From 6e724af9f7d94df4bdb6958cd0313fb6e0e1b55c Mon Sep 17 00:00:00 2001 From: gueux Date: Mon, 21 Apr 2014 12:26:51 +0000 Subject: --- doc/todo/ssh__95__user_+_sudo.mdwn | 1 + 1 file changed, 1 insertion(+) create mode 100644 doc/todo/ssh__95__user_+_sudo.mdwn diff --git a/doc/todo/ssh__95__user_+_sudo.mdwn b/doc/todo/ssh__95__user_+_sudo.mdwn new file mode 100644 index 00000000..2269cecd --- /dev/null +++ b/doc/todo/ssh__95__user_+_sudo.mdwn @@ -0,0 +1 @@ +It would be great to be able to ssh to a user different from root, and then to use sudo to run commands. -- cgit v1.2.3 From eb7497fd41f0b6d2f97e67f4e0a05fd7bb2b9350 Mon Sep 17 00:00:00 2001 From: "http://joeyh.name/" Date: Mon, 21 Apr 2014 13:31:13 +0000 Subject: Added a comment --- .../comment_1_3bc008e42587a3313f81ee740d7d80f0._comment | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment diff --git a/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment b/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment new file mode 100644 index 00000000..e0dc1d7f --- /dev/null +++ b/doc/todo/ssh__95__user_+_sudo/comment_1_3bc008e42587a3313f81ee740d7d80f0._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="209.250.56.214" + subject="comment 1" + date="2014-04-21T13:31:13Z" + content=""" +Running propellor that way would probably need ssh to allocate a tty in order for sudo's password prompt to work. And it adds complexity. Does it add security? I don't think so, PermitRootLogin=without-password or PasswordAuthentication=no is not going to let anyone brute force the root account. + +PermitRootLogin=forced-commands-only might be worth making easy to set up, so the only command that can be run with some special propellor-specific ssh key is propellor. +"""]] -- cgit v1.2.3 From 162db41458bf1a41942a93de902c377ca204f6cd Mon Sep 17 00:00:00 2001 From: gueux Date: Mon, 21 Apr 2014 13:49:08 +0000 Subject: Added a comment: CMD --- .../comment_1_3801d48190c029a8591ab188427b31b6._comment | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment diff --git a/doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment b/doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment new file mode 100644 index 00000000..ff217423 --- /dev/null +++ b/doc/todo/docker_todo_list/comment_1_3801d48190c029a8591ab188427b31b6._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="gueux" + ip="109.190.19.251" + subject="CMD" + date="2014-04-21T13:49:08Z" + content=""" +It would be great to be able to set the CMD of a docker container. + +http://docs.docker.io/reference/builder/#cmd +"""]] -- cgit v1.2.3 From 12f65d67d5cda1a760ee4571782e16cd75b5f992 Mon Sep 17 00:00:00 2001 From: gueux Date: Mon, 21 Apr 2014 13:54:39 +0000 Subject: Added a comment --- .../comment_2_35722c7d6f6c3e2315fbf72878066c01._comment | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment diff --git a/doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment b/doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment new file mode 100644 index 00000000..8dc6299b --- /dev/null +++ b/doc/todo/ssh__95__user_+_sudo/comment_2_35722c7d6f6c3e2315fbf72878066c01._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="gueux" + ip="109.190.19.251" + subject="comment 2" + date="2014-04-21T13:54:39Z" + content=""" +I didn't knew \"PermitRootLogin=forced-commands-only\", it seems great! +"""]] -- cgit v1.2.3 From d26ab02a407c30127a2fbc49a9bf2a3cac411dc2 Mon Sep 17 00:00:00 2001 From: gueux Date: Mon, 21 Apr 2014 16:52:16 +0000 Subject: --- ...te.origin_not_copied_to_managed_host__63__.mdwn | 95 ++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn diff --git a/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn b/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn new file mode 100644 index 00000000..50e24a66 --- /dev/null +++ b/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn @@ -0,0 +1,95 @@ +The only remote which seems to be copied to /root/.propellor/.git/config is upstream... My /home/user/.propellor/.git/config contains a "origin" remote, but this part (as well as the master branch part) of my git config is not copied to the /root/.propellor/.git/config of a host I'm trying to manage... + +propellor fails with the following message: + + user@laptop:~$ PROPELLOR_DEBUG=1 propellor --spin laptop.localdomain + if ! cabal build; then cabal configure; cabal