Prerequisite data
Naming
An item of prerequisite data is identified by two strings, called IDEN1
and IDEN2; together these are the prerequisite data identifiers for an
item of prerequisite data. Typically IDEN1 specifies the context in which
the data is relevant, and IDEN2 identifies the data within its context.
IDEN2 is very often the filename in which the prerequisite data will
eventually be stored. It might also be a human-readable string describing the
purpose of the data. The following are the valid forms of IDEN1, and
their meanings.
(HOSTNAME . PATH)means the data that should be uploaded toPATHonHOSTNAME(and usually nowhere else, except in the case of, e.g., a public key).PATHmust be absolute, not relative.("--lisp-system" . SYSTEM)means the data is Lisp code which, when loaded, defines the packages and symbols contained in the ASDF systemSYSTEM("--user-passwd--HOSTNAME" . USER)means the data is the password for userUSERonHOSTNAME("--git-snapshot" . NAME)means the data is a snapshot of a git repo identified byNAME; seeDATA.GIT-SNAPSHOT("--pgp-pubkey" . FINGERPRINT)means the/a OpenPGP public key with fingerprint FINGERPRINT, ASCII-armoured("--pgp-seckey" . FINGERPRINT)means the/a OpenPGP secret key with fingerprint FINGERPRINT, ASCII-armoured("--luks-passphrase" . VOLUME-LABEL)means a LUKS passphrase for volume with labelVOLUME-LABEL.Any other
IDEN1beginning with exactly two hyphens is reserved for future use.(_CONTEXT . ITEM)is an arbitrary prerequisite data context namedCONTEXT; typicallyCONTEXTwill be a network or grouping name, rather than referring to a single host.ITEMmight be a path or some other identifier. Reserved for consfigs; will not be used by property definitions included with Consfigurator, and should not be used by third party extensions.(---CONTEXT . ITEM)is, similarly, an arbitrary prerequisite data context namedCONTEXT. This form is intended for contexts similar to the reserved names beginning with two hyphens: types of information rather than site-local network or grouping names. This form will not be used by property definitions included with Consfigurator, but may be used by both consfigs and third party extensions.
Any other forms are invalid. In particular, an IDEN1 that is not a valid
hostname and does not begin with a hyphen or an underscore must not be used.
Mechanics
Properties declare that they need certain pieces of prerequisite data by
adding static informational attributes, and a deployment of those properties
will make an attempt to provide the data. Properties then either call the
GET-DATA-STREAM function or the GET-DATA-STRING function, or depend on
the DATA-UPLOADED property, to get access to the requested data.
A Lisp connection gathers all needed prerequisite data once at the beginning, and copies it to an on-disk cache inside the home directory of the remote UID which will run the Lisp image. A POSIX connection only attempts to obtain prerequisite data when a property’s check function indicates the property is not already applied.
Sources of prerequisite data
Sources of prerequisite data register two functions. The second returns either a string of the prerequisite data itself, or a path to a file containing the data. The first returns the latest version number of the data that source is able to provide – i.e., the version number of the data that the second function would return if called.
Consfigurator will call the first function to find out if it needs to call the
first rather than just using its caches. The first function should return nil
if it can’t obtain the prerequisite data on this host, perhaps because it
can’t decrypt the store. If a prerequisite data source wants to effectively
bypass caching and provide fresh data every time Consfigurator deploys the
host, it can use GET-UNIVERSAL-TIME as its first function.
Versions are compared using UIOP:VERSION< and UIOP:VERSION<=.
Security issues
Nothing is done to prevent prerequisite data being swapped out, so ensure your swap is encrypted.
Certain connection types require storing unencrypted copies of prerequisite
data under ~/.cache/consfigurator/data. Consfigurator only stores data
there when it has to, only the subset of the data that has to be uploaded for
the requested deployment to be successful, and never in the root Lisp.
API reference
Prerequisite data
Class: DATA
An item of prerequisite data as provided by a registered prerequisite data source, or, outside of the root Lisp, as fished out of a local cache of prerequisite data.
Class: STRING-DATA
An item of prerequisite data directly accessible to Lisp.
Class: FILE-DATA
An item of prerequisite data accessible via the filesystem.
Generic function: REGISTER-DATA-SOURCE
(register-data-source type &key)
Initialise and register a source of prerequisite data in this Lisp image. Registered data sources are available to all deployments executed from the root Lisp, regardless of the consfig which defines the host to which properties are to be applied. (This could only cause problems if you have different consfigs with prerequisite data which is identified by the same two strings, in which case you will need to wrap your deployments with registering and unregistering data sources. Usually items of prerequisite data are identified using things like hostnames, so this shouldn’t be necessary.)
Implementations of this function return a pair of functions.
Signals a condition MISSING-DATA-SOURCE when unable to access the data source (e.g. because can’t decrypt it). This condition is captured and ignored in all new Lisp images started up by Consfigurator, since prerequisite data sources are not expected to be available outside of the root Lisp.
Simple error: MISSING-DATA-SOURCE
(missing-data-source)
Function: TRY-REGISTER-DATA-SOURCE
(try-register-data-source &rest args)
Register sources of prerequisite data. This function is typically called in consfigs. Any relative pathnames in ARGS will be resolved as paths under the home directory of the user Lisp is running as, before being passed to implementations of REGISTER-DATA-SOURCE.
