diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-04-30 18:41:00 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-04-30 18:41:00 -0700 |
commit | b3880f863cdf55d19b12250081d56a6723dbe490 (patch) | |
tree | 2ec8a1924c33437c91c75299ea25a7a1c3d14d44 /doc | |
parent | 504830e8dc948f0d5bf40bafe00cf73e9ad9bb5e (diff) | |
download | consfigurator-b3880f863cdf55d19b12250081d56a6723dbe490.tar.gz |
add DATA.SSH-ASKPASS and use it to simplify the quick start guide
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/introduction.rst | 44 |
1 files changed, 15 insertions, 29 deletions
diff --git a/doc/introduction.rst b/doc/introduction.rst index 0512723..3e65235 100644 --- a/doc/introduction.rst +++ b/doc/introduction.rst @@ -4,7 +4,10 @@ Introduction Try it out / quick start ------------------------ -1. Install Consfigurator: :ref:`Installation`. +1. Install Consfigurator (:ref:`Installation`) and ensure that some + implementation of ssh-askpass_ is available. + +.. ssh-askpass_: https://manpages.debian.org/buster/ssh-askpass/ssh-askpass.1.en.html 2. Create a new directory ``consfig`` somewhere where ASDF will pick it up, such as ``~/common-lisp/consfig``. @@ -25,12 +28,12 @@ Try it out / quick start (defpackage :com.example.consfig (:use #:cl #:alexandria #:consfigurator) - (:local-nicknames (#:os #:consfigurator.property.os) - (#:apt #:consfigurator.property.apt) - (#:cmd #:consfigurator.property.cmd) - (#:file #:consfigurator.property.file) - (#:chroot #:consfigurator.property.chroot) - (#:data.pgp #:consfigurator.data.pgp))) + (:local-nicknames (#:os #:consfigurator.property.os) + (#:apt #:consfigurator.property.apt) + (#:cmd #:consfigurator.property.cmd) + (#:file #:consfigurator.property.file) + (#:chroot #:consfigurator.property.chroot) + (#:data.ssh-askpass #:consfigurator.data.ssh-askpass))) 4. Define some hosts and deployments. @@ -40,8 +43,7 @@ Try it out / quick start (in-consfig "com.example.consfig") (named-readtables:in-readtable :consfigurator) - (try-register-data-source - :pgp :location #P"/path/to/com.example.consfig.gpg") + (try-register-data-source :ssh-askpass :iden1-re "^--user-passwd--" :iden2-re "") (defparameter my-substitution "substititions") @@ -91,26 +93,10 @@ Try it out / quick start ``:AS`` keyword parameter and its argument. 5. Get a Lisp REPL started up -- ``M-x slime`` in Emacs or ``sbcl`` at a shell - prompt. Evaluate ``(asdf:load-system "consfigurator")``. - -6. When it's asked to use sudo to become root, Consfigurator will query your - registered sources of secrets to try to find the password it will need to - give to sudo. You can easily write code to let Consfigurator query your - own sources of secrets, but for the purposes of this guide we'll use the - simple, PGP-based secrets source included with Consfigurator. Unless - you've passwordless sudo access set up on athena, evaluate something like - this to initialise the store:: - - (consfigurator.data.pgp:set-data #P"/path/to/com.example.consfig.gpg" - "--user-passwd--athena.example.com" - "spwhitton" - "s3cre+") - -7. Now you can evaluate ``(asdf:load-system "com.example.consfig")`` followed - by ``(in-package :com.example.consfig)`` (or ``C-c ~`` in Emacs). In the - future, now the secrets store exists, you can start with this step. - -8. You should now be able to evaluate ``(athena.example.com)`` to deploy + prompt. Evaluate ``(asdf:load-system "com.example.consfig")``, then + ``(in-package :com.example.consfig)`` (or ``C-c ~`` in Emacs). + +6. You should now be able to evaluate ``(athena.example.com)`` to deploy properties to athena, using the connection chain of SSH, sudo and then handing over to a remote Lisp image. |