Hi there,
the scenario is a production server where there is no tollerance for errors, where every etc-update session is pure fear.
Merging config files sometimes becomes tricky with the endless question "keep the old version ? better grab the new version and apply the personalizations or keep the old in the risk of a new-born option default value would do something nasty?"
My answer is: why not to use a cvs?
I know subversion wich works flawlessy for my work but I'm no guru and I'm wondering if there may be relevant security issues in this approach. well... first of all I don't know how to save permissions and ownerships of files stored.
So, before trying, I'm wondering (and asking) if there are serious drawbacks into doing this.
Versioning /etc with subversion is safe?
Message
I personally use git, i have this git alias
my /etc/.git/info/exclude
hope that helps.
Code: Select all
etc-update = !cd /etc && etc-update && git add -A && git ci my /etc/.git/info/exclude
Code: Select all
! /X11/xorg.conf
! php.ini
*-
*.[oa]
*.default
*.env
*.example
*.lock
*0
*compiz*
*csh*
*~
._*
/X11
/acpi
/adjtime
/bash_completion.d
/config-archive
/cups/ppd
/eselect
/fonts
/gconf
/gre.d
/group
/gshadow
/gtk-2.0
/hotplug
/ld.*
/login.*
/make.*
/mono
/mtab
/ndiswrapper
/opt
/pango
/php
/protocols
/qt4
/reader.conf.d
/revdep-rebuild
/rmt
/runlevels
/skel
/splash
/ssl
/t1lib
/terminfo
/xdg
/xinet.d
ca-certificates.conf
modprobe.conf
modprobe.d
modules.conf
timezone
I believe subversion is older than GIT. I've been considering moving /etc into subversion, but the details of the process and job, along with my lacking understanding of subversion have held me back. At home I have 2 servers and 3 clients. I think I'd like a tree structure using branches, with one root, split into servers and clients, the each of those split into per-system. But I've never really worked like that with subversion - at work I use tags to mark release points, and those tags don't seem to "inherit" changes from the trunk. My impression is that branches are like tags, with the similar inheritance issue, and at that point it alls seems to start looking like enough extra work with enough pitfalls that I never get around to it.
I've learned enough about subversion to make it do what I need to do at work. I could probably stand to learn quite a bit more.
I've learned enough about subversion to make it do what I need to do at work. I could probably stand to learn quite a bit more.
.sigs waste space and bandwidth
I did'nt know that subversion is older than git. I've always believed that git was a milestone, the vcs choice of kenerl developers from the stone era.
Maybe i did'nt understood your use of subversion but seems to me that there is something odd.
Every time you publish a release (let say for example svn cp repos/project/trunk repos/project/tags/myreleas) you do nothing else but a mere copy of all files.
If you want to start a new branches to try to insert a new feature you will do something like
svn cp repos/project/trunk repos/project/branches/test
At this point who works on the trunk is unaware of the changes made in test and vice-versa. Lets assume that 10 is the number of the revision at the creation of the branch test and that at the revision number 30 the developing of the branch is done and so it's time to merge it into the trunk. At this point it's you who decide to merge, svn takes no action on it's own.
You coul merge test in trunk using something like:
svn merge repos/project/branches/test -r10:30
*typed on a working copy of the trunk*
Doing so svn will try to automatically merge and you'll end up with your working copy modified to accomodate any update applied on test between revisions 10 and 30. If you are lucky svn did all the work quetly, otherwise you have to manually resolve some conflict.
Uhm, I hope this whole soup is at least readable in my ridiculous english... and I hope it had be of any help too!
Maybe i did'nt understood your use of subversion but seems to me that there is something odd.
I use subversion for software developing. As far as I know there are'nt (in subversion) any built-in concept like 'tags', 'branch' or trunk. For svn a dirctory is simply a directory and branches, tags or trunk makes no difference. These names are a mere naming-convention among developers.at work I use tags to mark release points, and those tags don't seem to "inherit" changes from the trunk
Every time you publish a release (let say for example svn cp repos/project/trunk repos/project/tags/myreleas) you do nothing else but a mere copy of all files.
