:: Re: [Dng] configuration management
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Alex 'AdUser' Z
Datum:  
To: dng
Betreff: Re: [Dng] configuration management
'ucf' package already does the 'automerge or ask-user-on-fail' task.
The only thing you should do - mark file as config during packaging.

Whole /etc tree in vcs is overkill (this is based on my own experiments
with svn, bare git and etckeeper).

First trouble you will face on this way - no one popular vcs doesn't
handle precisely owner/group and permissions, except 'x' flag. (at least
private ssh/ssl keys, and shadow file needs to be handled with care).

Second thing - vcs can expose your sensitive data with commit history.
Rewriting history to exclude such data if already commited - is bad idea.

P.S.: Not mine, but exactly for this case:
- Hey Alex, what do you think about keeping /etc in git?
- You need this, if your server managed by hundreds of hackers from all
over the world.

26.12.2014 03:54, Hendrik Boom пишет:
> On installation, the configuration files (in /etc, of course; are there
> others?) should all be checked into a revision management system, with
> a
> vendor branch (the upstream versions from devuan) and a local branch
> (the versions as adated to local requirrements). Every time an upgrade
> makes changes, the appropriate merges should take place. If changes
> are too radical, the merge will fail, and manual intervantion should be
> mandatory. Deferring the merge resolution whould be possible -- the
> revision management system will hold all the details.
>
> Doing this will maximize transparency whe things get complicated, and
> leaves the sysadmin the opportunity to back out of configuration changes
> manually or make other necessary changes.
>
> -- hendrik
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>


--
-- Alex