08 December, 2011
Today I was looking for a solution that could allow me to quickly and simply provide configuration management local to a server with minimal if any dependencies clogging up the system, and as little interaction as possible from administration users. As I know that te server in question has a number of hands-on users, with root access, automating and hiding a mechanism that can backup critical information would be invaluable. I set about creating a tiny system built on Git.
The server in question relies on Git already for deployment after successful test runs, so the use of Git added no additional dependencies to the server, which is great. Git is fast, so there would be no issues using it quietly in the background.
Thinking slightly further into the future, I figured that an ideal mechanism would bootstrap itself, and operate without interaction from users. We all love to be lazy, and adding more steps to existing administration work would not go down well, and could potentially be forgotten.
With all this in mind, I created the following small bash script. Its placed into
/root/.bash_logout and is run every time you logout:
#!/bin/bash ## ## Commit configuration files. ## if [ ! -d /etc/.git ]; then cd /etc git init git config user.name "Server Administrator" git config user.email "root@localhost" fi git \ --work-tree=/etc \ --git-dir=/etc/.git \ add . >/dev/null 2>&1 git \ --work-tree=/etc \ --git-dir=/etc/.git \ commit -a -m "Logout commit `date +%c`" >/dev/null 2>&1
You can grab it via Github as a gist as well, and place it into your server:
wget http://goo.gl/I5YLU -O /root/.bash_logout
Beware doing this if you already have a
/root/.bash_logout file, as it would be overwritten.
The script is run every time you logout. If a git repository doesn't exist yet, it creates one and makes the initial commit of all data. Every subsequent logout commits changed information, keeping a track of everything you do in your
There are definitely ways to improve this. As git creates
644 file and
755 directory permissions, it would be wise to
chmod all files to
600 and all directories to
700 to prevent regular system users from browsing the git objects hierarchy and viewing your
/etc/shadow file and other sensitive information.
Let me know if you have any ideas for additional security, or any other automatic smarts to improve this quick-n-dirty server config versioning mechanism. Enjoy!