From ef2df05744838481aaec880bffe19376d5e22813 Mon Sep 17 00:00:00 2001 From: s@aa9ff9ce06b08acfd2a93ebd342ce6879430fbdd Date: Sun, 17 Jun 2018 16:22:18 +0000 Subject: New post - DNS - Support for Multiline TXT records. --- .../DNS_-_Support_for_Multiline_TXT_records.mdwn | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 doc/forum/DNS_-_Support_for_Multiline_TXT_records.mdwn diff --git a/doc/forum/DNS_-_Support_for_Multiline_TXT_records.mdwn b/doc/forum/DNS_-_Support_for_Multiline_TXT_records.mdwn new file mode 100644 index 00000000..69a62b59 --- /dev/null +++ b/doc/forum/DNS_-_Support_for_Multiline_TXT_records.mdwn @@ -0,0 +1,19 @@ +bind9 has a limit on the number of characters in a single line TXT record. I was unable to provision the DKIM TXT record using propellor due to this limit. + +I added a new MTXT record type to `Propellor.Types.DNS.Record` ([patch][1]). + +MTXT creates a multiline TXT record. It splits the record's text (say +"long string...\n...xyz") at `'\n'` and creates a TXT record of the +form: + + + domain IN TXT ( "long string..." + "...xyz" ) + + +I'm [currently using this recipe][2] to provision the DKIM TXT record. + +I want to know if there is a better way to do this without having to add the MTXT record type? + +[1]: https://ricketyspace.net/file/0001-add-MTXT-record-type-to-Propellor.Types.DNS.Record.patch +[2]: https://git.ricketyspace.net/propellor/tree/config.hs#n722 -- cgit v1.2.3 From 28d4e272ce7b9975cb5441da1dd9ec76a826295b Mon Sep 17 00:00:00 2001 From: Nicolas.Schodet Date: Tue, 19 Jun 2018 18:56:28 +0000 Subject: Added a comment --- .../comment_2_e18fc448f51478617e5b2b9b05ce4a0f._comment | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 doc/forum/Adding_support_for_a_SQL_server/comment_2_e18fc448f51478617e5b2b9b05ce4a0f._comment diff --git a/doc/forum/Adding_support_for_a_SQL_server/comment_2_e18fc448f51478617e5b2b9b05ce4a0f._comment b/doc/forum/Adding_support_for_a_SQL_server/comment_2_e18fc448f51478617e5b2b9b05ce4a0f._comment new file mode 100644 index 00000000..74654902 --- /dev/null +++ b/doc/forum/Adding_support_for_a_SQL_server/comment_2_e18fc448f51478617e5b2b9b05ce4a0f._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="Nicolas.Schodet" + avatar="http://cdn.libravatar.org/avatar/0d7ec808ec329d04ee9a93c0da3c0089" + subject="comment 2" + date="2018-06-19T18:56:28Z" + content=""" +I am looking for a solution which could be integrated to propellor. Is it possible to include those additional libraries in propellor sources and have them included in the build on demand? I am not very familiar with the haskell build systems. + +About generated passwords, a nice solution would be to do it in PrivData. The user would provide a salt as the private data and it would be combined to context to generate a password. I can try find how this could be done. +"""]] -- cgit v1.2.3 From 16e029099f0be3491e9d7ad6f787cd24d5ef58bf Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 23 Jun 2018 15:11:34 -0400 Subject: response --- ...ent_1_b97c158ae4e3abb6e4c90a2c91e0c207._comment | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_1_b97c158ae4e3abb6e4c90a2c91e0c207._comment diff --git a/doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_1_b97c158ae4e3abb6e4c90a2c91e0c207._comment b/doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_1_b97c158ae4e3abb6e4c90a2c91e0c207._comment new file mode 100644 index 00000000..5595af19 --- /dev/null +++ b/doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_1_b97c158ae4e3abb6e4c90a2c91e0c207._comment @@ -0,0 +1,25 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2018-06-23T18:42:32Z" + content=""" +It seems that the limit is 255 characters, and this +limit applies to any string in a bind zone file, +rather than being a maximim line length. A single line can contain multiple +such strings, although there's probably a maximum line length somewhere +too, so using parens to extend across multiple lines is wise. + +The values inside the parens are concacenated together, no newline is added +to the string that bind builds up from them AFAICS. + +So it seems your code is stripping out the newlines from the TXT value. +Which probably doesn't matter for DKIM public key material, +and I don't think that bind zone