[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Current best practices for system configuration management?



Mike Castle writes:

For a while now, I've been using `equivs-build` for maintaining a
hierarchy of metapackages to control what is installed on my various
machines.  Generally, I can do `apt install mrc-$(hostname -s)` and
I'm golden.

Now, I would like to expand that into also setting up various config
files that I currently do manually, for example, the `/etc/apt/*`
configs I need to make the above work.  For a single set of files,

[...]

My first thought was to simply add a `Files:` section to *.control
files I use for my metapackages.  After all, for configs going into
*.d directories, they are usually easy to just drop in and remove, no
editing in place required.  But, that is when I discovered that all
files under `/etc` are treated specially.

[...]

Hello,

I can confirm from experience that Ansible can indeed scale down to as little as the one local machine that it is running from. It has a learning curve and at least to me it always felt a little clumsy to learn a YAML based scripting language for this purpose, but its a solid choice.

Continuing the package-based approach is what I do because once some wrapper around the `debuild` commands was established, it became acceptably easy to use. I even maintain my “dotfiles” (not under $HOME but under /etc, but to a similar effect) this way: https://masysma.net/32/conf-cli.xhtml.

With `config-package-dev` there are some tricks to even allow changing (config) files supplied by other packages.

The disadvantage with the package-based approach is that it is heavily distribution-specific and also if you mess anything up, a core component of the OS (package management) can become broken - I luckily never broke it to the extent that recovery was impossible, but in the beginning ran a dedicated test VM to validate all package changes prior to installing them on my main system

I have also heard good things about Nix and if I had to start again from scratch today, I'd probably invest time into learning that technology. Right now I am sufficiently satisfied with the package-based approach to not look into it yet.

HTH
Linux-Fan

öö

Attachment: pgpKpsAp6SGz5.pgp
Description: PGP signature


Reply to: