Skip to content

Archives

Using VC to track system config changes by mail

Here’s a great idea from a thread on the SpamAssassin users list, from Roger Marquis:

Karsten Bräckelmann [questioning the utility of a mechanism to dump the entire contents of the SpamAssassin configuration database]:

‘postconf’ without the handy -n switch dumps about 500 lines. The equivalent dump for SA including the rules is about 6000 lines. And that’s a plain dump, without following and unfolding meta rules or anything.

Whether 6K or 60K would not necessarily make a difference to how I would like to use an SA ‘postconf -n’ equivalent. That use is change management. The intent is not in the full report itself but in its deltas.

As full time mail/systems admins we get invaluable data from tripwire/integrit, ‘postconf -n’, dconf, ‘rpm -qa’, ‘dpkg -l *’, ‘pkg_info -a’, … whose output is checked in to RCS daily. This provides a nice configuration snapshot and historical record but its real usefulness comes from rcsdiff piped into a daily report. These are (usually) relatively concise, and IMO, absolutely essential for monitoring production Unix/Linux systems.

I like it! I think I’d check it into a git repo, though. The concept of applying VC smarts to traditional sysadmin tasks is definitely a meme on the way up — see also etckeeper.

1 Comment