# Sys admin config changes using CVS!?

## gleno

Hi all,

I've head of system administrators using CVS to keep track of changes to system configuration files. This allows them to look back at changes and to role backs. Plugin the web interface tools such as viewcvs and cvsgraph and it looks like a good way to go.

Has anyone tried this?

What success / failures have you encountered?

What solutions have people put into place to do this.

Thanks 

Glen

----------

## S_aIN_t

I have done this before. Installing a cvs server with the proper authentication took a little bit of time (I ran into some stupid problem). Now i am using subversion instead of cvs.

All i can say, is that keeping track of the system config files with cvs/subversion is a very good idea. If something goes wrong you can always go back to and older config file that works.

----------

## wll

I'm SSH'ing to CVS on the server (no pserver) and managing /etc with it.

I don't actually do a CVS checkout into /etc, because I didn't want to have

the CVS directories there.

I have an rsync command that copies only the files I want to track (not the library caches, for instance). Rsync's --cvs-exclude option works well for this.

It took a little tinkering, but I LOVE knowing exactly what's there.

Plus, being a Linux newbie, it was an education diving into /etc.

BTW, S_aIN_t, how's subversion working for you?

----------

## gleno

Thanks for the feed back  :Smile: 

I was trying to use CVS with my /etc, but of course I don't want pesky /cvs directories all over the place.  I imported the /etc directory into $hostname/etc, but after I have already made a change in the etc directory it wouldn't let me commit without a checkout.

Is this something I should put up with... I mean do I need to perform a checkout?

I'm still learning the cvs commands as well, which steepens the learning curve  :Confused: 

Also, wll,  how did the rsync system work?

----------

## wll

My understanding is that you need a checkout (I like the term sandbox) to do a commit in CVS. You can do an import, which is a kind of checkin, but it will still require a checkout/checkin process in a sandbox to resolve conflicts.

I recall the other reason I didn't want to have the sandbox to be /etc is file permissions. CVS does not really pay much attention to them. For instance, it would be possible, especially given the way using CVS on the command line encourages you to work, to end up with your shadow password file world-readable.

Anyway, I have a sandbox directory in /root where I checkout /etc. After something changes in /etc, I'd run rsync to copy files into /etc.

So, assuming I've got a check-out copy of /etc in /root/sandbox/etc:

```
root # cvs -q up -dP
```

tells me if I'm up-to-date with the repository. If I'm not, I may need to commit files with changes I want to keep. That done, I run rsync:

```
root # rsync --delete --verbose --recursive --times --cvs-exclude  /etc/ /root/sandbox/etc
```

Running cvs -q up -dP again will show me what's changed. I use cvs add to add new files and directories, cvs diff to see what's changed, commit  files, etc. Then I have the history of /etc safely stored in my repository. Tag files often so I know what works, etc.

That's a brief look. You can put the rsync into a shell script if you want and CVS offers tons of ways to automate stuff. There are also many fine utilities, like ViewCVS, or a favorite of mine,

CVSTrac.

CVS definitely has a learning curve and even though I read a lot about it, it really wasn't until I got hands-on experience that I became comfortable with all this. Same with rsync.

I'm using CVS to track web sites I'm working on and I'll probably integrate this with rsync and some shell scripting to insure that those pesky permissions are handled. Once you've got some tools, you want to use them.  :Smile: 

----------

## S_aIN_t

 *wll wrote:*   

> I'm SSH'ing to CVS on the server (no pserver) and managing /etc with it.
> 
> I don't actually do a CVS checkout into /etc, because I didn't want to have
> 
> the CVS directories there.
> ...

 

it is doing well. i actually prefer it to cvs now. :)

----------

## gleno

Thanks to Both (S_aIN_t / wll),

The explaination (wll) makes perfect sense to me know. I had been using viewcvs to look at the repository and that combined with cvsgraph looks pretty nifty! I will check out cvstrac though.  Again thanks. 

Going to try it today  :Smile: 

----------

## wll

You're welcome, gleno and thanks for starting the topic. I don't think I've seen CVSGraph, I'll check it out.

CVSTrac's got a simple ticket system and timeline to integrate with CVS, a repo browser and built-in wiki. It uses SQLite, a cool little database engine by the same author. SQLite's going to be distributed with PHP 5 and is worth a look, too.

S_aIN_t, what Subversion version are you running? They're all still masked. (Is it only called SUBversion while it's at subversion 26, 34, etc.?)  :Very Happy: 

Wes

----------

## riken

 *gleno wrote:*   

> Thanks for the feed back 
> 
> I was trying to use CVS with my /etc, but of course I don't want pesky /cvs directories all over the place.  I imported the /etc directory into $hostname/etc, but after I have already made a change in the etc directory it wouldn't let me commit without a checkout.
> 
> Is this something I should put up with... I mean do I need to perform a checkout?
> ...

