[OT] - Best Practices(TM) for Configuration File Changes

Roland Smith rsmith at xs4all.nl
Sun Mar 29 05:45:27 PDT 2009

On Sun, Mar 29, 2009 at 07:37:27AM -0400, Glen Barber wrote:
> Hello, list.
> Before I pose my question, I am not intending to start a flame-war of
> any sort -- I'm just searching for "different" ways of doing things.
> With so many different version control systems available (aside from
> the traditional "keep current backups" solution), I am curious:
> Q:  What is *your* favorite/suggestion solution to keep (working)
> versions of configuration files, in case something goes awry?
> I am specifically targeting configuration files because they are what
> I change the most, in avoidance of "It worked 10 minutes ago..."
> situations.

My configuration files are kept in git managed directories under
~/setup/<hostname>.  Every <hostname> directory is its own
repository. The reason that I'm using git is because it does what I
need, is small and fast and doesn't require an external reporitory. For
configuration files which are usually plain text all revision control
systems would probably work OK.

Every directory contains two perl scripts, check.pl and install.pl that
respectively check the differences between files in the repository and
in the filesystem and install files. Both these programs read a file
called 'filelist.<username>'. This is a text file that has on every line
a file in the reposirory, a permission, and its location in the
filesystem (e.g. under /etc or /usr/local/etc for user root, or in $HOME
for other users) and any post-install commands. Both scripts only
process the filelists for the user that is running the script.

Excerpt from filelist.root:

# List of files that should be installed as root,
# with their install locations.
# Time-stamp: <2009-03-04 20:52:39 rsmith>
# setup file            perm    system file             commands
etc/login.conf          644     /etc/login.conf         cap_mkdb /etc/login.conf
etc/make.conf           644     /etc/make.conf
etc/manpath.config      644     /etc/manpath.config
etc/master.passwd       600     /etc/master.passwd      pwd_mkdb -p /etc/master.passwd
etc/mergemaster.rc      644     /etc/mergemaster.rc
etc/named.conf          644     /var/named/etc/namedb/named.conf
etc/ntp.conf            644     /etc/ntp.conf           /etc/rc.d/ntpd restart

The file from the first column is installed in the location in the third
column with the permissions listed in the second column. The rest of the
line (if any) is interpreted as a list of commands and executed by a subshell.

This system makes it easy to see if there are any differences between
the configuration files in the repository and the real configuration
files (e.g. after a mergemaster run). And it can install every file in
its correct place. It also makes sure that users can only install their
own files, by reading only that user's filelist.

R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090329/17038cb5/attachment.pgp

More information about the freebsd-questions mailing list