If you want to start a new branches to try to insert a new feature you will do something like
svn cp repos/project/trunk repos/project/branches/test
At this point who works on the trunk is unaware of the changes made in test and vice-versa. Lets assume that 10 is the number of the revision at the creation of the branch test and that at the revision number 30 the developing of the branch is done and so it's time to merge it into the trunk. At this point it's you who decide to merge, svn takes no action on it's own.
You coul merge test in trunk using something like:
svn merge repos/project/branches/test -r10:30
*typed on a working copy of the trunk*
Doing so svn will try to automatically merge and you'll end up with your working copy modified to accomodate any update applied on test between revisions 10 and 30. If you are lucky svn did all the work quetly, otherwise you have to manually resolve some conflict.
Uhm, I hope this whole soup is at least readable in my ridiculous english... and I hope it had be of any help too!
Git isn't that stone-aged. Some years ago there was a proprietary versioning system called bitkeeper. The owner of bitkeeper struck some sort of deal with the kernel developers, allowing the Linux kernel to use it for free, yet remaining proprietary. The kernel developers rather got to like it, especially compared to what they had before. (Don't remember what that was, if it was anything at all other than patches in Linus' inbox.) Then someone started reverse-engineering some sort of client access, and the bitkeeper people got annoyed. Linus developed git in a feverish Gordon Letwin HPFS weekend, and it's all history.Azangod wrote:I did'nt know that subversion is older than git. I've always believed that git was a milestone, the vcs choice of kenerl developers from the stone era.
My version is probably somewhat incorrect, but wikipedia can be friendly, too: http://en.wikipedia.org/wiki/BitKeeper
As for subversion, what you say sounds like the impression I have, just better phrased. I've never used "svn merge", and could clearly stand to learn more.
.sigs waste space and bandwidth
Nice story founded on wiki... another piece of code "once granted for free" that after some time becomes commercial-only.
At least I could say I've learned something new today.
It seems I've to take a good look at GIT for my admin issues.. one time or another... if I'm can find the time
About subversion I suggest this guide: http://svnbook.red-bean.com/
The merge process is quite simple when you have understood the logic that lies beneath. I've tryed svn two years ago and since then I've never thought of moving nor trying something else: it simply has everithing needed. At least for what I need it for.
Mybe one of the colest features is its capability of managing folders that permits to have many project as needed in a single repository! No need to manage a repos-per-project.
At least I could say I've learned something new today.
It seems I've to take a good look at GIT for my admin issues.. one time or another... if I'm can find the time
About subversion I suggest this guide: http://svnbook.red-bean.com/
The merge process is quite simple when you have understood the logic that lies beneath. I've tryed svn two years ago and since then I've never thought of moving nor trying something else: it simply has everithing needed. At least for what I need it for.
Mybe one of the colest features is its capability of managing folders that permits to have many project as needed in a single repository! No need to manage a repos-per-project.
What do you mean with history?V-Li wrote:A distributed VCS like Bazaar, Git, Mercurial or Darcs should be the better choice as you can transfer the whole history easily by just copying the directory.
With svn I can see the whole story of every file (or directory) since creation no matter what happens: moving, copying into other branches or projects.
Maybe you are speaking about interaction between different repos? I've never tryed that. I live very well having a single phisical repository with all my projects in.
I could say I'm satisfied. I can manage easilly documentation and binary (such images and videos) too.
By the way I've never tryed any other VCS. Surely I'll try GIT (because it seems the most commonn choice among sysadmins) for the only purpose of maintaining /etc directory of my servers. One day... for now I've more urgent matter to take care of
Whoa, it's surely handy but over time, it does'nt become too huge? I mean... if every directory brings along the whole history, after fifthy revision (on a photoshop source for example) it may become really really huge and space wastingV-Li wrote:Inside of /etc you have a .git or .bzr or .whatever directory which contains the whole (!) repository. So copying the /etc directory over to another machine preserves all the history without creating a Subversion repository there, importing and so on.
