looking for suggestions for managing a tree of server configs

looking for suggestions for managing a tree of server configs

[david]

I've got a directory tree that holds config data for all my servers. This 
consists of one directory per server (which is updated periodically from 
what is currently configured on that server), plus higher level summary 
reports and similar information.

today I have just a single git tree covering everything, and I make a 
commit each time one of the per-server directories is updated, and again 
when the top-level stuff is created. This works, but it's not really that 
good at letting me go back and see what happened when on a particular 
server because of all the other activity going on in git log.

Also, currently all updates to this repository is serialized, but going 
forward I'm going to be adding some update processes that could result in 
different per-server directories being updated at the same time (and so, 
one may be fully populated with new data, while another has just had all 
the old data deleted prior to the new data being written). I'm concerned 
about possible issues with having these independant and overlapping update 
processes all working in a single git tree

I do want to have everythng share one storage repository, because much of 
the config on the servers is very standard, so I gain quite a bit by 
letting them delta off each other.

Is what I'm currently doing the best way to do this? or should I do 
something like having a submodule per server, or is there some other, 
better way of doing this.? Are there any tools that I should be using 
instead of continuing to use the scripts that I threw together several 
years ago?

David Lang

Re: looking for suggestions for managing a tree of server configs

[Junio C Hamano]

david@lang.hm writes:

> I've got a directory tree that holds config data for all my
> servers. This consists of one directory per server (which is updated
> periodically from what is currently configured on that server), plus
> higher level summary reports and similar information.
>
> today I have just a single git tree covering everything, and I make a
> commit each time one of the per-server directories is updated, and
> again when the top-level stuff is created.

It is quite clear to me what you are keeping at the top-level files,
but if a large portion of the configuration for these servers are
shared, it might not be a bad idea to have a canonical "gold-master"
configuration branch, to which the shared updates are applied, with
a branch per server that forks from that canonical branch to keep
the machine specific tweaks as differences from the canonical stuff,
instead of having N subdirectories (one per machine).

Re: looking for suggestions for managing a tree of server configs

[david]

On Sat, 13 Oct 2012, Junio C Hamano wrote:

> david@lang.hm writes:
>
>> I've got a directory tree that holds config data for all my
>> servers. This consists of one directory per server (which is updated
>> periodically from what is currently configured on that server), plus
>> higher level summary reports and similar information.
>>
>> today I have just a single git tree covering everything, and I make a
>> commit each time one of the per-server directories is updated, and
>> again when the top-level stuff is created.
>
> It is quite clear to me what you are keeping at the top-level files,
> but if a large portion of the configuration for these servers are
> shared, it might not be a bad idea to have a canonical "gold-master"
> configuration branch, to which the shared updates are applied, with
> a branch per server that forks from that canonical branch to keep
> the machine specific tweaks as differences from the canonical stuff,
> instead of having N subdirectories (one per machine).

In an ideal world yes, but right now these machines are updated by many 
different tools (unforuntantly including 'vi'), so these directories 
aren't the config to be pushed out to the boxes (i.e. what they should 
be), it's instead an archived 'what is', the result of changes from all 
the tools.

The systems are all built with a standard image, but the automation tools 
I do have tend to push identical files out to many of the systems (or 
files identical except for a couple of lines)

David Lang

Re: looking for suggestions for managing a tree of server configs

[Drew Northup]

On Sun, Oct 14, 2012 at 12:57 AM,  <david@lang.hm> wrote:
> On Sat, 13 Oct 2012, Junio C Hamano wrote:
>> david@lang.hm writes:
>>> I've got a directory tree that holds config data for all my
>>> servers. This consists of one directory per server (which is updated
>>> periodically from what is currently configured on that server), plus
>>> higher level summary reports and similar information.
>>>
>>> today I have just a single git tree covering everything, and I make a
>>> commit each time one of the per-server directories is updated, and
>>> again when the top-level stuff is created.
>>
>> It is quite clear to me what you are keeping at the top-level files,
>> but if a large portion of the configuration for these servers are
>> shared, it might not be a bad idea to have a canonical "gold-master"
>> configuration branch, to which the shared updates are applied, with
>> a branch per server that forks from that canonical branch to keep
>> the machine specific tweaks as differences from the canonical stuff,
>> instead of having N subdirectories (one per machine).
>
> In an ideal world yes, but right now these machines are updated by many
> different tools (unforuntantly including 'vi'), so these directories aren't
> the config to be pushed out to the boxes (i.e. what they should be), it's
> instead an archived 'what is', the result of changes from all the tools.
>
> The systems are all built with a standard image, but the automation tools I
> do have tend to push identical files out to many of the systems (or files
> identical except for a couple of lines)

David,
Is there any particular reason you aren't using etckeeper?

