Blog: Automatic commits for server configuration files
08 December, 2011
Today I was looking for a solution that could allow me to quickly and simply provide configuration management local to a server with minimal if any dependencies clogging up the system, and as little interaction as possible from administration users. As I know that te server in question has a number of hands-on users, with root access, automating and hiding a mechanism that can backup critical information would be invaluable. I set about creating a tiny system built on Git.
The server in question relies on Git already for deployment after successful test runs, so the use of Git added no additional dependencies to the server, which is great. Git is fast, so there would be no issues using it quietly in the background.
Thinking slightly further into the future, I figured that an ideal mechanism would bootstrap itself, and operate without interaction from users. We all love to be lazy, and adding more steps to existing administration work would not go down well, and could potentially be forgotten.
With all this in mind, I created the following small bash script. Its placed into /root/.bash_logout
and is run every time you logout:
#!/bin/bash
##
## Commit configuration files.
##
if [ ! -d /etc/.git ]; then
cd /etc
git init
git config user.name "Server Administrator"
git config user.email "root@localhost"
fi
git \
--work-tree=/etc \
--git-dir=/etc/.git \
add . >/dev/null 2>&1
git \
--work-tree=/etc \
--git-dir=/etc/.git \
commit -a -m "Logout commit `date +%c`" >/dev/null 2>&1
You can grab it via Github as a gist as well, and place it into your server:
wget http://goo.gl/I5YLU -O /root/.bash_logout
Beware doing this if you already have a /root/.bash_logout
file, as it would be overwritten.
The script is run every time you logout. If a git repository doesn't exist yet, it creates one and makes the initial commit of all data. Every subsequent logout commits changed information, keeping a track of everything you do in your /etc
directory.
There are definitely ways to improve this. As git creates 644
file and 755
directory permissions, it would be wise to chmod
all files to 600
and all directories to 700
to prevent regular system users from browsing the git objects hierarchy and viewing your /etc/shadow
file and other sensitive information.
Let me know if you have any ideas for additional security, or any other automatic smarts to improve this quick-n-dirty server config versioning mechanism. Enjoy!