Revision systems usually don't store whole files, they store diffs in one form or another. The size growth is much slower, assuming changes are really changes, not wholesale replacements. I'd expect the biggest such volumes to be certificates in /etc/ssl and I believe X tucks some binaries into /etc/X11.Azangod wrote:Whoa, it's surely handy but over time, it does'nt become too huge? I mean... if every directory brings along the whole history, after fifthy revision (on a photoshop source for example) it may become really really huge and space wastingV-Li wrote:Inside of /etc you have a .git or .bzr or .whatever directory which contains the whole (!) repository. So copying the /etc directory over to another machine preserves all the history without creating a Subversion repository there, importing and so on.
.sigs waste space and bandwidth
Yes I know. My concernings where about binary files managment. Images are considered binary. Not too much sense in storing diff-files. So I was wondering what will become in a directory if there are stored 100 revision of a 100mb photoshop file... it's a lot of space. Thaking along the whole repository in such a case is suicide. I'm sure that developers of these systems have found a moure suitable solution.depontius wrote:Revision systems usually don't store whole files, they store diffs in one form or another. The size growth is much slower, assuming changes are really changes, not wholesale replacements. I'd expect the biggest such volumes to be certificates in /etc/ssl and I believe X tucks some binaries into /etc/X11.
Btw i'm happy about svn. Got to try GIT to store my etc files and nothing more. One day I'll try.
- Massimo B.
- Veteran
- Posts: 1940
- Joined: Wed Feb 09, 2005 3:05 pm
- Location: PB, Germany
I'd be inclined to use Mercurial, (or even Bazaar, which I haven't tried) rather than Subversion.
You're dealing with text files, which a DVCS is at home with, and they all handle merges better
than Subversion. Check the docs on http://mercurial.selenic.com before making a decision;
they give a good overview of VCS and DVCS advantages and disadvantages.
On the whole, avoid Git - it's a good idea for the kernel, but it has a major learning curve.
It took me five minutes to learn enough to start using Mercurial, with I suppose half a
dozen essential commands, and it really is a very powerful and convenient piece of
software.
Will
You're dealing with text files, which a DVCS is at home with, and they all handle merges better
than Subversion. Check the docs on http://mercurial.selenic.com before making a decision;
they give a good overview of VCS and DVCS advantages and disadvantages.
On the whole, avoid Git - it's a good idea for the kernel, but it has a major learning curve.
It took me five minutes to learn enough to start using Mercurial, with I suppose half a
dozen essential commands, and it really is a very powerful and convenient piece of
software.
Will
Not trying to start another mercurial vs git flame war but it took me 5 minutes to learn enough to start using git too.On the whole, avoid Git - it's a good idea for the kernel, but it has a major learning curve.
It took me five minutes to learn enough to start using Mercurial, with I suppose half a
dozen essential commands, and it really is a very powerful and convenient piece of
software.
- Massimo B.
- Veteran
- Posts: 1940
- Joined: Wed Feb 09, 2005 3:05 pm
- Location: PB, Germany
Continuing the discussion about mercurial here...
I had long time discussions with mercurial people at #mercurial channel. Summarily what they said is, Mercurial is not SVN and Mercurial is not the right tool.
This is mainly because of the requirements and methods I tried to explain:
I have different Linux machines each having more or less different configuration. Mainly I need to track /etc, but because sometimes I also add usr/share/kde/....kdmrc or even var/lib/portage/world I made / being a mercurial repo (beware of [bug=284673]Bug 284673[/bug]!). Each machine gets its own feature branch. I never merge feature branches. I think about having a seperate feature branch being a template branch with default configurations.
Now what is not the way of thinking in mercurial is what I often need: I would need to branch files directly. Say I have adapted etc/conf.d/local.start on hostA and next time on hostB I would need to merge parts of that file.
Mercurial people say, a revision is for the complete set of files. You can merge branches and revisions of branches, but never single files. Ok there are a lot of Mercurial Extensions, some of them could do the job:
Does anybody has any suggestion about that?
