From 1cd7f557f0c89714c47855f38583073c313674f2 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 23 Oct 2015 17:25:31 -0400 Subject: generalize check Hmm, do I really need my own type class for LiftPropellor? This seems like a general problem so I am probably reinventing the wheel. --- src/Propellor/Property.hs | 11 ++++++----- src/Propellor/Types.hs | 10 ++++++++++ 2 files changed, 16 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property.hs b/src/Propellor/Property.hs index 342db1a5..95805054 100644 --- a/src/Propellor/Property.hs +++ b/src/Propellor/Property.hs @@ -142,11 +142,12 @@ ensureProperty :: Property NoInfo -> Propellor Result ensureProperty = catchPropellor . propertySatisfy -- | Makes a Property only need to do anything when a test succeeds. -check :: IO Bool -> Property i -> Property i -check c p = adjustPropertySatisfy p $ \satisfy -> ifM (liftIO c) - ( satisfy - , return NoChange - ) +check :: (LiftPropellor m) => m Bool -> Property i -> Property i +check c p = adjustPropertySatisfy p $ \satisfy -> + ifM (liftPropellor c) + ( satisfy + , return NoChange + ) -- | Tries the first property, but if it fails to work, instead uses -- the second. diff --git a/src/Propellor/Types.hs b/src/Propellor/Types.hs index fc700df0..5904374e 100644 --- a/src/Propellor/Types.hs +++ b/src/Propellor/Types.hs @@ -29,6 +29,7 @@ module Propellor.Types , CombinedType , combineWith , Propellor(..) + , LiftPropellor(..) , EndAction(..) , module Propellor.Types.OS , module Propellor.Types.Dns @@ -72,6 +73,15 @@ newtype Propellor p = Propellor { runWithHost :: RWST Host [EndAction] () IO p } , MonadMask ) +class LiftPropellor m where + liftPropellor :: m a -> Propellor a + +instance LiftPropellor Propellor where + liftPropellor = id + +instance LiftPropellor IO where + liftPropellor = liftIO + instance Monoid (Propellor Result) where mempty = return NoChange -- | The second action is only run if the first action does not fail. -- cgit v1.2.3 From 7f84f196076136252c3d50526ae1805758cf0f2a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 23 Oct 2015 17:29:26 -0400 Subject: Hostname.sane and Hostname.setTo can now safely be used as a property of a chroot, and won't affect the hostname of the host system. --- config-joey.hs | 1 + debian/changelog | 2 ++ src/Propellor/Property/Chroot.hs | 20 ++++++++++++++++++-- src/Propellor/Property/Hostname.hs | 13 ++++++++++--- src/Propellor/Property/Systemd.hs | 2 +- 5 files changed, 32 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/config-joey.hs b/config-joey.hs index 1d39419a..8de259b3 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -91,6 +91,7 @@ darkstar = host "darkstar.kitenet.net" where c d = Chroot.debootstrapped mempty d & os (System (Debian Unstable) "amd64") + & Hostname.setTo "demo" & Apt.installed ["linux-image-amd64"] & User "root" `User.hasInsecurePassword` "root" diff --git a/debian/changelog b/debian/changelog index e327e314..57110c4f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,6 +13,8 @@ propellor (2.12.0) UNRELEASED; urgency=medium * Follow-on change to Systemd.container, which now takes a System parameter. * Generalized Property.check so it can be used with Propellor actions as well as IO actions. + * Hostname.sane and Hostname.setTo can now safely be used as a property + of a chroot, and won't affect the hostname of the host system. -- Joey Hess Thu, 22 Oct 2015 20:24:18 -0400 diff --git a/src/Propellor/Property/Chroot.hs b/src/Propellor/Property/Chroot.hs index ecac1115..771c4b99 100644 --- a/src/Propellor/Property/Chroot.hs +++ b/src/Propellor/Property/Chroot.hs @@ -1,4 +1,4 @@ -{-# LANGUAGE FlexibleContexts, GADTs #-} +{-# LANGUAGE FlexibleContexts, GADTs, DeriveDataTypeable #-} module Propellor.Property.Chroot ( debootstrapped, @@ -8,6 +8,7 @@ module Propellor.Property.Chroot ( ChrootBootstrapper(..), Debootstrapped(..), ChrootTarball(..), + inChroot, -- * Internal use provisioned', propagateChrootInfo, @@ -207,7 +208,7 @@ chain hostlist (ChrootChain hn loc systemdonly onconsole) = changeWorkingDirectory localdir when onconsole forceConsole onlyProcess (provisioningLock loc) $ do - r <- runPropellor h $ ensureProperties $ + r <- runPropellor (setInChroot h) $ ensureProperties $ if systemdonly then [Systemd.installed] else map ignoreInfo $ @@ -243,3 +244,18 @@ mungeloc = replace "/" "_" chrootDesc :: Chroot -> String -> String chrootDesc (Chroot loc _ _) desc = "chroot " ++ loc ++ " " ++ desc + +-- | Check if propellor is currently running within a chroot. +-- +-- This allows