Geek Answers Handbook

To what extent can version control help in system administration?

I am currently developing an OpenBSD system with the goal of creating a firewall and some other bits and beans.

As it is quite experimental (I have OpenBSD n00b, and I have already crushed my system 3 or 4 times), I am interested in what experience others have in part or the entire file system (I think in particular / etc) of a working copy of some VCS or another .

  • Is that a good idea?

  • I'm particularly interested in what VCS people used for this. I am considering subversion, bazaar and git; it will not be a shared repository, so I'm probably more interested in the basic vcs functionality than distributed or non-argument.

  • I would also like to hear about imaginary or real pitfalls that people have found. I can imagine that maintaining ownership of files and permissions requires a thorough check!

  • And, of course, any alternative non-VCS approaches

+4
source share
7 answers

Here you have a detailed version on how to put the / etc / under control using git.

One more step by step.

+8
source

What you do, I propose, and not start with OpenBSD, you start with a distribution where most of the work has already been done, for example pfsense .

As for the VCS itself, you can consider the mercurial that these projects successfully used .

+4
source

I don't think anyone mentioned etckeeper .

It stores / etc in repositories (git (default), mercurial or bzr). It solves problems with maintaining ownership of files, permissions, and empty directories. It can integrate with the managementemnet package (at least with apt) to automatically commit / etc changes that occur during the installation of a new package. It is very good if the installation installs your own changes, just rollback.

I have successfully used it in Ubuntu for a while.

+4
source

I read something in Gnu / Linux Magazine France. The guy uses rsync from / etc for root / then saves it through subversion without creating a working copy.

I will quote a little magazine.

So, in this example, the server starts freeBSD and “sparks”, while the machine that needs to be saved is under debian and is “replica”. Create a custom "replica".

in / usr / local / etc / ssh / sshd_config add:

Match User replica X11Forwarding no AllowTcpForwarding no ForceCommand /usr/local/bin/svnserv -t -r /home/replica/svnrepo -tunnel-user=replica

Create Repository

sparky # svnadmin create / home / replica / svnrepo

Fix rights:

 sparky # chown -R replica:nogroup /home/replica sparky # chown -R o-rwx /home/replica sparky # chown -R g-rwx /home/replica

Client side:

install subversion

 replica # mkdir -p /root/scripts/svnrepo replica # rsync -av /etc /root/scripts/svnrepo export SVN_SSH ="ssh -i /root/.ssh/id_rsa" svn import -m "replica config files" /root/scripts/svnrepos svn+ssh:// replica@sparky /home/replica/svnrepo

Now our folder is not yet a working copy, so we must create it. Can you create a .svn file? He can not:)

 cd /root/scripts mv svnrepo svnrepo.old svn checkout svn+ssh:// replica@sparky /home/replica/svnrepo

Now try changing the file to etc, for example, on nodes.

rsync again. You should only get the modified file that is copied / etc / hosts.

now you can commit:

 svn commit -m "backup 1" /root/scripts/svnrepo

There is one last thing. If you want the file to be taken by subversion, it must be added. For example, if you create a new file in / etc, it will not be saved by default.

What to do?

 svn status /root/scripts/svnrepo | grep -e '^!' | awk '{ print $2 }' | xargs -r svn delete svn status /root/scripts/svnrepo | grep -e '^?' | awk '{ print $2 }' | xargs -r svn add

Then you should create your own script.

Hope this helps.

(gtg, I will edit later to set the headers, and so one if no one does)

+2
source

More than just having configuration files in a version control system, I suggest using a configuration management system such as Chef or Puppet to manage the contents, permissions, and other information about the configuration files, such as restarting applications when changing the configuration file and managing these files in git / sabotage / yourfavoriteVCS.

+2
source

Everything in / etc on every server I manage (300+ and counting) is under Mercurial . Why?

  • It is easy to use for anyone who has ever used SVN or CVS (if you haven’t done this, you don’t have a business doing business in / etc on my production machines).
  • This makes it easy to transfer changes from one server configuration to many others.
  • I can roll back when other admins have brain farts, quickly

Git was too much power for too few problems in this case. Because HG is DVCS, fixing and rolling back are clean and easy. I also use HG to manage most of my websites .

Its not just for source code :) Another basic option would be to use some kind of file system for versions that makes snapshots while recording (CoW), DVCS much easier.

+1
source

Feedback: what I finished doing

(@Aif, Thank you for the gentle reminder that my good manners are a little lacking)

I went with / etc as a git repository, but since I'm still a bit incapable of doing this (to me, not git), I do gitwork manually.

As a side effect, I started work on a small project to evaluate side by side, subversion, git, bazaar, mercurial, monotonous, darcy and fossils, although in a more general context of version control (merges, etc.).

My reaction to your answers

Thank you all for your help. It was difficult for me to choose which answer to accept, so if it weren’t yours, please believe me, I also appreciated yours.

@ Louis Melgratti

Louis, thanks for a couple of great links. I accepted your answer as the most helpful.

@ Conrad

Conrad, I appreciate your suggestions.

I will definitely study pfsense, although one of my goals in this is to make my hands really dirty and also to create a firewall, so it’s important to “do, not get”.

As for Mercurial, I did not include it in my list because I tried it (earlier), and I felt that I “liked” the bazaar better, and git seems a lot at first glance (which, admittedly, I can and not needed). My “main” VCS is currently Subversion, although I'm not sure if this is a good answer for this case. Therefore, a list of three.

(Now I looked at pfsense and launched it on my network. Very good, but I'm not at all sure that my hands are even slightly dirty ...)

@ Aif

Thanks, Aif. I am definitely going to give this attempt, although I suspect that we will end up with git.

@ tinkertim

Thank you for your thoughts on Mercurial, which I now plan to revise, although I am pleased with the Bazaar.

@ Per Wiklander

Thank you for a very interesting offer! I'm definitely going to take a look at etckeeper when I can get out of my current workforce.

0
source

More articles:


All Articles