propellor-2.9.0: property-based host configuration management in haskell

Safe HaskellNone
LanguageHaskell98

Propellor.Property.Spin

Synopsis

Documentation

class Spinnable t where Source

A class of things that can be spinned.

Methods

toSpin :: t -> Property HasInfo Source

Instances

Spinnable Host Source 
Spinnable [Host] Source

Each Host in the list is spinned in turn. Does not stop on spin failure; does propagate overall success/failure.

controllerFor :: Spinnable h => h -> Property HasInfo Source

The Host that has this Property is in control of running propellor on some other Hosts.

Making a host a controller eliminates the need to manually run propellor --spin to update the controlled hosts. Each time propellor is run on the controller host, it will in turn run propellor on the controlled Hosts.

The controller needs to be able to ssh to the hosts it controls, and run propellor, as root. The controller is automatically configured with knownHost to know the host keys of the hosts that it will ssh to. It's up to you to use controllerKeys and controlledBy to set up the ssh keys that will let the controller log into the hosts it controls.

For example, if you have some webservers and a dnsserver, and want a master that runs propellor on all of them:

 import Propellor
 import qualified Propellor.Property.Spin as Spin
 import qualified Propellor.Property.Ssh as Ssh
 import qualified Propellor.Property.Cron as Cron
 
 main = defaultMain hosts

 hosts =
 	[ master
	, dnsserver
	] ++ webservers
 
 dnsserver = host "dns.example.com"
	& Ssh.hostKeys hostContext [(SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB3BJ2GqZiTR2LEoDXyYFgh/BduWefjdKXAsAtzS9zeI")]
    & Spin.controlledBy master
	& ...
 
 webservers =
    [ host "www1.example.com"
		& Ssh.hostKeys hostContext [(SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICfFntnesZcYz2B2T41ay45igfckXRSh5uVffkuCQkLv")]
 		& Spin.controlledBy master
		& ...
	, ...
	]

 master = host "master.example.com"
	& Spin.controllerKeys [(SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFWD0Hau5FDLeNrDHKilNMKm9c68R3WD+NJOp2jPWvJV")]
 	-- Only update dnsserver once all webservers are successfully updated.
	& Spin.controllerFor dnsserver
		`requires` Spin.controllerFor webservers
	& Cron.runPropellor

Multiple controllers can control the same hosts. However, when propellor is already running on a host, a controller will fail to run it. So, if two controllers both try to control the same host at the same time, one will fail.

Chains of controllers are supported; host A can control host B which controls host C. Loops of controllers are automatically prevented.

Note that a controller can see all PrivInfo of the hosts it controls.

controllerKeys :: [(SshKeyType, PubKeyText)] -> Property HasInfo Source

Uses keysImported to set up the ssh keys for the root user on a controller.

(The corresponding private keys come from the privdata.)

controlledBy :: Host -> Property NoInfo Source

Use this property to let the specified controller Host ssh in and run propellor.