files support multiline strings anyway. +But a single line could be too long and splitting on newlines would not +help then. + +So, I think the thing to do would be to make `rValue` break TXT +strings into substrings no longer than 255 characters. Then you don't +need a new constructor, and long SSHFP etc records could also be handled +that way. +"""]] -- cgit v1.2.3 From 7f043301bf5a22731b766e9dfe6ad357cc1840c1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 23 Jun 2018 15:18:55 -0400 Subject: response --- .../comment_3_14b6968853d30a2054cc675c6005f29f._comment | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 doc/forum/Adding_support_for_a_SQL_server/comment_3_14b6968853d30a2054cc675c6005f29f._comment diff --git a/doc/forum/Adding_support_for_a_SQL_server/comment_3_14b6968853d30a2054cc675c6005f29f._comment b/doc/forum/Adding_support_for_a_SQL_server/comment_3_14b6968853d30a2054cc675c6005f29f._comment new file mode 100644 index 00000000..b566f3c5 --- /dev/null +++ b/doc/forum/Adding_support_for_a_SQL_server/comment_3_14b6968853d30a2054cc675c6005f29f._comment @@ -0,0 +1,16 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 3""" + date="2018-06-23T19:13:59Z" + content=""" +Well, cabal files can have flags that enable additional dependencies, but +using them complicates testing the program since you have to try building +it with different combinations of flags. And deploying propellor with the +desired flags turned on would be an additional complication. + +I feel that additional libraries that depend on propellor and the sql +library and provide properties is a better approach. The user can easily +add the dependency to their ~/.propellor/config.cabal, and the necessary +dependencies will be automatically installed when propellor is deploying +itself to a new host. +"""]] -- cgit v1.2.3 From 8a7967f6fb5070c0f5a1a8efb2d1c1b6062662e3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 23 Jun 2018 15:18:56 -0400 Subject: clean up after merge --- config.hs | 2 +- privdata/relocate | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 100644 privdata/relocate diff --git a/config.hs b/config.hs index 97d90636..ec313725 120000 --- a/config.hs +++ b/config.hs @@ -1 +1 @@ -joeyconfig.hs \ No newline at end of file +config-simple.hs \ No newline at end of file diff --git a/privdata/relocate b/privdata/relocate deleted file mode 100644 index 271692d8..00000000 --- a/privdata/relocate +++ /dev/null @@ -1 +0,0 @@ -.joeyconfig -- cgit v1.2.3 From db251d6ce84b85c062c7952759abff53b10a4d92 Mon Sep 17 00:00:00 2001 From: s@aa9ff9ce06b08acfd2a93ebd342ce6879430fbdd Date: Sun, 24 Jun 2018 14:49:31 +0000 Subject: update link 2 --- doc/forum/DNS_-_Support_for_Multiline_TXT_records.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/forum/DNS_-_Support_for_Multiline_TXT_records.mdwn b/doc/forum/DNS_-_Support_for_Multiline_TXT_records.mdwn index 69a62b59..e6f2b478 100644 --- a/doc/forum/DNS_-_Support_for_Multiline_TXT_records.mdwn +++ b/doc/forum/DNS_-_Support_for_Multiline_TXT_records.mdwn @@ -16,4 +16,4 @@ I'm [currently using this recipe][2] to provision the DKIM TXT record. I want to know if there is a better way to do this without having to add the MTXT record type? [1]: https://ricketyspace.net/file/0001-add-MTXT-record-type-to-Propellor.Types.DNS.Record.patch -[2]: https://git.ricketyspace.net/propellor/tree/config.hs#n722 +[2]: https://git.ricketyspace.net/propellor/tree/config.hs?id=67f47e5a23e8c7814014ea58f2dbc9f7c58ede3a#n722 -- cgit v1.2.3 From 9736b12319ce5d892798e7e9f28f437a98737293 Mon Sep 17 00:00:00 2001 From: s@aa9ff9ce06b08acfd2a93ebd342ce6879430fbdd Date: Sun, 24 Jun 2018 14:58:53 +0000 Subject: Added a comment --- .../comment_2_ccd261bdc9615b7490ec0f6824f35e19._comment | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_2_ccd261bdc9615b7490ec0f6824f35e19._comment diff --git a/doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_2_ccd261bdc9615b7490ec0f6824f35e19._comment b/doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_2_ccd261bdc9615b7490ec0f6824f35e19._comment new file mode 100644 index 00000000..3fbd389f --- /dev/null +++ b/doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_2_ccd261bdc9615b7490ec0f6824f35e19._comment @@ -0,0 +1,15 @@ +[[!comment