Using VC to track system config changes by mail

Here’s a great idea from a thread on the SpamAssassin users list, from Roger Marquis:

Karsten Br├Ąckelmann [questioning the utility of a mechanism to dump the entire contents of the SpamAssassin configuration database]:

‘postconf’ without the handy -n switch dumps about 500 lines. The equivalent dump for SA including the rules is about 6000 lines. And that’s a plain dump, without following and unfolding meta rules or anything.

Whether 6K or 60K would not necessarily make a difference to how I would like to use an SA ‘postconf -n’ equivalent. That use is change management. The intent is not in the full report itself but in its deltas.

As full time mail/systems admins we get invaluable data from tripwire/integrit, ‘postconf -n’, dconf, ‘rpm -qa’, ‘dpkg -l *’, ‘pkg_info -a’, … whose output is checked in to RCS daily. This provides a nice configuration snapshot and historical record but its real usefulness comes from rcsdiff piped into a daily report. These are (usually) relatively concise, and IMO, absolutely essential for monitoring production Unix/Linux systems.

I like it! I think I’d check it into a git repo, though. The concept of applying VC smarts to traditional sysadmin tasks is definitely a meme on the way up — see also etckeeper.

This entry was posted in Uncategorized and tagged , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.

One Comment

  1. David Malone
    Posted March 3, 2009 at 21:10 | Permalink

    I’ve been checking Mailman configs into RCS for years, as a way of dealing with its binary blob config files that get chewed from time to time. Restoring isn’t so much fun, but at least you have some kind of backup and can track what’s going on.

    (To be fair, it hasn’t chewed it’s config files in a while – since I moved it to a disk where it doesn’t compete with anything else for disk space.)