Anyway, I'm already using Mercurial on this purpose for a while now. I need to merge a file? No problem, I do
I install a fresh system and need a template to start with, I just do
Btw. it actually makes no sense to switch to a different branch and update.
One disadvantage of this approach is that hg cat does not really merge. So as I know from other SCM like Perforce (not sure about SVN?) there is no coherent history of a file that is merged from an ancestor. So this approach does not use Mercurial the way it is made for, it just uses Mercurial as a datastore.
Pushing and pulling is done with a central server, using Bitbucket like mentioned in the other thread. Just make sure you are not pushing your wireless keys or stuff.
There is the side effekt, for some people a disadvantage, that all hosts know the complete repository and data of all other hosts. For me this is fine. If the host is offline (some of them are mobile PCs) I still have access to all other hosts configurations. If I'm online again, I can push or pull from the central repository. With this model I would never push or pull between hosts directly.
I had long time discussions with mercurial people at #mercurial channel. Summarily what they said is, Mercurial is not SVN and Mercurial is not the right tool.
This is mainly because of the requirements and methods I tried to explain:
I have different Linux machines each having more or less different configuration. Mainly I need to track /etc, but because sometimes I also add usr/share/kde/....kdmrc or even var/lib/portage/world I made / being a mercurial repo (beware of [bug=284673]Bug 284673[/bug]!). Each machine gets its own feature branch. I never merge feature branches. I think about having a seperate feature branch being a template branch with default configurations.
Now what is not the way of thinking in mercurial is what I often need: I would need to branch files directly. Say I have adapted etc/conf.d/local.start on hostA and next time on hostB I would need to merge parts of that file.
Mercurial people say, a revision is for the complete set of files. You can merge branches and revisions of branches, but never single files. Ok there are a lot of Mercurial Extensions, some of them could do the job:
- Convert extension and using a filemap
- Transplant extension
Does anybody has any suggestion about that?
Anyway, I'm already using Mercurial on this purpose for a while now. I need to merge a file? No problem, I do
Code: Select all
vimdiff etc/make.conf <(hg cat -r hostB etc/make.conf)Code: Select all
hg cat -r templates etc/make.conf > etc/make.confOne disadvantage of this approach is that hg cat does not really merge. So as I know from other SCM like Perforce (not sure about SVN?) there is no coherent history of a file that is merged from an ancestor. So this approach does not use Mercurial the way it is made for, it just uses Mercurial as a datastore.
Pushing and pulling is done with a central server, using Bitbucket like mentioned in the other thread. Just make sure you are not pushing your wireless keys or stuff.
There is the side effekt, for some people a disadvantage, that all hosts know the complete repository and data of all other hosts. For me this is fine. If the host is offline (some of them are mobile PCs) I still have access to all other hosts configurations. If I'm online again, I can push or pull from the central repository. With this model I would never push or pull between hosts directly.
Last edited by Massimo B. on Fri Apr 08, 2011 1:17 pm, edited 1 time in total.
HP ZBook Power G9 i7-12700H,64GB DDR5|HP ProDesk 600 G5 i7-9700,128GB DDR4
- Massimo B.
- Veteran
- Posts: 1940
- Joined: Wed Feb 09, 2005 3:05 pm
- Location: PB, Germany
Mercurial neither. Please for further discussion talk about if any other SCM does better fit to the requirements than Mercurial does, like merging a single file with history.Ant P. wrote:I've found git repositories ........doesn't pollute the entire FS tree with hidden files like SVN does.
All the other comparisons of hg vs. svn (and git, svk, p4, cvs etc.) are written in lots of other developer places...
HP ZBook Power G9 i7-12700H,64GB DDR5|HP ProDesk 600 G5 i7-9700,128GB DDR4
This is git's paradigm of a revision, too:Mercurial people say, a revision is for the complete set of files.
http://en.wikipedia.org/wiki/Git_%28software%29
(A numbered or named revision is not a revision of a file, but rather
a revision of the repository context that includes that file.)
TIA