format=mdwn + username="s@aa9ff9ce06b08acfd2a93ebd342ce6879430fbdd" + nickname="s" + avatar="http://cdn.libravatar.org/avatar/81bf27f8b35011d1846711fa37a5588f" + subject="comment 2" + date="2018-06-24T14:58:53Z" + content=""" +joeyh, Thanks for the feedback. + +I updated the definition of `TXT`'s `rValue` according to your suggestion and removed the `MTXT` record -- [patch][patch]. + +I would like to get the patch merged into upstream, let me know if I've to refactor it. + +[patch]: https://ricketyspace.net/file/0001-update-rValue-of-Dns-TXT-record-type.patch +"""]] -- cgit v1.2.3 From 5f6e3fc68cf78ddce8ec93601c49714dec1a382b Mon Sep 17 00:00:00 2001 From: s@aa9ff9ce06b08acfd2a93ebd342ce6879430fbdd Date: Sun, 24 Jun 2018 15:02:28 +0000 Subject: Add s user page. --- doc/user/s.mdwn | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 doc/user/s.mdwn diff --git a/doc/user/s.mdwn b/doc/user/s.mdwn new file mode 100644 index 00000000..08ef7bc8 --- /dev/null +++ b/doc/user/s.mdwn @@ -0,0 +1,3 @@ +s [propels some computers][1] using propellor. + +[1]: https://git.ricketyspace.net/propellor/tree/config.hs -- cgit v1.2.3 From 7c55455944e94d2d88f1f5bebf940c3cba0c2417 Mon Sep 17 00:00:00 2001 From: rsiddharth Date: Sun, 24 Jun 2018 13:48:24 +0000 Subject: update rValue of Dns TXT record type The TXT record's string is split into strings of length <= 255 characters and these strings are enclosed inside a pair of parentheses. Signed-off-by: rsiddharth --- src/Propellor/Property/Dns.hs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs index d99a76b0..c89ce271 100644 --- a/src/Propellor/Property/Dns.hs +++ b/src/Propellor/Property/Dns.hs @@ -26,6 +26,7 @@ import Utility.Applicative import qualified Data.Map as M import qualified Data.Set as S +import qualified Data.List.Split as Split (chunksOf) import Data.List -- | Primary dns server for a domain, using bind. @@ -321,8 +322,15 @@ rValue (SSHFP x y s) = Just $ unwords , s ] rValue (INCLUDE f) = Just f -rValue (TXT s) = Just $ [q] ++ filter (/= q) s ++ [q] +rValue (TXT s) = Just $ [op] ++ [w] + ++ (intercalate "\n\t" $ + map (\x -> [q] ++ filter (/= q) x ++ [q]) $ + Split.chunksOf 255 s) + ++ [w] ++ [cp] where + op = '(' + cp = ')' + w = ' ' q = '"' rValue (PTR _) = Nothing -- cgit v1.2.3 From 7d6180a26fa2c12b1e42e0e039313c42eca0beb2 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 24 Jun 2018 11:21:48 -0400 Subject: Dns: Support TXT values longer than bind's maximum string length of 255 bytes. Thanks, rsiddharth. --- debian/changelog | 2 ++ .../comment_3_00f57bb6a54dee0dfbb799babf72a827._comment | 7 +++++++ 2 files changed, 9 insertions(+) create mode 100644 doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_3_00f57bb6a54dee0dfbb799babf72a827._comment diff --git a/debian/changelog b/debian/changelog index 8d9179e4..bad0cad2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,8 @@ propellor (5.4.1) UNRELEASED; urgency=medium method of parsing git log output. Needs git 2.0. * Added ConfFile.containsShellSetting, ConfFile.lacksShellSetting, and EtcDefault.set properties. Thanks, Sean Whitton + * Dns: Support TXT values longer than bind's maximum string length + of 255 bytes. Thanks, rsiddharth. -- Joey Hess Fri, 18 May 2018 10:25:05 -0400 diff --git a/doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_3_00f57bb6a54dee0dfbb799babf72a827._comment b/doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_3_00f57bb6a54dee0dfbb799babf72a827._comment new file mode 100644 index 00000000..8809f999 --- /dev/null +++ b/doc/forum/DNS_-_Support_for_Multiline_TXT_records/comment_3_00f57bb6a54dee0dfbb799babf72a827._comment @@ -0,0 +1,7 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 3""" + date="2018-06-24T15:21:29Z" + content=""" +Looks good to me, merged. +"""]] -- cgit v1.2.3 From 30ce1535b66f402ff8316554000f1a3dc729c26f Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 24 Jun 2018 11:32:46 -0400 Subject: refactor could use zoneFileString for other things eg SSHFP. I have not yet, because AFAICS, SSHFP already splits the key up in a different way and while using zoneFileString should be ok, I'd need to test it.. --- src/Propellor/Property/Dns.hs | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs index c89ce271..8e38a75e 100644 --- a/src/Propellor/Property/Dns.hs +++ b/src/Propellor/Property/Dns.hs @@ -322,17 +322,32 @@ rValue (SSHFP x y s) = Just $ unwords , s ] rValue (INCLUDE f) = Just f -rValue (TXT s) = Just $ [op] ++ [w] - ++ (intercalate "\n\t" $ +rValue (TXT s) = Just $ zoneFileString s + where + op = '(' + cp = ')' + w = ' ' + q = '"' +rValue (PTR _) = Nothing + +-- Bind has a limit on the length of a string in its zone file, +-- but a string can be split into sections that are glued together +-- inside parens to configure a longer value. +-- +-- This adds quotes around each substring. +zoneFileString :: String -> String +zoneFileString s = concat + [ [op, w] + , (intercalate "\n\t" $ map (\x -> [q] ++ filter (/= q) x ++ [q]) $ Split.chunksOf 255 s) - ++ [w] ++ [cp] + , [w, cp] + ] where op = '(' cp = ')' w = ' ' q = '"' -rValue (PTR _) = Nothing -- | Adjusts the serial number of the zone to always be larger -- than the serial number in the Zone record, -- cgit v1.2.3 From 5c6b7ed38be3426039ed087aa7134ee392ee29dd Mon Sep 17 00:00:00 2001 From: metst13@1d16544ec52801db7efb2895d3dc7a4458b8eb45 Date: Fri, 6 Jul 2018 09:10:18 +0000 Subject: --- doc/forum/Separation_of_data_and_code.mdwn | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 doc/forum/Separation_of_data_and_code.mdwn diff --git a/doc/forum/Separation_of_data_and_code.mdwn b/doc/forum/Separation_of_data_and_code.mdwn new file mode 100644 index 00000000..3a09a237 --- /dev/null +++ b/doc/forum/Separation_of_data_and_code.mdwn @@ -0,0 +1,11 @@ +I'm using Fedora for the desktop and CentOS on my server. I have many software packages to install. I store them in shell scripts, with lines like this: + + yum -y install vim-common vim-enhanced gvim vim-X11 # the latter for clipboard support + +I'm thinking about some more elaborate way to do that (to put some packages to specific hosts and groups). Propellor seems an interesting tool for that, but when I see an [example configuration file](https://git.joeyh.name/index.cgi/propellor.git/tree/joeyconfig.hs), it looks like this is a mixture of data and logic, which is considered [not a very good practice](https://softwareengineering.stackexchange.com/questions/229479/how-did-separation-of-code-and-data-become-a-practice). + +I know that Haskell itself is a very declarative language (in the sense it's not imperative), but still I have this feeling of a mixture of code with constants. What do you think of that? + +Is there a way to cleanly store names of packages (with comments and some configuration options (e.g. on what hosts they should be used)) in one place and use propellor's logic to install them in another place? + +I understand that the power of propellor is to `do` things apart of just enumerating them, but I think that this separation could be useful. -- cgit v1.2.3 From ece3849c9df1acc48a40c9d3d2e627fb9f33a8e0 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 6 Jul 2018 16:32:17 -0400 Subject: response --- .../comment_1_0ba5dff744eeba857ab7fadfad883b13._comment | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 doc/forum/Separation_of_data_and_code/comment_1_0ba5dff744eeba857ab7fadfad883b13._comment diff --git a/doc/forum/Separation_of_data_and_code/comment_1_0ba5dff744eeba857ab7fadfad883b13._comment b/doc/forum/Separation_of_data_and_code/comment_1_0ba5dff744eeba857ab7fadfad883b13._comment new file mode 100644 index 00000000..ae50a008 --- /dev/null +++ b/doc/forum/Separation_of_data_and_code/comment_1_0ba5dff744eeba857ab7fadfad883b13._comment @@ -0,0 +1,16 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2018-07-06T20:19:27Z" + content=""" +I was going to write something asserting that it's entirely data, +and not code, though typed data expressed in a programming language. + +However, I think it's better to say that this code/data distinction is +much less a useful distinction that commonly thought, one that things, +especially in the configuration management space often chafe under (see +all the turing complete ill-specified languages built on top of what +started out as some pure data format that are in use by almost every other +configuration management tool), and that Propellor is an attempt to +move in a more useful and less ridigly defined direction. +"""]] -- cgit v1.2.3