support_for_libvirt_KVM_VMs/comment_6_9c2792cec842dba7a8fabb24c2c33da0._comment b/doc/todo/support_for_libvirt_KVM_VMs/comment_6_9c2792cec842dba7a8fabb24c2c33da0._comment
new file mode 100644
index 00000000..931b21fe
--- /dev/null
+++ b/doc/todo/support_for_libvirt_KVM_VMs/comment_6_9c2792cec842dba7a8fabb24c2c33da0._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="creating the libvirt VM"
+ date="2018-11-04T01:03:06Z"
+ content="""
+I've now an adhoc, proof-of-concept libvirt VM provisioned by my config.hs, just using a raw disk image. It turns out that propellor should not be writing the XML configuration file in /etc, but having libvirt generate it. This is because the config is not meant to be directly edited. So, propellor should call virt-install(1) to setup and boot the VM.
+
+My code uses virt-install's --import option, also passing it the location of the disk image generated by propellor. The main problem is that the invocation of virt-install won't return until after the VM first shuts down; the idea is that you are running the OS installer and then you reboot. Possibly using --boot instead of --import will help here; not sure.
+
+We will need the user to specify how much RAM and how many vCPUs to assign to the VM. All the other parameters to virt-install can be determined by looking at the properties of the VM `Host`.
+
+Otherwise, the user will need to set an IP property on the VM so that it can be conducted. I think we will need to leave the user to do this, as there are so many possible network configurations for libvirt VMs. But we could probably provide helper properties. In particular, the standard setup will be to use `Network.static`, though I'm not sure about how to do that with indeterministic interface names.
+"""]]
diff --git a/doc/todo/support_for_libvirt_KVM_VMs/comment_7_246609ff0b30329fe64fe1c100b62c45._comment b/doc/todo/support_for_libvirt_KVM_VMs/comment_7_246609ff0b30329fe64fe1c100b62c45._comment
new file mode 100644
index 00000000..1aa82a09
--- /dev/null
+++ b/doc/todo/support_for_libvirt_KVM_VMs/comment_7_246609ff0b30329fe64fe1c100b62c45._comment
@@ -0,0 +1,49 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="New design: requesting feedback"
+ date="2018-11-04T17:39:51Z"
+ content="""
+Having slept on it, and also looked at some more of virt-install(1), I have a new design. I'd be grateful for feedback on this, before implementation.
+
+We have two properties: `Libvirt.kvmRunning` and `Libvirt.kvmRunningConducted`, where
+
+ kvmRunningConnected host = conducts host `requires` kvmRunning host
+
+The basic reason for separating these two properties is that for the conducting to work, various network things have to be set up, and there isn't a configuration that it would be sensible to have as a default. More generally, libvirt isn't at all suited to declarative configuration. What propellor can do well is build an image and have libvirt generate a barebones XML configuration file to boot the image. This is what `Libvirt.kvmRunning` will do. After that, we're going to have to leave it up to the user. I suspect that outside of the very simplest cases, they are going to have to make a series of virsh(1) calls, using `flagFile` to ensure that it only happens once.
+
+`Libvirt.kvmRunning` will work like this:
+
+1. ensure libvirt etc. are installed
+2. build the image if it doesn't exist
+3. nuke the chroot used to build the image
+3. if VM config does not exist,
+ 1. `virt-install -n vm-hostname --description \"vm-hostname VM\" --os-type=Linux --os-variant=debian9 --ram=1024 --vcpus=2 --autostart --disk path=/var/lib/libvirt/images/vm-hostname.img,device=disk,bus=virtio --import --print-xml >/tmp/foo`
+ 2. `virsh define /tmp/foo`
+ - `virt-install --print-xml` and then `virsh define` avoids the problem of virt-install not exiting until after the VM has been shutdown at least once/the virt-viewer instance launched by virt-install has been closed
+ 3. `virsh start vm-hostname`
+
+Sample usage:
+
+ laptop :: Host
+ laptop = host \"iris.silentflame.com\" $ props
+ & osDebian (Stable \"stretch\") X86_64
+ & Libvirt.kvmRunning Raw 1GB 2 develacc -- specification of image type, RAM and vCPUs to assign
+
+ develacc :: Host
+ develacc = host \"develacc.iris.silentflame.com\" $ props
+ & osDebian Unstable X86_64
+ & hasPartition
+ ( partition EXT4
+ `mountedAt` \"/\"
+ `addFreeSpace` MegaBytes 10240
+ )
+ & Apt.installed [\"linux-image-amd64\"]
+ & Grub.installed PC
+
+ & ipv4 \"192.168.122.31\"
+ & Network.static \"ens3\" (IPv4 \"192.168.122.31\")
+ (Just (Network.Gateway (IPv4 \"192.168.122.1\")))
+ `requires` Network.cleanInterfacesFile
+ & Hostname.sane
+"""]]
diff --git a/doc/todo/support_for_libvirt_KVM_VMs/comment_8_f7ceb2909d6884a9b13500b7c660469a._comment b/doc/todo/support_for_libvirt_KVM_VMs/comment_8_f7ceb2909d6884a9b13500b7c660469a._comment
new file mode 100644
index 00000000..0af0baaa
--- /dev/null
+++ b/doc/todo/support_for_libvirt_KVM_VMs/comment_8_f7ceb2909d6884a9b13500b7c660469a._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 8"""
+ date="2018-11-05T16:40:57Z"
+ content="""
+Seems that kvmRunning would need a warning that changes to the propellor
+configuration of the VM's Host won't affect the VM. Because it's unusual for
+propellor to only be able to set something up and not change it afterwards.