properties to check and avoid performing actions that +-- should not be done in a chroot. +inChroot :: Propellor Bool +inChroot = extract . fromMaybe (InChroot False) . fromInfoVal <$> askInfo + where + extract (InChroot b) = b + +setInChroot :: Host -> Host +setInChroot h = h { hostInfo = hostInfo h `addInfo` InfoVal (InChroot True) } + +newtype InChroot = InChroot Bool + deriving (Typeable, Show) diff --git a/src/Propellor/Property/Hostname.hs b/src/Propellor/Property/Hostname.hs index 78ec872f..8033bef8 100644 --- a/src/Propellor/Property/Hostname.hs +++ b/src/Propellor/Property/Hostname.hs @@ -2,13 +2,17 @@ module Propellor.Property.Hostname where import Propellor.Base import qualified Propellor.Property.File as File +import Propellor.Property.Chroot (inChroot) import Data.List import Data.List.Utils --- | Ensures that the hostname is set using best practices. +-- | Ensures that the hostname is set using best practices, to whatever +-- name the `Host` has. -- --- Configures and the current hostname. +-- Configures both and the current hostname. +-- (However, if used inside a chroot, avoids setting the current hostname +-- as that would impact the system outside the chroot.) -- -- Configures with the domain part of the hostname. -- @@ -25,6 +29,8 @@ sane' :: ExtractDomain -> Property NoInfo sane' extractdomain = property ("sane hostname") $ ensureProperty . setTo' extractdomain =<< asks hostName +-- Like `sane`, but you can specify the hostname to use, instead +-- of the default hostname of the `Host`. setTo :: HostName -> Property NoInfo setTo = setTo' extractDomain @@ -41,7 +47,8 @@ setTo' extractdomain hn = combineProperties desc go then Nothing else Just $ trivial $ hostsline "127.0.1.1" [hn, basehost] , Just $ trivial $ hostsline "127.0.0.1" ["localhost"] - , Just $ trivial $ cmdProperty "hostname" [basehost] + , Just $ trivial $ check (not <$> inChroot) $ + cmdProperty "hostname" [basehost] , Just $ "/etc/mailname" `File.hasContent` [if null domain then hn else domain] ] diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs index 700bc350..8761d842 100644 --- a/src/Propellor/Property/Systemd.hs +++ b/src/Propellor/Property/Systemd.hs @@ -217,7 +217,7 @@ nspawned c@(Container name (Chroot.Chroot loc builder _) h) = -- Chroot provisioning is run in systemd-only mode, -- which sets up the chroot and ensures systemd and dbus are - -- installed, but does not handle the other provisions. + -- installed, but does not handle the other properties. chrootprovisioned = Chroot.provisioned' (Chroot.propagateChrootInfo chroot) chroot True -- Use nsenter to enter container and and run propellor to -- cgit v1.2.3 From 883493c2b243db5476a9a09ae9073541cfc5550f Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 23 Oct 2015 17:37:07 -0400 Subject: comments --- src/Propellor/Property/Hostname.hs | 2 +- src/Propellor/Property/Mount.hs | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Hostname.hs b/src/Propellor/Property/Hostname.hs index 8033bef8..4597b178 100644 --- a/src/Propellor/Property/Hostname.hs +++ b/src/Propellor/Property/Hostname.hs @@ -11,7 +11,7 @@ import Data.List.Utils -- name the `Host` has. -- -- Configures both and the current hostname. --- (However, if used inside a chroot, avoids setting the current hostname +-- (However, when used inside a chroot, avoids setting the current hostname -- as that would impact the system outside the chroot.) -- -- Configures with the domain part of the hostname. diff --git a/src/Propellor/Property/Mount.hs b/src/Propellor/Property/Mount.hs index 3f13388b..3f96044e 100644 --- a/src/Propellor/Property/Mount.hs +++ b/src/Propellor/Property/Mount.hs @@ -57,7 +57,7 @@ mount fs src mnt opts = boolSystem "mount" $ newtype SwapPartition = SwapPartition FilePath --- | Replaces /etc/fstab with a file that should cause the currently +-- | Replaces with a file that should cause the currently -- mounted partitions to be re-mounted the same way on boot. -- -- For each specified MountPoint, the UUID of each partition @@ -110,8 +110,9 @@ genFstab mnts swaps mnttransform = do uuidprefix = prefix "UUID=" sourceprefix = prefix "LABEL=" --- | Checks if /etc/fstab is not configured. This is the case if it doesn't --- exist, or consists entirely of blank lines or comments. +-- | Checks if is not configured. +-- This is the case if it doesn't exist, or +-- consists entirely of blank lines or comments. -- -- So, if you want to only replace the fstab once, and then never touch it -- again, allowing local modifications: -- cgit v1.2.3