-- 
-Drew Northup
--------------------------------------------------------------
"As opposed to vegetable or mineral error?"
-John Pescatore, SANS NewsBites Vol. 12 Num. 59

Re: looking for suggestions for managing a tree of server configs

[david]

On Sat, 20 Oct 2012, Drew Northup wrote:

> On Sun, Oct 14, 2012 at 12:57 AM,  <david@lang.hm> wrote:
>> On Sat, 13 Oct 2012, Junio C Hamano wrote:
>>> david@lang.hm writes:
>>>> I've got a directory tree that holds config data for all my
>>>> servers. This consists of one directory per server (which is updated
>>>> periodically from what is currently configured on that server), plus
>>>> higher level summary reports and similar information.
>>>>
>>>> today I have just a single git tree covering everything, and I make a
>>>> commit each time one of the per-server directories is updated, and
>>>> again when the top-level stuff is created.
>>>
>>> It is quite clear to me what you are keeping at the top-level files,
>>> but if a large portion of the configuration for these servers are
>>> shared, it might not be a bad idea to have a canonical "gold-master"
>>> configuration branch, to which the shared updates are applied, with
>>> a branch per server that forks from that canonical branch to keep
>>> the machine specific tweaks as differences from the canonical stuff,
>>> instead of having N subdirectories (one per machine).
>>
>> In an ideal world yes, but right now these machines are updated by many
>> different tools (unforuntantly including 'vi'), so these directories aren't
>> the config to be pushed out to the boxes (i.e. what they should be), it's
>> instead an archived 'what is', the result of changes from all the tools.
>>
>> The systems are all built with a standard image, but the automation tools I
>> do have tend to push identical files out to many of the systems (or files
>> identical except for a couple of lines)
>
> David,
> Is there any particular reason you aren't using etckeeper?

not really, I've thought of that as a tool for managing a single system. 
Some of the data in configs is sensitive (and much of it is not in /etc), 
but I guess I should be able to work around those issues.

I can e-mail 'patches' to the central server, but I'm then back to the 
same question that I started out with.

How can I sanely organize all these different, but similar sets of files 
on the central server?

David Lang

Re: looking for suggestions for managing a tree of server configs

[Drew Northup]

On Sat, Oct 20, 2012 at 10:34 PM,  <david@lang.hm> wrote:
> On Sat, 20 Oct 2012, Drew Northup wrote:
>> On Sun, Oct 14, 2012 at 12:57 AM,  <david@lang.hm> wrote:
>>> On Sat, 13 Oct 2012, Junio C Hamano wrote:
>>>> david@lang.hm writes:
>>>>>
>>>>> today I have just a single git tree covering everything, and I make a
>>>>> commit each time one of the per-server directories is updated, and
>>>>> again when the top-level stuff is created.
>>>>
>>>> if a large portion of the configuration for these servers are
>>>> shared, it might not be a bad idea to have a canonical "gold-master"
>>>> configuration branch, to which the shared updates are applied, with
>>>> a branch per server that forks from that canonical branch to keep
>>>> the machine specific tweaks
>>>
>>> In an ideal world yes, but right now these machines are updated by many
>>> different tools (unforuntantly including 'vi'), so
>>> these directories aren't the config to be pushed out to the boxes, it's
>>> instead an archived 'what is', the result of changes from all the tools.

So you need to save what is there before pulling changes from the
master. That's no different from doing development work on an active
code base.

>> David,
>> Is there any particular reason you aren't using etckeeper?
>>
> not really, I've thought of that as a tool for managing a single system.
> Some of the data in configs is sensitive (and much of it is not in /etc),
> but I guess I should be able to work around those issues.

.gitignore and symlinks have been employed at times to deal with that.

> How can I sanely organize all these different, but similar sets of files on
> the central server?

The reason I asked about etckeeper is that you could, with proper
security in place, push those up to branches in a shared repository
(set up using gitolite, for instance) and not loose information about
the files in the process. This would allow you to make your changes on
one system using vi or whatever else is convenient, push the change up
to the shared repo, cherry-pick it into the other branches (using a
full check-out of all of the branches someplace safe as a workspace),
and pull that change out to the other systems.

