summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn1
-rw-r--r--doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment10
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__.mdwn1
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment7
-rw-r--r--doc/news/propellor_demo.mdwn8
-rw-r--r--doc/news/version_0.8.1.mdwn7
-rw-r--r--doc/news/version_0.8.2.mdwn10
-rw-r--r--doc/news/version_0.8.3.mdwn11
-rw-r--r--doc/news/version_0.9.0.mdwn12
-rw-r--r--doc/news/version_0.9.1.mdwn6
-rw-r--r--doc/security.mdwn2
-rw-r--r--doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment10
-rw-r--r--doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment8
-rw-r--r--doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment17
-rw-r--r--doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment22
-rw-r--r--doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment13
-rw-r--r--doc/todo/git_push_over_propellor_ssh_channel.mdwn11
-rw-r--r--doc/todo/port_info_for_properties_for_firewall.mdwn24
-rw-r--r--doc/todo/type_level_port_conflict_detection.mdwn5
19 files changed, 184 insertions, 1 deletions
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
new file mode 100644
index 00000000..0815b4b3
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
@@ -0,0 +1 @@
+How can I modify the configuration of a managed host (which seems to be stored in /usr/local/propellor/.git/config) from the host on which I run propellor?
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
new file mode 100644
index 00000000..f034a377
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:40:33Z"
+ content="""
+I'm curious what you need to configure there..
+
+But, there seems to be a simple solution: Add a Property that configures
+the .git/config however you need to! :)
+"""]]
diff --git a/doc/forum/propellor_with_no_central_repository__63__.mdwn b/doc/forum/propellor_with_no_central_repository__63__.mdwn
new file mode 100644
index 00000000..5f322878
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__.mdwn
@@ -0,0 +1 @@
+Is there a way to use propellor with no central repository?
diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
new file mode 100644
index 00000000..1f1456c5
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:39:48Z"
+ content="""
+Not yet, but see [[todo/git_push_over_propellor_ssh_channel]]
+"""]]
diff --git a/doc/news/propellor_demo.mdwn b/doc/news/propellor_demo.mdwn
new file mode 100644
index 00000000..362f56e6
--- /dev/null
+++ b/doc/news/propellor_demo.mdwn
@@ -0,0 +1,8 @@
+A quick demo of propellor.
+
+<video controls src="http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm"></video>
+
+[video](http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm)
+
+(Audio quality is clipped/fast in places, unfortunately this was a problem
+with the source recording.)
diff --git a/doc/news/version_0.8.1.mdwn b/doc/news/version_0.8.1.mdwn
new file mode 100644
index 00000000..963b4a80
--- /dev/null
+++ b/doc/news/version_0.8.1.mdwn
@@ -0,0 +1,7 @@
+propellor 0.8.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Run apt-get update in initial bootstrap.
+ * --list-fields now includes a table of fields that are not currently set,
+ but would be used if they got set.
+ * Remove .gitignore from cabal file list, to avoid build failure on Debian.
+ Closes: #[754334](http://bugs.debian.org/754334)"""]] \ No newline at end of file
diff --git a/doc/news/version_0.8.2.mdwn b/doc/news/version_0.8.2.mdwn
new file mode 100644
index 00000000..d1e9da18
--- /dev/null
+++ b/doc/news/version_0.8.2.mdwn
@@ -0,0 +1,10 @@
+propellor 0.8.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Fix bug in File.containsLines that caused lines that were already in the
+ file to sometimes be appended to the end.
+ * Hostname.sane also configures /etc/mailname.
+ * Fixed Postfix.satellite to really configure relayhost = smtp.domain.
+ * Avoid reconfiguring postfix unncessarily when it already has a relayhost.
+ * Deal with apache 2.4's change in the name of site-available config files.
+ * Hostname aliases can now be used in several places, including --spin
+ and Ssh.knownHost."""]] \ No newline at end of file
diff --git a/doc/news/version_0.8.3.mdwn b/doc/news/version_0.8.3.mdwn
new file mode 100644
index 00000000..82f400c0
--- /dev/null
+++ b/doc/news/version_0.8.3.mdwn
@@ -0,0 +1,11 @@
+propellor 0.8.3 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * The Debian package now includes a single-revision git repository in
+ /usr/src/propellor/, and ~/.propellor/ is set up to use this repository as
+ its origin remote. This avoids relying on the security of the github
+ repository when using the Debian package.
+ * The /usr/bin/propellor wrapper will warn when ~/.propellor/ is out of date
+ and a newer version is available, after which git merge upstream/master
+ can be run to merge it.
+ * Included the config.hs symlink to config-simple.hs in the cabal and Debian
+ packages."""]] \ No newline at end of file
diff --git a/doc/news/version_0.9.0.mdwn b/doc/news/version_0.9.0.mdwn
new file mode 100644
index 00000000..f50a6b29
--- /dev/null
+++ b/doc/news/version_0.9.0.mdwn
@@ -0,0 +1,12 @@
+propellor 0.9.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Avoid encoding the current stable suite in propellor's code,
+ since that poses a difficult transition around the release,
+ and can easily be wrong if an older version of propellor is used.
+ Instead, the os property for a stable system includes the suite name
+ to use, eg Stable "wheezy".
+ * stdSourcesList uses the stable suite name, to avoid unwanted
+ immediate upgrades to the next stable release.
