Safe Haskell | None |
---|---|
Language | Haskell98 |
- class Spinnable t where
- controllerFor :: Spinnable h => h -> Property HasInfo
- controllerKeys :: [(SshKeyType, PubKeyText)] -> Property HasInfo
- controlledBy :: Host -> Property NoInfo
Documentation
controllerFor :: Spinnable h => h -> Property HasInfo Source
The Host that has this Property is in control of running propellor on some other Hosts.
Making a host a controller eliminates the need to manually run propellor --spin to update the controlled hosts. Each time propellor is run on the controller host, it will in turn run propellor on the controlled Hosts.
The controller needs to be able to ssh to the hosts it controls,
and run propellor, as root. The controller is automatically configured
with knownHost
to know the host keys of the
hosts that it will ssh to. It's up to you to use controllerKeys
and controlledBy
to set up the ssh keys that will let the controller
log into the hosts it controls.
For example, if you have some webservers and a dnsserver, and want a master that runs propellor on all of them:
import Propellor import qualified Propellor.Property.Spin as Spin import qualified Propellor.Property.Ssh as Ssh import qualified Propellor.Property.Cron as Cron main = defaultMain hosts hosts = [ master , dnsserver ] ++ webservers dnsserver = host "dns.example.com" & Ssh.hostKeys hostContext [(SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB3BJ2GqZiTR2LEoDXyYFgh/BduWefjdKXAsAtzS9zeI")] & Spin.controlledBy master & ... webservers = [ host "www1.example.com" & Ssh.hostKeys hostContext [(SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICfFntnesZcYz2B2T41ay45igfckXRSh5uVffkuCQkLv")] & Spin.controlledBy master & ... , ... ] master = host "master.example.com" & Spin.controllerKeys [(SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFWD0Hau5FDLeNrDHKilNMKm9c68R3WD+NJOp2jPWvJV")] -- Only update dnsserver once all webservers are successfully updated. & Spin.controllerFor dnsserver `requires` Spin.controllerFor webservers & Cron.runPropellor
Multiple controllers can control the same hosts. However, when propellor is already running on a host, a controller will fail to run it. So, if two controllers both try to control the same host at the same time, one will fail.
Chains of controllers are supported; host A can control host B which controls host C. Loops of controllers are automatically prevented.
Note that a controller can see all PrivInfo of the hosts it controls.
controllerKeys :: [(SshKeyType, PubKeyText)] -> Property HasInfo Source
Uses keysImported
to set up the ssh keys
for the root user on a controller.
(The corresponding private keys come from the privdata.)
controlledBy :: Host -> Property NoInfo Source
Use this property to let the specified controller Host ssh in and run propellor.