Slashdot Mirror

← Back to Stories (view on slashdot.org)

Version Control for Important System Files?

Posted by Cliff on from the so-you-can-roll-back-when-things-go-wrong dept.

TokyoCrusaders92 asks: "Like a lot of other organizations (800 staff, 5000 students) we have a mix of Windows, Novell & Linux (primarily Linux) for our IT infrastructure. We now have a multitude of config files, firewall rule bases, shell scripts, and so forth which are managed by multiple people and groups. Recently, we started using RCS for version control of the firewall rule-base, but this doesn't seem like it would scale up to larger groups of users. While thinking about this, it would seem that the critical features would include: version control; logging; multiple users; secure authentication; and integrity checking. What are other people using to manage their config files?"

14 of 71 comments (clear)

  1. Distributed SCM by MichaelSmith · · Score: 2, Informative

    I keep my config files in a directory structure in my home directory on my laptop which mirrors the structure of the systems I maintain. I use the mercurial DSCM for version control and push revisions to a user account on each server. From there I run a script as root which recursively copies the files into the target directory tree.

    --
    http://michaelsmith.id.au
  2. A CVS server by kotj.mf · · Score: 4, Informative

    How similar are your systems? I help manage several thousand distributed boxes that are reasonably identical, and we keep everything in a central CVS server: management scripts, config files, crontabs, what have you. There's no reason it couldn't be used for more heterogeneous systems, other than having to be more careful with file naming conventions.

    --
    hang brain.
  3. Subversion by Just+Some+Guy · · Score: 2, Informative

    Next question?

    --
    Dewey, what part of this looks like authorities should be involved?
    1. Re:Subversion by Cyberax · · Score: 3, Informative

      Subversion is the ideal solution - because it needs a lot of junk in .svn directories :( And it can mess with some scripts that do recursive grep or something similar.

      SVK is better, but it is not as widely supported as SVN.

    2. Re:Subversion by ceroklis · · Score: 2, Informative

      RTFM: that is what the export command is for.

  4. puppet... maybe (not yet at least) by getha · · Score: 3, Informative

    Using something like subversion or any other version control system for such a task just leads to Yet Another Homebrew Administration System, that will probably lead your successors to tears and insanity. Use tools already there, and that are pertinent to the job.

    version control; logging; multiple users; secure authentication; and integrity checking. All those features you need are mostly already there in puppet: http://puppet.reductivelabs.com/ (and maybe also in cfengine, but that's a nightmare). And the development on puppet is really picking up steam at the moment.

    Problem for your situation is that it has no Windows or Novell support as of yet, but recently work on Windows at least seems to have started. And if your first priority is mainly config file management: that part should be fairly trivial.


    --


    xchg .,@
    jmp emailMe
  5. Re:Notepad by smallfries · · Score: 3, Informative

    GP uses a humorous post. Technical criticism is not applicable and is thus useless.

    --
    Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
  6. Those who don't know VMS... by MrBoombasticfantasti · · Score: 3, Informative
    Those who don't know VMS are wont to re-invent it... ;-)


    See Files-11 for a flashback.

    --
    !ERR: Signature not found.
  7. rsnapshot by perlionex · · Score: 3, Informative

    I use rsnapshot to do version control of my entire system. From the description:

    rsnapshot is a filesystem snapshot utility for making backups of local and remote systems.

    Using rsync and hard links, it is possible to keep multiple, full backups instantly available. The disk space required is just a little more than the space of one full backup, plus incrementals.

    Personally, I configure rsnapshot to generate snapshots every 4 hours, and then daily, weekly, and monthly.

    In your case, since you only want versioning for your configuration files, you can point rsnapshot at just the configuration directories (probably just /etc).

    --
    Gan Family Homepage
  8. Re:Our system is great by 26199 · · Score: 2, Informative

    How in the world did this get modded interesting?

    It should be clear to anyone that you were being sarcastic :p

  9. Darcs by swarsron · · Score: 2, Informative

    Try darcs (http://www.abridgegame.org/darcs/). Should do everything you need and has the advantage that you can create multiple repos for different purposes which all base on a single base repository. So i have a repository with all my config files and several others for different users which can pull their changes on top of the standard stuff. The syntax is quite easy to learn too.

    Only drawback is that it is quite slow with really big repositories (e.g. linux kernel).

  10. Use SVN instead by Schraegstrichpunkt · · Score: 2, Informative

    For a new installation, Subversion is probably a better choice than CVS, mainly because changesets are committed atomically, directories are versioned, and it has better security when dealing with remote access.

    --
    http://outcampaign.org/
  11. svn trick by bluegreenone · · Score: 4, Informative
    I use subversion (and tortoisesvn as the client) to version my windows system files, in general it works well. There is a trick though. To get a directory under svn control you normally have to import that directory and then rename it so you can checkout an svn'ed copy under the same name. This can be a problem for certain system directories. In this case what you do is :
    1. create the dir in the repository but leave it empty
    2. checkout that url on the existing dir, since url is empty nothing is overwritten
    3. now do an svn add then commit to get everything into the repository
    This leaves you with a versioned dir without need for renaming or deletion

    ...
    PATH train schedule online

  12. cfengine by eviltypeguy · · Score: 3, Informative

    One word: cfengine

    http://www.cfengine.org/