Function: RESET-DATA-SOURCES
(reset-data-sources)
Forget all data sources registered in this Lisp image and items of string data obtained from data sources by this Lisp image. This function is typically called at the REPL.
Macro: WITH-RESET-DATA-SOURCES
(with-reset-data-sources &body body)
Run BODY with initially empty data sources and string data.
This macro is typically used for testing or debugging.
Function: GET-DATA-STRING
(get-data-string iden1 iden2)
Return the content of an item of prerequisite data as a string.
This function is called by property :APPLY and :UNAPPLY subroutines.
Function: GET-DATA-STREAM
(get-data-stream iden1 iden2)
Return a stream which will produce the content of an item of prerequisite data. The elements of the stream are always octets. If the item of prerequisite data was provided by the prerequisite data source as a string, it will be encoded in UTF-8.
This function is called by property :APPLY and :UNAPPLY subroutines.
Macro: WITH-DATA-STREAM
(with-data-stream s &body body)
Condition class: MISSING-DATA
Function: DATA-SOURCE-PROVIDING-P
(data-source-providing-p iden1 iden2)
Is there a data source which can provide the item of prerequisite data identified by IDEN1 and IDEN2?
This function is for implementation of REGISTER-DATA-SOURCE to check for clashes. It should not be called by properties.
Function: MAYBE-WRITE-REMOTE-FILE-DATA
(maybe-write-remote-file-data path iden1 iden2 &key mode)
Wrapper around WRITE-REMOTE-FILE which returns :NO-CHANGE and avoids touching PATH if PATH’s content is already the prerequisite data identified by IDEN1 and IDEN2 and PATH has mode MODE.
Generic function: CONNECTION-UPLOAD
(connection-upload connection data)
Subroutine to upload an item of prerequisite data to the remote cache. The default implementation will work for any connection which implements CONNECTION-WRITE-FILE and CONNECTION-RUN, but connection types which work by calling CONTINUE-DEPLOY* or CONTINUE-DEPLOY*-PROGRAM will need their own implementation.
Generic function: CONNECTION-CLEAR-DATA-CACHE
(connection-clear-data-cache connection iden1 iden2)
Delete all versions of the data identified by IDEN1 and IDEN2 from the remote cache of CONNECTION. Called by UPLOAD-ALL-PREREQUISITE-DATA before uploading new versions of data, to avoid them piling up.
Function: UPLOAD-ALL-PREREQUISITE-DATA
(upload-all-prerequisite-data &optional connection)
Upload all prerequisite data required by the current deployment to the remote cache of the current connection hop, or to the remote cache of CONNECTION.
This is called by implementations of ESTABLISH-CONNECTION which call CONTINUE-DEPLOY* or CONTINUE-DEPLOY*-PROGRAM.
Function: DATA-PATHNAME
(data-pathname root &rest segments)
Function: LOCAL-DATA-PATHNAME
(local-data-pathname &optional iden1 iden2 version)
Get a pathname where an item of prerequisite data may be cached, ensuring that parent directories exist. This is exported for use by prerequisite data sources which work by generating new files and need somewhere to store them. It should not be used by properties, or data sources which return objects referencing existing files.
Note that since prerequisite data sources are queried only in the root Lisp, but items of prerequisite data are never uploaded to the root Lisp, there is no risk of clashes between fresly generated files and cached copies of files.
Function: REMOTE-DATA-PATHNAME
(remote-data-pathname &rest args)
Remote caches
Generic function: GET-REMOTE-CACHED-PREREQUISITE-DATA
(get-remote-cached-prerequisite-data connection)
Return a list of items of prerequisite data in the cache on the remote side of CONNECTION, where each entry is of the form
'(iden1 iden2 version).
Local caches
Function: GET-LOCAL-CACHED-PREREQUISITE-DATA
(get-local-cached-prerequisite-data where)
Scan a local cache of prerequisite data at WHERE, and return a list of items of prerequisite data where each entry is of the form
'(iden1 iden2 version).
This is exported for use by implementations of CONNECTION-UPLOAD, which should always supply a value for WHERE.
Function: GET-HIGHEST-LOCAL-CACHED-PREREQUISITE-DATA
(get-highest-local-cached-prerequisite-data iden1 iden2)
Get the highest version of prerequisite data identified by IDEN1 and IDEN2 available in the local cache.
This is exported for use by prerequisite data sources which work by generating new files and need somewhere to store them. It should not be used by properties, or data sources which return objects referencing existing files.
Passphrases
Class: WRAPPED-PASSPHRASE
Function: WRAP-PASSPHRASE
(wrap-passphrase passphrase)
Make an object which is unprintable by default to contain a passphrase.
Function: GET-DATA-PROTECTED-STRING
(get-data-protected-string iden1 iden2)
Like GET-DATA-STRING, but wrap the content in an object which is unprintable by default. Intended for code which fetches passwords and wants to lessen the chance of those passwords showing up in the clear in the Lisp debugger.
Variable: *DATA-SOURCE-GNUPGHOME*
Home directory for gnupg when used in a data source.
Because gnupg uses Unix domain sockets internally, this path should be short enough to avoid the 108 char limit on socket paths.