What solutions exist to allow the use of revision control for server configuration files? [closed]

version-control linux

I have tested this at home (~ 3 hosts) for some time now, trying different scms (RCS, Subversion, git). The setup that works perfectly for me right now is git with the setgitperms hook.

Things you need to consider:

Handling of file permissions and ownership

  • RCS: does this natively
  • Subversion: last I tried, you needed a wrapper around svn to do this
  • git: the setgitperms hook handles this transparently (needs a fairly recent version of git with support for post-checkout hooks, though)

Also, if you don't want to all of your /etc under version control, but only the files that you actually modified (like me), you'll need an scm that supports this kind of use.

  • RCS: works only on single files anyway.
  • Subversion: I found this to be tricky.
  • git: no probem, put "*" in the top-level .gitignore file and add only those files you want using git add --force

Finally, there are some problematic directories under /etc where packages can drop config snippets that are then read by some program or daemon (/etc/cron.d, /etc/modprobe.d, etc.). Some of these programs are smart enough to ignore RCS files (e.g. cron), some are not (e.g. modprobe). Same thing with .svn directories. Again a big plus for git (only creates one top-level .git directory).


I've done it informally with git, but there's also the etckeeper project which is a more completist and detailed implementation.


Another option is to use an automated server configuration tool like Puppet or Cfengine to script your server configurations in a declarative language.

It's extra work on the front-end, but using a utility like Puppet allows you to automatically rebuild and configure a server with very little human intervention.


I have been experimenting with etckeeper which seems to work pretty well. I doesn't require a centralized server, which may be important in some situations. You can use several different DVCS backends, so you can choose the one you are most familiar with. It seems to work very well for me, but I haven't tried getting the other techs where I work to start using it yet.

Related

What is a good SSH server to use on Windows? [closed]
Non-volatile cache RAID controllers: what kind of protection is there against NVCACHE failure?
Set root domain record to be a CNAME
In DNS can an IN NS point to a CNAME?
Is there a big difference between CentOS 6.4 to 6.2 and should I up/down-grade?
Why multiple PTR records in DNS is not recommended?
DNS just started resolving my server.prod addresses to 127.0.53.53
FTP and Apache permission issues
`sudo echo "bla" >> /etc/sysctl.conf` permission denied
Should I use IPv6 only or both IPv4 and IPv6 in my web server?
Find out which process is changing a file
Apache Default/Catch-All Virtual Host?