[OT] - Best Practices(TM) for Configuration File Changes
Roland Smith
rsmith at xs4all.nl
Sun Mar 29 05:45:27 PDT 2009
On Sun, Mar 29, 2009 at 07:37:27AM -0400, Glen Barber wrote:
> Hello, list.
>
> Before I pose my question, I am not intending to start a flame-war of
> any sort -- I'm just searching for "different" ways of doing things.
>
> With so many different version control systems available (aside from
> the traditional "keep current backups" solution), I am curious:
>
> Q: What is *your* favorite/suggestion solution to keep (working)
> versions of configuration files, in case something goes awry?
>
> I am specifically targeting configuration files because they are what
> I change the most, in avoidance of "It worked 10 minutes ago..."
> situations.
My configuration files are kept in git managed directories under
~/setup/<hostname>. Every <hostname> directory is its own
repository. The reason that I'm using git is because it does what I
need, is small and fast and doesn't require an external reporitory. For
configuration files which are usually plain text all revision control
systems would probably work OK.
Every directory contains two perl scripts, check.pl and install.pl that
respectively check the differences between files in the repository and
in the filesystem and install files. Both these programs read a file
called 'filelist.<username>'. This is a text file that has on every line
a file in the reposirory, a permission, and its location in the
filesystem (e.g. under /etc or /usr/local/etc for user root, or in $HOME
for other users) and any post-install commands. Both scripts only
process the filelists for the user that is running the script.
Excerpt from filelist.root:
# List of files that should be installed as root,
# with their install locations.
# Time-stamp: <2009-03-04 20:52:39 rsmith>
# setup file perm system file commands
etc/login.conf 644 /etc/login.conf cap_mkdb /etc/login.conf
etc/make.conf 644 /etc/make.conf
etc/manpath.config 644 /etc/manpath.config
etc/master.passwd 600 /etc/master.passwd pwd_mkdb -p /etc/master.passwd
etc/mergemaster.rc 644 /etc/mergemaster.rc
etc/named.conf 644 /var/named/etc/namedb/named.conf
etc/ntp.conf 644 /etc/ntp.conf /etc/rc.d/ntpd restart
The file from the first column is installed in the location in the third
column with the permissions listed in the second column. The rest of the
line (if any) is interpreted as a list of commands and executed by a subshell.
This system makes it easy to see if there are any differences between
the configuration files in the repository and the real configuration
files (e.g. after a mergemaster run). And it can install every file in
its correct place. It also makes sure that users can only install their
own files, by reading only that user's filelist.
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090329/17038cb5/attachment.pgp
More information about the freebsd-questions
mailing list