On 12/29/17 12:00, Michael Hekeler wrote: ... > I want to keep track of my changings in configfiles > like "/etc/ssh/sshd_config" or "~/.tmux.conf" and so > > Normally I create "/root/RCS" and "~/RCS". > Then in every directory with configfiles that I want to change I > create a symlink ./RCS -> /root/RCS (in the example of sshd_config I > will create /etc/ssh/RCS as symlink to /root/RCS. So when I check in > sshd_config the revision file goes to /root/RCS > When I setup a new machine I can look in the older host's /root/RCS and > it shows me which files I have to edit (or better: which files I edited > on that host). > > I am sure that every admin has its own way to do that. But I know > that it is always a good idea to listen carefully to more experienced > people. > That´s why I am asking.
One thing I have done for years, since hard disks became too stupidly big to even dream of using all of in many cases, is carve out a partition that I store dated tar files of the /etc/ directory in. So -- /bu/etc20171220.tgz /bu/etc20171221.tgz, and so on. With compression, you can get YEARS of backup files in a 40g partition. No check in/check out. Diffing is non-trivial, but ... how often do you do it? If you knew it worked yesterday(/last week) and is broke today, restore yesterday(/last week)'s files and figure out why it broke after you are back up and running. For files like DNS zone files and pf.conf files, I wrote a script that you run on either machine, it shows you the diff to the other machine, has you comment/explain your change, then pushes your change over to the other file. Works great for things where you have two different machines that should normally be running the same data, but you need to change and test that data from time to time. Done properly, you get everything good from "change control" and revision control, and almost zero effort on the part of the administrators. (yes, in the case of DNS, it means you handle the replication manually rather than through zone transfers -- and handling it manually is much better than the idiotic DNS master/slave concept. Win all around). Nick.