build; fi + Building propellor-0.5.0... + Preprocessing library propellor-0.5.0... + In-place registering propellor-0.5.0... + Preprocessing executable 'propellor' for propellor-0.5.0... + Preprocessing executable 'config' for propellor-0.5.0... + ln -sf dist/build/config/config propellor + + + [2014-04-21 18:07:45 CEST] command line: Spin "laptop.localdomain" + [2014-04-21 18:07:45 CEST] call: make ["build"] + if ! cabal build; then cabal configure; cabal build; fi + Building propellor-0.5.0... + Preprocessing library propellor-0.5.0... + In-place registering propellor-0.5.0... + Preprocessing executable 'propellor' for propellor-0.5.0... + Preprocessing executable 'config' for propellor-0.5.0... + ln -sf dist/build/config/config propellor + Propellor build ... done + [2014-04-21 18:07:48 CEST] read: git ["config","remote.deploy.url"] + [2014-04-21 18:07:48 CEST] read: git ["config","remote.origin.url"] + [2014-04-21 18:07:48 CEST] call: git ["commit","--gpg-sign","--allow-empty","-a","-m","propellor spin"] + + You need a passphrase to unlock the secret key for + ... + + [master ee393d6] propellor spin + [2014-04-21 18:07:48 CEST] call: git ["push"] + Counting objects: 1, done. + Writing objects: 100% (1/1), 852 bytes | 0 bytes/s, done. + Total 1 (delta 0), reused 0 (delta 0) + To git@remote-origin:propellor.git + 16a1f8b..ee393d6 master -> master + [2014-04-21 18:08:21 CEST] chat: ssh ["-o","ControlPath=/home/user/.ssh/propellor/laptop.localdomain.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"] + Initialized empty Git repository in /root/.propellor/.git/ + warning: no common commits + From https://github.com/joeyh/propellor + * [new branch] joeyconfig -> upstream/joeyconfig + * [new branch] master -> upstream/master + * [new branch] setup -> upstream/setup + * [new tag] 0.1 -> 0.1 + * [new tag] 0.1.1 -> 0.1.1 + * [new tag] 0.1.2 -> 0.1.2 + * [new tag] 0.2.0 -> 0.2.0 + * [new tag] 0.2.1 -> 0.2.1 + * [new tag] 0.2.2 -> 0.2.2 + * [new tag] 0.2.3 -> 0.2.3 + * [new tag] 0.3.0 -> 0.3.0 + * [new tag] 0.3.1 -> 0.3.1 + * [new tag] 0.4.0 -> 0.4.0 + * [new tag] 0.5.0 -> 0.5.0 + * [new tag] debian/0.3.1 -> debian/0.3.1 + * [new tag] debian/0.4.0 -> debian/0.4.0 + * [new tag] debian/0.5.0 -> debian/0.5.0 + Merge made by the 'ours' strategy. + if [ "cabal" = ./Setup ]; then ghc --make Setup; fi + cabal configure + Warning: The package list for 'hackage.haskell.org' does not exist. Run 'cabal + update' to download it. + Resolving dependencies... + Configuring propellor-0.5.0... + if ! cabal build; then cabal configure; cabal build; fi + Building propellor-0.5.0... + Preprocessing executable 'propellor' for propellor-0.5.0... + [ 1 of 14] Compiling Utility.Env ( Utility/Env.hs, dist/build/propellor/propellor-tmp/Utility/Env.o ) + ... + [14 of 14] Compiling Main ( propellor.hs, dist/build/propellor/propellor-tmp/Main.o ) + Linking dist/build/propellor/propellor ... + Preprocessing library propellor-0.5.0... + [ 1 of 58] Compiling Utility.QuickCheck ( Utility/QuickCheck.hs, dist/build/Utility/QuickCheck.o ) + ... + [58 of 58] Compiling Propellor.CmdLine ( Propellor/CmdLine.hs, dist/build/Propellor/CmdLine.o ) + In-place registering propellor-0.5.0... + Preprocessing executable 'config' for propellor-0.5.0... + [ 1 of 44] Compiling Utility.QuickCheck ( Utility/QuickCheck.hs, dist/build/config/config-tmp/Utility/QuickCheck.o ) + ... + [44 of 44] Compiling Main ( config.hs, dist/build/config/config-tmp/Main.o ) + Linking dist/build/config/config ... + ln -sf dist/build/config/config propellor + fatal: No remote repository specified. Please, specify either a URL or a + remote name from which new revisions should be fetched. + Git fetch ... failed + merge: origin/master - not something we can merge + propellor: /usr/local/propellor/.lock: openFd: does not exist (No such file or directory) + Setting up your propellor repo in /root/.propellor + + + + ** error: protocol error (perhaps the remote propellor failed to run?) +propellor: user error (ssh ["-o","ControlPath=/home/user/.ssh/propellor/capeo.gueux.org.