+
+But kvmRunning is certianly a useful low level property, and combining with
+other properties like that is good.
+
+Hmm, it's actually possible to mount a qcow2 image using libguestfs-tools.
+<http://ask.xmodulo.com/mount-qcow2-disk-image-linux.html>
+So, propellor could temporarily take down the VM and run inside the qcow2
+to update it! Although doing that every time propellor is run seems
+suboptimal. It could keep the chroot around and only update the qcow2 image
+if the chroot needed to be updated. I am not sure how I feel about that
+idea.
+
+We could also make conducting easier to set up, perhaps not needing `main`
+to be modified to use it.
+"""]]
diff --git a/privdata/relocate b/privdata/relocate
deleted file mode 100644
index 271692d8..00000000
--- a/privdata/relocate
+++ /dev/null
@@ -1 +0,0 @@
-.joeyconfig
diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs
index 064221f9..6d7fc4d6 100644
--- a/src/Propellor/Property/Apt.hs
+++ b/src/Propellor/Property/Apt.hs
@@ -241,6 +241,10 @@ type Package = String
installed :: [Package] -> Property DebianLike
installed = installed' ["-y"]
+-- | Minimal install of package, without recommends.
+installedMin :: [Package] -> Property DebianLike
+installedMin = installed' ["--no-install-recommends", "-y"]
+
installed' :: [String] -> [Package] -> Property DebianLike
installed' params ps = robustly $ check (not <$> isInstalled' ps) go
`describe` unwords ("apt installed":ps)
@@ -253,20 +257,23 @@ installed' params ps = robustly $ check (not <$> isInstalled' ps) go
-- dependencies from stable-backports too, you will need to include those
-- dependencies in the list of packages passed to this function.
backportInstalled :: [Package] -> Property Debian
-backportInstalled ps = withOS desc $ \w o -> case o of
+backportInstalled = backportInstalled' ["-y"]
+
+-- | Minimal install from the stable-backports suite, without recommends.
+backportInstalledMin :: [Package] -> Property Debian
+backportInstalledMin = backportInstalled' ["--no-install-recommends", "-y"]
+
+backportInstalled' :: [String] -> [Package] -> Property Debian
+backportInstalled' params ps = withOS desc $ \w o -> case o of
(Just (System (Debian _ suite) _)) -> case backportSuite suite of
Nothing -> unsupportedOS'
Just bs -> ensureProperty w $
- runApt (["install", "-y"] ++ ((++ '/':bs) <$> ps))
+ runApt (("install":params) ++ ((++ '/':bs) <$> ps))
`changesFile` dpkgStatus
_ -> unsupportedOS'
where
desc = unwords ("apt installed backport":ps)
--- | Minimal install of package, without recommends.
-installedMin :: [Package] -> Property DebianLike
-installedMin = installed' ["--no-install-recommends", "-y"]
-
removed :: [Package] -> Property DebianLike
removed ps = check (any (== IsInstalled) <$> getInstallStatus ps)
(runApt (["-y", "remove"] ++ ps))
diff --git a/src/Propellor/Property/Sudo.hs b/src/Propellor/Property/Sudo.hs
index 12660aa9..ad577439 100644
--- a/src/Propellor/Property/Sudo.hs
+++ b/src/Propellor/Property/Sudo.hs
@@ -18,6 +18,8 @@ import Propellor.Property.User
--
-- If the main sudoers file contains a conflicting line for
-- the user for ALL commands, the line will be removed.
+--
+-- Also ensures that the main sudoers file includes /etc/sudoers.d/
enabledFor :: User -> RevertableProperty DebianLike DebianLike
enabledFor user@(User u) = setup `requires` Apt.installed ["sudo"] <!> cleanup
where
@@ -25,6 +27,7 @@ enabledFor user@(User u) = setup `requires` Apt.installed ["sudo"] <!> cleanup
setup = property' desc $ \w -> do
locked <- liftIO $ isLockedPassword user
ensureProperty w $ combineProperties desc $ props
+ & containsLine sudoers "#includedir /etc/sudoers.d"
& fileProperty desc
(modify locked . filter (wanted locked))
dfile