If you are just looking to gather configuration information in the
large and don't want to engage in any shared management schemes (which
may involve symlinks in seemingly odd places to /etc and such) you may
wish to look at the System Configuration Collector [1] [2] which is a
nicely organized tool designed specifically to gather just the
important (and not highly confidential) information about common
software on a server and present it (and changes to it) to the admin
in a sensible manner. It is outside of the "Git Universe" but it does
what it sounds like you are doing now (if not what you wish to be
doing).

(1) http://www.qnh.eu/scc/
(2) http://sourceforge.net/projects/sysconfcollect/

-- 
-Drew Northup
--------------------------------------------------------------
"As opposed to vegetable or mineral error?"
-John Pescatore, SANS NewsBites Vol. 12 Num. 59

Re: looking for suggestions for managing a tree of server configs

[david]

On Sun, 21 Oct 2012, Drew Northup wrote:

> On Sat, Oct 20, 2012 at 10:34 PM,  <david@lang.hm> wrote:
>> On Sat, 20 Oct 2012, Drew Northup wrote:
>>> On Sun, Oct 14, 2012 at 12:57 AM,  <david@lang.hm> wrote:
>>>> On Sat, 13 Oct 2012, Junio C Hamano wrote:
>>>>> david@lang.hm writes:
>>>>>>
>>>>>> today I have just a single git tree covering everything, and I make a
>>>>>> commit each time one of the per-server directories is updated, and
>>>>>> again when the top-level stuff is created.
>>>>>
>>>>> if a large portion of the configuration for these servers are
>>>>> shared, it might not be a bad idea to have a canonical "gold-master"
>>>>> configuration branch, to which the shared updates are applied, with
>>>>> a branch per server that forks from that canonical branch to keep
>>>>> the machine specific tweaks
>>>>
>>>> In an ideal world yes, but right now these machines are updated by many
>>>> different tools (unforuntantly including 'vi'), so
>>>> these directories aren't the config to be pushed out to the boxes, it's
>>>> instead an archived 'what is', the result of changes from all the tools.
>
> So you need to save what is there before pulling changes from the
> master. That's no different from doing development work on an active
> code base.

I think I've done a poor job of explaining my problem.

I'm not looking for tips on how to manage the systems themselves, I'm 
looking for suggestions on how to manage this data that I'm already 
gathering on this reporting server.

I have the problem that different departments have their own (different) 
preferred tools for implementing changes. There are 6 different 
departments that need to be involved with a single system to build and 
maintain it. Each department has their 'standard' way of doing things. At 
least two of these departments are using different, central configuration 
(i.e. puppet like) tools.

As a result, I am not looking to pull changes from the central location. 
I'm just trying to gather information and be able to produce reports about 
the systems (Including "This is what all the different configs files on 
this server were like at time X"). I'm not using the distributed features 
of git at this time.

I've got existing tools that do a very similar job to what it sounds like 
sysconfcollect does that gather the non-sensitive info from all my remote 
machines and sends the data to my central server. These tools send an 
update whenever 'significant' changes are made, and in addition do a 
scheduled update to catch less significant changes.

On my central server I have the directory configs-current that then has a 
subdirectory details/systemname for each system that contains all the 
information about htat system (populated by scripts that parse apart the 
data mentioned above)

In other files and directories in configs-current I have lots of more 
global data and reports. This includes things like a report of every 
interface on every machine, the IP address, does it have link, what speed 
is it at, etc.

Right now I have one git tree for configs-current and each time I update a 
details/systemname tree I do

git add -a configs-current/details/$systemname
git commit -m'system update from $servername'

then when I run the summary scripts I do

git add -a configs-current
git commit -m'summary update'

This has been working for a few years

However, trying to go back in history to find a change on one system is a 
pain.

Right now the updates accumulate until I manually trigger a processing 
cycle to update the files. I would like to make it so that the updates to 
each system's details/systemname directory is done automatically as the 
e-mail from that system arrives, and this could result in parallel 
updates. I don't think that git will handle this well in one tree with the 
existing process (different processes doing git add and git commits in 
parallel will end up mixing their data)

As one big tree, this has lots of commits (a couple hundred each update), 
and this is making it slow to try and track changes to a particular file 
in a particular system.

I'm thinking that splitting the history tracking per-server should make 
everything faster.

I'm wondering if I should do a subproject for each details/systemname 
directory, or if there is something else I can do to make this tracking of 
the data better.

Doing a single repository with lots of branches doesn't seem like it would 
work as I need to get at the data from all the branches at the same time. 
I guess I could do something with branches on one repository, with a 
different worktree for each system, but that seems a bit fragile (one 
command with the wrong environment variables and it coudl really tangle 
things up)

David Lang