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"] exited 1) -- cgit v1.2.3 From 73128b5464764e1eb3c63189860e3529a49cda70 Mon Sep 17 00:00:00 2001 From: gueux Date: Mon, 21 Apr 2014 16:52:51 +0000 Subject: --- doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn b/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn index 50e24a66..a2d2d6cc 100644 --- a/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn +++ b/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn @@ -92,4 +92,4 @@ propellor fails with the following message: ** error: protocol error (perhaps the remote propellor failed to run?) -propellor: user error (ssh ["-o","ControlPath=/home/user/.ssh/propellor/capeo.gueux.org.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"] exited 1) + propellor: user error (ssh ["-o","ControlPath=/home/user/.ssh/propellor/capeo.gueux.org.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"] exited 1) -- cgit v1.2.3 From d0305430129a5a5ba1ab9702d12eb1edf1a60e64 Mon Sep 17 00:00:00 2001 From: gueux Date: Mon, 21 Apr 2014 16:55:46 +0000 Subject: --- doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn b/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn index a2d2d6cc..6efdbae8 100644 --- a/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn +++ b/doc/forum/remote.origin_not_copied_to_managed_host__63__.mdwn @@ -92,4 +92,4 @@ propellor fails with the following message: ** error: protocol error (perhaps the remote propellor failed to run?) - propellor: user error (ssh ["-o","ControlPath=/home/user/.ssh/propellor/capeo.gueux.org.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"] exited 1) + propellor: user error (ssh ["-o","ControlPath=/home/user/.ssh/propellor/laptop.localdomain.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@laptop.localdomain","sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'"] exited 1) -- cgit v1.2.3 From 44005ac53d3316ced3e067fb82971472874ae019 Mon Sep 17 00:00:00 2001 From: "http://joeyh.name/" Date: Thu, 24 Apr 2014 17:47:41 +0000 Subject: Added a comment --- ...ent_1_e9e7e5e728ec23fd6025203a1aa0596b._comment | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 doc/forum/remote.origin_not_copied_to_managed_host__63__/comment_1_e9e7e5e728ec23fd6025203a1aa0596b._comment diff --git a/doc/forum/remote.origin_not_copied_to_managed_host__63__/comment_1_e9e7e5e728ec23fd6025203a1aa0596b._comment b/doc/forum/remote.origin_not_copied_to_managed_host__63__/comment_1_e9e7e5e728ec23fd6025203a1aa0596b._comment new file mode 100644 index 00000000..df403694 --- /dev/null +++ b/doc/forum/remote.origin_not_copied_to_managed_host__63__/comment_1_e9e7e5e728ec23fd6025203a1aa0596b._comment @@ -0,0 +1,25 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="209.250.56.114" + subject="comment 1" + date="2014-04-24T17:47:41Z" + content=""" +I tried using propellor from scratch on a fresh system, and I cannot reproduce this problem. + +/root/.propellor should only be created if /usr/bin/propellor is run as root. A normal use of propellor does not run /usr/bin/propellor as root (and your commands don't show you doing that). + +This is the instant where something unexplained happens: + +
+[2014-04-21 18:08:21 CEST] chat: ssh [\"-o\",\"ControlPath=/home/user/.ssh/propellor/laptop.localdomain.sock\",\"-o\",\"ControlMaster=auto\",\"-o\",\"ControlPersist=yes\",\"root@laptop.localdomain\",\"sh -c 'if [ ! -d /usr/local/propellor ] ; then apt-get --no-install-recommends --no-upgrade -y install git make && echo STATUSNeedGitClone ; else cd /usr/local/propellor && if ! test -x ./propellor; then make deps build; fi && ./propellor --boot laptop.localdomain ; fi'\"]
+Initialized empty Git repository in /root/.propellor/.git/
+
+ +It ssh's in, and it apparently runs propellor. But apparently without running \"make deps build\" first, which is weird. (And as we see later, without /usr/local/propellor existing at all, which is weirder!) +The ./propellor (in /usr/local/propellor) that it's supposed to run should be a symlink to dist/build/config/config, which is the program built from config.hs. It's not the same program as /usr/bin/propellor, which is a wrapper build from propellor.hs. However, it appears that in your case, when it sshed in, it ran /usr/bin/propellor, or something that behaves a lot like it.. + +My guesses: + +1. Perhaps you modified the source tree in some strange way. (Doubtful) +2. Perhaps you have some other configuration, eg a ssh authorized keys file for root with a forced command that runs /usr/bin/propellor. This will defeat propellor's own bootstrap code, and would exactly explain what you pasted. +"""]] -- cgit v1.2.3