add a config example; fix install.sh

0924c361 · ale · a28ff251 · 0924c361 · 0924c361
Commit 0924c361 authored 10 years ago by ale
--- a/README.md
+++ b/README.md
@@ -17,6 +17,29 @@ configuration management system that `minicl` uses (or something else
 entirely, if you so prefer).


+## Features
+
+The base system offers a number of boring but useful features which
+were deemed necessary for the basic operation of a distributed
+service:
+
+* it offers a configuration management system to manage your services.
+  This is *Slack*, a simple and effective solution with a very low
+  barrier to entry (it's basically a glorified rsync, with pre- and
+  post-install scripts);
+
+* firewall autoconfiguration to allow simple IP-based network ACLs
+  based on your cluster config;
+
+* centralized control of users and credentials;
+
+* basic monitoring infrastructure.
+
+It is expected that the cluster will use a DNS domain that you
+control. One entry per host will need to be created under that domain,
+plus an additional entry for the special `monitor` host.
+
+
 ## Usage

 `minicl` uses a centralized git repository to distribute the cluster
@@ -117,6 +140,37 @@ The following top-level attributes are understood:
  * `roles`: Slack roles assigned to this host. The list should contain
    the `base` role.

+Here is an example of a valid, two-host cluster configuration:
+
+    {
+        "domain": "example.com",
+        "admin_email": "cluster-alerts@example.com",
+        "users": {
+            "foo": {
+                "uid": 1001,
+                "passwd": "$6$NSl9Lz3f$...",
+                "ssh_key": "ssh-rsa AAAAB3Nz..."
+            }
+        },
+        "hosts": {
+            "host1": {
+                "ip": "1.2.3.4",
+            },
+            "host2": {
+                "ip": "2.3.4.5",
+            }
+        },
+        "smtp": {
+            "relay": "smtp-relay.example.com",
+            "username": "clustersmtp",
+            "password": "..."
+        }
+    }
+
+This defines two hosts (*host1* and *host2*), and a user named *foo*
+with administrative access to all machines.
+
+
 ### Deploy key

 Since the primary configuration repository is supposed to be protected
@@ -158,7 +212,7 @@ Once you have those, here's the one-liner for those who like to live
 dangerously (to be run as the `root` user):

    $ wget --no-check-certificate -O- \
-        https://git.autistici.org/ale/minicl/install.sh | sh \
+        https://git.autistici.org/ale/minicl/raw/master/install.sh | sh \
        && minicl-bootstrap --repo=$REPO

 The first command will set up the `minicl` software suite, while the

--- a/install.sh
+++ b/install.sh
@@ -6,6 +6,11 @@
 repo_url=https://git.autistici.org/ale/minicl.git
 ca_url=http://www.autistici.org/static/certs/ca.crt

+if [ `whoami` != root ]; then
+  echo "This script should be run as root!" >&2
+  exit 1
+fi
+
 set -e

 if [ ! -e /usr/local/share/ca-certificates/autistici.org.crt ]; then