[ On Thursday, August 3, 2000 at 15:29:20 (-0700), Kalle Hoffman wrote: ]
> Subject: Re: CVS'ing home directory files; CVS in place
>
> What was hard about it Greg? I've been using CVS to manage system
> configuration files for two years now. I use a unique repository
> that only root can read/write. The only draw back is that I have CVS
> directories all over my OS. I use Red Hat 6.2 Linux 2.2.14-5.0 and
> CVS 1.10.7.
Testing and concurrency and production changes are all contrary to each
other. I.e. it's not that it's "hard" per se -- it's just not the right
way to do things like this in any kind of serious production environment.
Even worse doing things like this as root, especially with more than one
admin, is absolutely positively wrong (well at least it violates every
sane security policy I've ever read or written!).
Unless you're willing to go to the full gamut of using something like
GNU CFengine where you're centralising the configuration of many systems
and perhaps sharing management with several admins, there isn't any need
to use CVS in the first place.
I once wrote a bunch of stuff that offered was much of the basic
functionality of CFengine (without the support for distributed systems)
but still found it got in the way far too much and even worse it caused
enormous conflicts and mistakes and sometimes downtime if one admin
forgot to follow all the correct procedures (which become by necessity
quite complex) after testing a change to a production system.
If you just use 'su' properly and plain old SCCS or RCS in the actual
directories where you modify configuration files then you'll have good
solid CM without the ability to "loose" changes. This is especially
easy and even trivial if you use a wrapper script on your editor that
does all the check-outs and commits, or if you use Emacs where such
ability is directly integrated and immediately available.
Even then good configuration management of the system configuration
parameters for a critical production system is sometimes still best done
with bound and numbered-page notebook that's chained to the system
console, and nobody's allowed to change anything without first logging
in there and writing down everything very very carefully, and everyone
collectively reads all the recent entries in the book at a weekly group
meeting! :-)
I.e. CVS is almost always the wrong tool for systems administration.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
