Subversioned system configuration

published Jul 04, 2006, last modified May 18, 2007

by Holger Krekel from merlinux

Linux distros need configuration and customisation. People want to modify text config files. Some changes need reviews to prevent bad things from happening. Without tool support this is fragile. Problems are then hard to track.

You can version the /etc directory with subversion or the like. But permissions and ownerships is hard to do right there. They can be different from system to system. This is intrusive. You don't want that many versioned directories.

vadm gives you indirect versioning. vadm add /etc/passwd This maps to-be-versioned files into user-specific working copies. It delegates to an underlying versioning system. It gives bidirectional transform of ownership and permission info. History and diffs are available.

vadm: using it

  • prerequisites: svn installation, sudo rights for executing user, and a repository
  • vadm init file:///sysrepo/mysystem
  • vadm add/remove/commit/diff/log path/to/configfile
  • Start using it just like subversion

Setup notifications:

  • Install a post-commit hook into subversion repo to signal admins of changes.
  • daily cronjob may commit any pending changes

We use it to control some 20 systems now. Daily auto-committing has proven to be valuable. It signals changes to others who can then review your changes. You can find out who edited particular lines.

Versioning clusters

  • this is future work
  • versioning multiple similar machines:
    • distinguish between local and global (cluster-wide) changes
    • allow groups of systems (postfix systems, subversion systems)
    • per system would take preference
  • a cluster vadm should only require ssh + local svn config
  • vadm is slow now
  • don't require a server-side daemon other than sshd?

Suggested semantics

  • a URL defines a group of versioned files.
  • each system has a stack of multiple such urls
  • url marked manual-update or auto-update

Other considerations:

  • versioning package installation information. An update of the apache package probably has a new config file. Do this in the same commit.
  • speed up versioning of hundreds of system files
  • plug in other versioning systems. Subversion is best supported now.

vadm future:

  • release planned in 2006, under GPL
  • development happens on a demand basis
  • training/support possible

Use the source

Keywords
europython plone