Hi all,
I have a question about merging default configurations with own changes.
As an example, take an apache configuration.
The default configuration may change, according to best practice(e.g.
which encryption protocols are safe to use etc). so you are happy to
use whatever the package provides (if it is well-maintained)
However, some things you may not like, say: the "PermitRootLogin yes" line.
[Okay, the example has a bit of a "design fault" because Apache
configs have include statements etc. - but there are examples without,
as ntp.conf, and some do not like to have two lines of the same key
which are conflicting - so you really have to replace the default with
yours. I just wanted to give this as an example you may familiar with]
So, for the sake of this example, assume all is written in one
httpd.conf (no includes) and you are not allowed to have two lines as
PermitRootLogin yes
PermitRootLogin no
How do you keep track of the "latest changes" in default configuration
while making the changes you really want?
I wonder especially in the context of automation where you may run it
on many instances without manual invervention.
My solution at the moment is:
1st install:
- backup default (copies etc/htttpd.conf to httpd.conf.defaults)
- update_config (e.g. parses the defaults with awk and replaces
PermitRootLogin "yes by "no"[simplified]:
awk '{if $1=="PermitRootLogin") print $1" no"; else print}'
Update:
- backup $version (just in case..)
- restore default (copies etc/htttpd.conf.default to httpd.conf so the
upgrade finds a pristine config)
- package upgrade
- update_config (as before)
The advantage of this: update_config can do a lot of things, including
using system-specific variables (e.g. getting an IP address from the
system so you tell the system to listen on this IP only - no
localhost: "Listen IPAddress:80").
A "diff" can be used to monitor unexpected changes afterwards (the
diff should oonly show the xpected lines) , to alarm me if things are
not right.
I wonder whether there is any better support from configuration
management tools you are using.
Thank you
Peter
_______________________________________________
luv-main mailing list
[email protected]
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