+ * debCdn switched from cdn.debian.net to http.debian.net, which seems to be
+ better managed now.
+ * Docker: Avoid committing container every time it's started up."""]] \ No newline at end of file
diff --git a/doc/news/version_0.9.1.mdwn b/doc/news/version_0.9.1.mdwn
new file mode 100644
index 00000000..1a7039cf
--- /dev/null
+++ b/doc/news/version_0.9.1.mdwn
@@ -0,0 +1,6 @@
+propellor 0.9.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Docker: Add ability to control when containers restart.
+ * Docker: Default to always restarting containers, so they come back
+ up after reboots and docker daemon upgrades.
+ * Fix loop when a docker host that does not exist was docked."""]] \ No newline at end of file
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 075d68ec..fb174cb7 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -28,7 +28,7 @@ in cleartext private data such as passwords, ssh private keys, etc.
Instead, `propellor --spin $host` looks for a
`~/.propellor/privdata/privdata.gpg` file and if found decrypts it,
-extracts the private that that the $host needs, and sends it to to the
+extracts the private data that the $host needs, and sends it to to the
$host using ssh. This lets a host know its own private data, without
seeing all the rest.
diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
new file mode 100644
index 00000000..4ed9ecdb
--- /dev/null
+++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Is it ok to publish to a public repository?"
+ date="2014-08-29T21:13:19Z"
+ content="""
+It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong?
+
+Thanks
+"""]]
diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
new file mode 100644
index 00000000..4d209b03
--- /dev/null
+++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="131.252.200.111"
+ subject="comment 2"
+ date="2014-08-29T21:52:02Z"
+ content="""
+--add-key puts your **public** key in the repository, not the private key.
+"""]]
diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
new file mode 100644
index 00000000..4d75842d
--- /dev/null
+++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Remote host fails to connect"
+ date="2014-08-30T06:40:33Z"
+ content="""
+Makes sense of course, but the message one gets when doing that is a bit misleading.
+
+I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because:
+
+1. the host key is not initially present in root's known_hosts, then
+2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH
+
+I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore.
+
+Thanks for your help
+"""]]
diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
new file mode 100644
index 00000000..b2ac4d57
--- /dev/null
+++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Output from propellor --spin $host"
+ date="2014-08-30T07:17:52Z"
+ content="""
+Here is the output (truncated):
+
+
+ Permission denied (publickey).
+ fatal: Could not read from remote repository.
+
+ Please make sure you have the correct access rights
+ and the repository exists.
+ Git fetch ... failed
+ fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree.
+ Use '--' to separate paths from revisions, like this:
+ 'git <command> [<revision>...] -- [<file>...]'
+ propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128)
+
+
+"""]]
diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
new file mode 100644
index 00000000..cc26f42d
--- /dev/null
+++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Got it working..."
+ date="2014-08-31T12:50:17Z"
+ content="""
+OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations:
+
+* Use a https:// based url for the first
+* Use a git:// based url for the second
+
+I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url.
+"""]]
diff --git a/doc/todo/git_push_over_propellor_ssh_channel.mdwn b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
new file mode 100644
index 00000000..cac0bfea
--- /dev/null
+++ b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
@@ -0,0 +1,11 @@
+Propellor currently needs a central git server. And it has a special-cased
+protocol during bootstrap that transfers the git repo over to a new host,
+using the ssh connection that will be used to run propellor.
+
+This could be improved by making a git push be done whenever
+`propellor spin $host` runs. The remote propellor runs `git receive-pack`;
+the local one runs `git send-pack`.
+
+Then there would be no need for a central git repo. Although still very
+useful if you have multiple propellor driven hosts and you want to just git
+commit and let cron sort them out.
diff --git a/doc/todo/port_info_for_properties_for_firewall.mdwn b/doc/todo/port_info_for_properties_for_firewall.mdwn
new file mode 100644
index 00000000..efaaba05
--- /dev/null
+++ b/doc/todo/port_info_for_properties_for_firewall.mdwn
@@ -0,0 +1,24 @@
+The firewall module could be improved if properties that set up a service
+on a port included info (see Propellor.Info and Propellor.Types.Info)
+about the port(s) used.
+
+While currently the ports have to be explicitly listed:
+
+ & Apache.installed
+ & Firewall.installed
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 80))
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 443))
+
+Instead the ports would be derived from the installed services.
+
+ & Apache.installed
+ & Firewall.installed
+
+There could also be some combinators to adjust the exposed
+ports of a property.
+
+ & localOnly Apache.installed
+ & exposedPorts [443,80] (Apt.serviceInstalledRunning "apache2")
+
+Such port enformation is also going to be needed as a basis of
+[[type_level_port_conflict_detection]]. --[[Joey]]
diff --git a/doc/todo/type_level_port_conflict_detection.mdwn b/doc/todo/type_level_port_conflict_detection.mdwn
new file mode 100644
index 00000000..5aec5775
--- /dev/null
+++ b/doc/todo/type_level_port_conflict_detection.mdwn
@@ -0,0 +1,5 @@
+See <http://stackoverflow.com/questions/26027765/using-types-to-prevent-conflicting-port-numbers-in-a-list> --[[Joey]]
+
+Needs ghc newer than 7.6.3. It may be possible to port Data.Type.Equality
+and Data.Type.Bool to older versions; I got them to compile but they didn't
+work right. --[[Joey]]