Re: Current best practices for system configuration management?

To: debian-user@lists.debian.org
Subject: Re: Current best practices for system configuration management?
From: Alexandre Rossi <niol@zincube.net>
Date: Fri, 19 Apr 2024 08:33:17 +0200
Message-id: <[🔎] ZiIQLavz1pRIuGc2@zincube.net>
In-reply-to: <[🔎] 20240419003803.uluhl5bnec4lw2n7@randomstring.org>
References: <[🔎] CA+t9iMwT6bEe9iydPzdEBkY8CCKk4c-5++taCGQhcGwQNYuwyQ@mail.gmail.com> <[🔎] 20240419003803.uluhl5bnec4lw2n7@randomstring.org>

Hi,

> > and so on, it is time to explore solutions.  I only have four systems
> > at the moment (two physical and two virtual), so I don't think I need
> > something too fancy.

I am in the same situation with an extra constraint: some are laptops
and not always connected.

> > My first thought was to simply add a `Files:` section to *.control
> > files I use for my metapackages.  After all, for configs going into
> > *.d directories, they are usually easy to just drop in and remove, no
> > editing in place required.  But, that is when I discovered that all
> > files under `/etc` are treated specially.

The limitation of this is that you cannot modify existing configuration
files, which is required sometimes.

> > Anyway, suggestions based upon actually experience would be appreciated.
> 
> The easy end of single-machine is etckeeper, which just checks
> your /etc (and whatever else you specify) into a local git. The
> high end of single machine is Nix, which has a complete language
> designed to capture the complete configuration of a system (and
> has spawned NixOS, a complete distribution).
> 
> The easy end of multi-machine systems is cdist and itamae. You might be
> quite happy with those, and itamae is reputedly very Chef-like.

I can also mention ansible which is ubiquitous nowadays and is relevant
even for a single machine. I've worked around my laptop deployment
requirement with a wrapper script around ansible-pull and a systemd timer
to regularly pull the conf from a git repository. It works well but
the complete configuration is known to all machines.

The Nix mention is highly relevant, but I did not get the chance to play
with it yet. The big advantage over  ansible and probably many others
is that if you remove a package installation from your configuration,
it will get removed from the host upon configuration deployment. Whereas
with ansible, you must add a explicit uninstallation rule. This is fine
for cloud host deployment where you always start from scratch, but for
physical machines and user laptops, Nix enforces consistency (but then
you need to learn something that is not Debian...).

Cheers,

Alex

Reply to:

References:
- Current best practices for system configuration management?
  - From: Mike Castle <dalgoda@gmail.com>
- Re: Current best practices for system configuration management?
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: Current best practices for system configuration management?
Next by Date: Re: Fwd: Debian 11 Xfce panel Network Manager applet has disappeared
Previous by thread: Re: Current best practices for system configuration management?
Next by thread: Re: Current best practices for system configuration management?
Index(es):
- Date
- Thread