From eaa460c04bfa65f566693c9262c591890d506725 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 18 Nov 2014 17:33:08 -0400 Subject: doc updates --- doc/README.mdwn | 34 +++------------------------------- doc/centralized_git_repository.mdwn | 31 +++++++++++++++++++++++++++++++ doc/security.mdwn | 3 ++- 3 files changed, 36 insertions(+), 32 deletions(-) create mode 100644 doc/centralized_git_repository.mdwn diff --git a/doc/README.mdwn b/doc/README.mdwn index 47fa8e40..29e5fbb7 100644 --- a/doc/README.mdwn +++ b/doc/README.mdwn @@ -53,37 +53,9 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask So, edit `~/.propellor/config.hs` to configure the host (maybe start with a few simple properties), and re-run step 6. Repeat until happy and move on to the next host. :) -8. Write some neat new properties and send patches! - -## adding a central git repository - -The above quick start uses propellor without any central git repository. -Instead, the git repo on a host gets updated from the repo on your laptop -whenever you run `propellor --spin $HOST`. - -A central git repository allows hosts to run propellor from cron and pick -up any updates you may have pushed. This is useful when managing several -hosts with propellor. - -You can add a central git repository to your existing propellor setup easily: - -1. Push propellor's git repository to a central server (github or your own): - `cd ~/.propellor/; git remote add origin ssh://git.example.com/propellor.git; git push -u origin master` - -2. Configure the url your hosts should use for the git repisitory, if - it differs from the url above, by setting up a remote named "deploy": - `cd ~/.propellor/; git remote add deploy git://git.example.com/propellor.git` - -2. Add a property to your hosts like: - `Cron.runPropellor "30 * * * *"` - -3. Let your hosts know about the changed configuration (including the url - to the central repository), by running `proellor --spin $HOST` for each - of your hosts. - - Now they'll automatically update every 30 minutes, and you can - `git commit -S` and `git push` changes that affect any number of - hosts. +8. Optionally, set up a [centralized git repository](https://propellor.branchable.com/centralized_git_repository/) + so multiple hosts can be updated with a simple `git commit -S; git push` +9. Write some neat new properties and send patches! ## debugging diff --git a/doc/centralized_git_repository.mdwn b/doc/centralized_git_repository.mdwn new file mode 100644 index 00000000..98fe9bf2 --- /dev/null +++ b/doc/centralized_git_repository.mdwn @@ -0,0 +1,31 @@ +Propellor can be used without any centralized git repsitory. When +`propellor --spin $HOST` is run, propellor pushes the local git repo +directly to the host. This makes it easy to get started with propellor. + +A central git repository allows hosts to run propellor from cron and pick +up any updates you may have pushed. This is useful when managing several +hosts with propellor. + +You can add a central git repository to your existing propellor setup easily: + +1. Push propellor's git repository to a central server (github or your own): + `cd ~/.propellor/; git remote add origin ssh://git.example.com/propellor.git; git push -u origin master` + +2. Configure the url your hosts should use for the git repisitory, if + it differs from the url above, by setting up a remote named "deploy": + `cd ~/.propellor/; git remote add deploy git://git.example.com/propellor.git` + +2. Add a property to your hosts like: + `Cron.runPropellor "30 * * * *"` + +3. Let your hosts know about the changed configuration (including the url + to the central repository), by running `proellor --spin $HOST` for each + of your hosts. + +Now the hosts will automatically update every 30 minutes, and you can +`git commit -S` and `git push` changes that affect any number of +hosts. + +Note that private data, set with `propellor --set`, is gpg encrypted, and +hosts cannot decrypt it! So after updating the private data of a host, +you still need to manually run `propellor --spin $HOST` diff --git a/doc/security.mdwn b/doc/security.mdwn index 075d68ec..bcbc28ed 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -1,5 +1,6 @@ Propellor's security model is that the hosts it's used to deploy are -untrusted, and that the central git repository server is untrusted too. +untrusted, and that the central git repository server, if any, +is untrusted too. The only trusted machine is the laptop where you run `propellor --spin` to connect to a remote host. And that one only because you have a ssh key -- cgit v1.2.3