 

Instead of checkout you can use export. Export doesn't give you the cvs directory or other cvs files.

Cam

----------

## wll

 *riken wrote:*   

> [Instead of checkout you can use export. Export doesn't give you the cvs directory or other cvs files.
> 
> Cam

 

The problem with using export with /etc is you can't control the file permissions.  :Sad:  That's why I chose to sync a sandbox and the destination directory /etc. Maybe Subversion could do better, if I find some time I'll be looking at it again. I'd be interested in hearing about another way to do this, since the file permissions issue also comes up with web sites and CVS.

Typically when you use CVS you're using the sandbox as a testing area, say for compiling. In the case of /etc, you need to make changes right there, so in this case I'm really using CVS as more detailed, annotated archive of the history of /etc. It's probably overkill for most people, but for me it's part of really controlling my Gentoo environment and learning Linux at the same time.

I just used to tgz the whole directory when I first started with Gentoo every time I emerged something. I'm less paranoid now and pretty comfortable with CVS and rsync.

----------

## tdb

 *S_aIN_t wrote:*   

> I have done this before. Installing a cvs server with the proper authentication took a little bit of time (I ran into some stupid problem). Now i am using subversion instead of cvs.
> 
> All i can say, is that keeping track of the system config files with cvs/subversion is a very good idea. If something goes wrong you can always go back to and older config file that works.

 

Show me how you do it. I've been meaning to use subversion to track my /etc and /home directories, but the problem I run into is move/copy/delete files. What if a program moves or copies a file in a work directory and doesn't tell you. It seems like I have to do one of three things:

1. Get subversion to automatically follow file move/copy/deletes. Doubt this is possible. 

2. Somehow find a way to track what files may have been moved/copied/deleted and do it by hand. This works for deletes by using "svn status" (or something like that), but I can't get it to show me what files are new to the directory.

3. Somehow get the programs themselves to use svn for move/copy/delete.

How do you handle this issue?

----------

## yatesco

Other good thing about cvs is konqueror understands CVS directories.

Although, of course, all you "proper" sys admins don't use GUIs  :Wink: 

Only kidding, merry Christmas

----------

## Roderik

for a gui i like Chora from Horde the most, its php based and looks nicer to me  :Smile: 

http://www.horde.org/chora/

live demo @ php.net: http://cvs.php.net/cvs.php/phpweb/

----------

## sweatje

Sorry to jump in late (I was actually searching for an ebuild script for cvstrac and found this thread).   

Would it be possible to create a "shadow etc" directory and use symlinks to point to the real /etc files?  I am not sure if cvs updates files inplace or removes and writes new (which would stop this scheme from working).  If cvs plays nice with the symlinks, and root did the checkin/checkout, permissions should be fine as well.

HTH

----------

## swimmer

Hmm - how do you guys handle the symlinks?

I thought that neither CVS nor Subversion support symlinks?!?

Glad to stay corrected

Stefan  :Wink: 

----------

## sn4ip3r

 *swimmer wrote:*   

> Hmm - how do you guys handle the symlinks?
> 
> I thought that neither CVS nor Subversion support symlinks?!?
> 
> 

 

I also use subversion for the whole /etc. Subversion does not support symlinks, but I have added all symlinks to the ignored files list (svn:ignore directory property). I have also added some sensitive files which contain certificates or passwords to the svn:ignore list, and wrote a script which filters the whole repository and removes all sensitive files and their history.

----------

## tdb

Yeah, most every solution to using subversion/cvs for maintinaing the /etc directory involves a sandbox and scripts that either strip out sensetive files and symlinks, or store them in a compatable format (and have them restored upon checkout.)

----------

## MooktaKiNG

I tried using subversion.

However there are few problems with it. It doesn't seem to save ANY symlinks. which is very annoying.

Also i need a way to automaticly add a file and then do commit.

I hate this about CVS and Subversion. I mean adding files can be very useful. However, i still want a way to automaticly add new files froma given directory recursively.

----------

## gleno

Hi all,

Admittedly I have had many other fires to fight and have not applied the requests that have been provided. I have though, been searching intermmitently for any other experiences.

I found this, http://www.unixreview.com/documents/s=1344/ur0303d/

and figured that this could make things easier for most peoples request.

Whether it be RCS, CVS, Subversion...... it should give some insight to making it work for your particular usage.

Cheers   :Smile: 

Gleno

----------

## fnjordy

 *sweatje wrote:*   

> I was actually searching for an ebuild script for cvstrac and found this thread. 

 

I've just added one: cvstrac 1.1.5

----------

## sweatje

 *fnjordy wrote:*   

>  *sweatje wrote:*   I was actually searching for an ebuild script for cvstrac and found this thread.  
> 
> I've just added one: cvstrac 1.1.5

 

That is encouraging, I will have to check it out  :Smile: 

----------

