Slashdot Mirror

← Back to Stories (view on slashdot.org)

Software for Tracking System Configuration Changes?

Posted by Cliff on from the journals-good-enough-for-an-uber-rollback dept.

DingleyDon asks: "I am currently administering a growing Unix environment and am interested in better documenting changes such as upgrades, software installs, configuration changes, etc. to the hardware and software on those servers from a SysAdmin's point of view. Obviously, this could be done with something as simple as a text file stored on each system, or a spreadsheet, or any other number of ways. But what I envision is a database app (web-enabled) where I can easily keep all of this information in a centralized location and query on the history of any given server. Is there any such package out there? (free=even better!) What do other SysAdmins use to document changes made to their environment?"

22 comments

  1. Pencil and Paper. by Anonymous Coward · · Score: 0, Funny

    I'm serious.

  2. CVS by peripatetic_bum · · Score: 4, Informative

    Linux journal just did an article where the guy talks about using CVS to track all changes on his computer

    here is the link

    http://linuxjournal.com/article.php?sid=5976

    --

    Sigs are dangerous coy things

    1. Re:CVS by skware · · Score: 1

      A friend of mine does similar though he uses RCS instead. I'm not all that familiar with RCS, but I'm sure there is porbably some reason why he uses it over CVS.

    2. Re:CVS by Clover_Kicker · · Score: 2

      If you want to see how tracking your config from CVS would look, the BSD folks have the entire source for their systems in CVS.

      Here's the complete history of all changes to the default /etc/crontab since OpenBSD was forked.

      OpenBSD webCVS interface

    3. Re:CVS by Rick+the+Red · · Score: 2
      I'm sure there is porbably some reason why he uses [RCS] over CVS.
      My guess is because he knows RCS and doesn't know CVS; I'll stick my neck out further and guess that's because he used RCS first, and never had a reason to switch to CVS.

      --
      If all this should have a reason, we would be the last to know.
    4. Re:CVS by Anonymous Coward · · Score: 0

      CVS is BASED on RCS dumbass. The only difference is that CVS is tailored for multi-user remote access as far as I can tell.

    5. Re:CVS by randombit · · Score: 2

      If you want to see how tracking your config from CVS would look, the BSD folks have the entire source for their systems in CVS.

      <SHAMELESS PLUG>
      You might also try OpenCM for this.
      </SHAMELESS PLUG>

      Todd Fries of the OpenBSD project has been working on OpenCM quite a bit, and hopefully someday fairly soon (by which I mean a year if we're lucky), OpenBSD will be using OpenCM instead of CVS.

  3. HISTORY of SLASHDOT PERNIDOT ARFDOT. by YasserTowelhead · · Score: -1
    The Future of SLASHDOT.
    2002. Slashdot publishes 1,000,000th rumor passed off as actual story. The story generates 480 comments, 263 of which agree with the article, and 107 of which point out it's a rumor and are modded down as redundant. The remaining comments are all "first posts." or posts that contain any rational insight are modded "troll."
    2002. CmdrTaco married to a human female, reports are that she does not have 46 chromosomes, however. Fent does display tendency to retardation.
    2002. Slashdot parent corporation VA Research^W Linux^W Software stock worth 35 cents. Rumors that AOL, Microsoft, or even Jimmy the hobo who lives under the Longfellow Bridge may buy it.
    2003. VA Software bought by Microsoft for a cup of coffee and a donut. All Microsoft-critical articles mysteriously disappear from Slashdot. Bill Gates as Borg logo replaced with Bill Gates as God. (Taco suggested that in order to be "God," or his vision of God, Gates would have to be seen in a NAMBLA T-shirt. Luckily good taste prevails in favor of the old man image in glowing aura.)
    2004. CmdrTaco loses virginity, well, not sex with men virginity, that's long since gone, and not sex with anime blow up dolls, this time, real sex.
    2004. The WIPO Troll returns again, showering Slashdot in 45,000 copies of the same post: "Lick my crotch hairs." Slashdot, despite running on 18 redundant IIS/8.0Beta6 servers, buckles under the load. The term "Slashdotted" is replaced with "WIPO-Trolled."
    2004. Slashdot officially shut down. Millions of screaming, unwashed geeks invade Redmond campus and lynch Bill Gates.
    2005. Linus Torvalds and Anal Cox found dead along with six penguins, a tub of crisco and several used condoms. FreeBSD users are glad the insanity is dying.
    2005. CmdrTaco rumored to have had sex again, even with constant Viagra therapy, it took this long. He complains, I can be ready to go again in five minutes if I was looking at a nude man, to the dyslexic Fent.
    2006. CowboiKneel found dead in hotel room with 56 pizza boxes covering his bloated corpse. Three suffocated gay prostitutes are extracted from beneath his body as police remove it with a backhoe.
    2007. CmdrTaco actually has sex again, this time plugging Fent in the ass for a more manlike feel.
    2007. BSD is still officially "dying." No word on when its demise will take place. FreeBSD 9 is delivered in perfect working order in a coherent superior, commercially viable and useable fashion with real documentation, the same practice followed since inception. Linux lunatics, after the death of Cox, are still trying to perfect the Trident driver while ignoring the existence of the GeForce 9. Netcraft dies along with all the surveys they held on Microsoft and Linux servers are lost as well.
    2007. CmdrTaco starts new weblog to replace Slashdot, creatively named Dotslash. Remainder of Linux users flock to the site and immediate WIPO-Troll it out of existence.
    2007. Box running FreeBSD for 6 years sets world record for Unix uptime on consumer hardware.
    2008. CmdrTaco has sex with his wife for the first time without thinking of men. He has dawned on the extra sexual pick me up for his twisted mind, small children.


    Hi sugarbitches.

    I noticed that my heatsink gets really hot when my 2GHz Pentium 4 has been running for a while.

    And I noticed that the fins on the heatsink made a nice waffle pattern. That's when I decided to brand my nutsack with the pattern from my heatsink. All I had to do was freshly depilate my scrote, remove the fan from the heatsink, and lay my ballbag on top. The pain went away after a short while, and I was left with a pleasing waffle pattern of brand marks on my nutsack. All the guys down at Sutro Baths love my new look!

    When are *we* going to get together so I can show you my "enhancement"?

  4. Tripwire is VERY good at this by roachmotel3 · · Score: 3, Informative

    You should really look into tripwire for this -- the open source version is awesome, but the commercial version kicks much bootay. They have a central console, which, much like quicken requires you to "Reconcile" any difference between what's on the server and what you show as the last good state (like if your checkbook doesn't match the bank statement). VERY cool stuff -- check out http://www.tripwire.com. (Specifically, Tripwire for Servers and Tripwire Manager)

    We evaluated it for use at my place of business, and we are going to end up using it, IMHO. VERY responsive, and they **get** it too.

    Besides, Gene Kim (Tripwire's original author!) is a really nice guy ;)

    1. Re:Tripwire is VERY good at this by PotPieMan · · Score: 1

      I thought Tripwire was geared more toward security than anything else. To me, it seems like the question was about tracking changes bewteen versions of a document. CVS or RCS is a perfect fit for this.

      So, maybe Tripwire and CVS?

    2. Re:Tripwire is VERY good at this by roachmotel3 · · Score: 1

      Actually, I think in the latest versions of the commercial software, CVS is exactly how this is done. The commercial version of tripwire is a LOT more than just md5sums and hashes in a database to detect file changes. The central console can automatically rollback to previous revisions AND push new revisions at the touch of a button. You cant automatically rollback without a central repository of changes, and I think this is done with CVS.

      And no, I'm not a salesman or employee for tripwire ;)

    3. Re:Tripwire is VERY good at this by PotPieMan · · Score: 1

      Cool. Thanks for the info.

  5. Bugzilla maybe by Leknor · · Score: 2

    I've yet to try it but it seems to me Bugzilla could easily be much more if you just changed some names, just mentally think of changes as bugs and machines as products. Bugzilla already has systems to track when and who entered stuff and can email people as needed.

    I think other features could work well too but no software package is going to make up for the fact that a good system adminstrator has to have the discipline to document even trivial changes.

  6. Mailing List perhaps by Anonymous Coward · · Score: 1, Interesting

    I'm going over the same thing at my workplace now. We run a change management system but using it is a bit of a kludge. What I'm looking for is a way of tracking the requests without having to go through the whole approval process (which is a good thing for a serious change management system).

    All up I came up with using mailing list software to receive changes, and then have them archived on a web site, with a nightly mailout to all support staff of an index of the days changes logged. I'm wanted to break the change notes down by host in which case I would get users to enter the hostname in [] brackets as the first part of the subject line.

    I'm still evaluating how I'm going to do this. Most good mailing list is on *nix, but we're a mostly MS shop here. The only thing I'd look at doing is writing a collection --> posting program to bring email from the MSExchange mailbox over to the *nix system.

    If anyone has done something like this and has the software under GPL, I'd love to know.

    HTH

  7. Have alook at IRM by freakkster · · Score: 1, Interesting

    Is not IRM something to look into and if it has the basics, to develop it further. I have looked at it and you could track software installed, although it needs humans entering the data.

    Having said that, you could write an update script to update on installation of any new software.
    irm.schoenefeld.org

    --
    make sig make: *** No rule to make target `sig'. Stop
  8. The system here at Bell & Howell by helixblue · · Score: 2

    Every configuration change on the UNIX systems gets a Bugzilla ticket. This helps track our rational for making the change, who requested it, and who was involved in making the decision.

    I also normally do one of these in the ticket to reference it:

    * log the commands run to make the change. Not only is this great search engine fodder later, but it helps peer review.

    * If it's a config file or script change, I often paste or attach a diff (depending on it's size) into the ticket.

    For instance, I just closed one request for adding some developers to the sudoers file. I pasted the lines added into there.

    The second thing that happens is any file in /etc, or any script we use, is in CVS. This is most useful for programs who's configuration constantly changes (Nagios, for instance).

    The CVS usage gets a little fuzzy with configuration files outside of /etc, we're not doing a terribly good job at this. At my last place, every config file was in CVS.

    I've written a cute wrapper around cvs for maintaining unix config files, so that non-UNIX folks can safely edit the files in a revision control environment without knowing that CVS is being used. I plan to release "revedit" once I can get this VaultHost stuff going.

  9. DIY by Permission+Denied · · Score: 2
    Database-enabled web app - write it yourself.

    Our shop needed something like this. Actually, it wasn't for the unix machines (I'm the main unix admin and I just keep a file /etc/LOG on all my unix boxes), but rather for the support personnel who were working with user desktop machines (this is an office, so obviously these were not unix machines but rather Windows and MacOS).

    We just ended up writing our own system, one bit at a time. We now have a somewhat complex system that integrates our main employee database (used for accounting and whatnot, a lot of accounting apps having moved to the web), our computer inventory database, and our support workorders database (and various miscellaneous other web apps). The workorders database allows one to tie a request to a particular machines, so one can query and find out the history of a particular desktop machine (as machines get moved around a lot).

    Look into php+mysql, as these make web apps extremely easy (much faster to write than perl, and I'm an experienced perl programmer, written XS extensions, etc - I like perl very much and do quite a bit of it, but web databases are much easier to do in php). If you haven't done any php, first look at some GOOD php code to learn how to do things as it's very easy to come up with unmaintainable crap (see www.horde.org for examples of good php).

    Also, if any admin is reading this and not doing it already - log your changes somewhere. I use /etc/LOG, but anything immediately recognizable as an important document obviously written by the previous admin will very much help the machine's next admin when you get a better job. This has also very much helped me when I need to duplicate a machine's configuration, upgrade a server, etc ("what were the apache configuration flags I used on this machine again?"). Don't put it off until you get some snazzy web database, but start documenting anything you do as root right now.

  10. Haven't Found One Yet, But... by Bravo_Two_Zero · · Score: 2

    I haven't found one I like yet, but this one was close. At least, it worked well in an unstructured sort of way that made using it very easy:

    http://freshmeat.net/projects/bartleby/

    And it could track any kind of system since you really just free-form the change data. We need something a bit more formal, though. But, it may be just the ticket for you.

    --


    Amateurs discuss tactics. Professionals discuss logistics.

  11. religiously log by papavictor · · Score: 1

    Yup, we built it. But as others have mentioned, you have to religiously enter all your changes or it is all junk.

    One more thing, we found it helpful when you delegate to other staff persons is to have them log in and have the system track the changes they make (and how long was that lunch break).

  12. /etc/logbook.txt by bsdbigot · · Score: 1

    No, really - hear me out. The desire to find a system to do the work for you has the tendency to overshadow the work that needs to be done. Some coworkers and myself use a file called /etc/logbook.txt in which we simply document changes to the system. At least by writing down these changes, they become known. By being known, they become useful - I can't begin to tell you how useful! Make the effort to try this, then look at a package solution. We found that this suits our needs perfectly.

    --
    main(){char I,l,O[]={'-',1-1,0,(1<<5)-1,0+'-',-10-1,-10,11-0,- 1,-100};for(I=l=0;l<10+0;put
  13. in house solution by josepha48 · · Score: 2

    we have this.. basically one of the guys I work with wrote it. It is basically like cvs only it locks files when you check them out. It also has a database where it stores what version was checked out and what was checked in and other such information like the comment and the date and who did the change. You can then use isql to view the info. Then I have a script that can diff 2 revisions. I am thinking that this would be useful to others and maybe seeing if we can sell this solution.

    --

    Only 'flamers' flame!

  14. /usr/local? by Josh+Booth · · Score: 1

    I read somewhere that all new software should be install in /usr/local to make sure that you could track the changes. Of course this would not help for configuration files, but maybe you could do a cron job to backup or diff /etc. I don't really know because I'm not a sysadmin (for anyone but myself) and not even that knowledgable about *nix. Anyway, that's my 2 cents.