| View previous topic :: View next topic |
| Author |
Message |
Azangod
Tux's lil' helper
Joined: 18 May 2005
Posts: 107
Location: Italy
|
 Posted: Wed Jul 29, 2009 10:56 am Post subject: Versioning /etc with subversion is safe? |
 |
|
Hi there,
the scenario is a production server where there is no tollerance for errors, where every etc-update session is pure fear.
Merging config files sometimes becomes tricky with the endless question "keep the old version ? better grab the new version and apply the personalizations or keep the old in the risk of a new-born option default value would do something nasty?"
My answer is: why not to use a cvs?
I know subversion wich works flawlessy for my work but I'm no guru and I'm wondering if there may be relevant security issues in this approach. well... first of all I don't know how to save permissions and ownerships of files stored.
So, before trying, I'm wondering (and asking) if there are serious drawbacks into doing this. |
|
| Back to top |
|
 |
OneOfOne
Guru
Joined: 28 May 2003
Posts: 368
|
| Posted: Wed Jul 29, 2009 12:12 pm Post subject: |
|
|
I personally use git, i have this git alias | Code: | | etc-update = !cd /etc && etc-update && git add -A && git ci |
my /etc/.git/info/exclude
| Code: |
! /X11/xorg.conf
! php.ini
*-
*.[oa]
*.default
*.env
*.example
*.lock
*0
*compiz*
*csh*
*~
._*
/X11
/acpi
/adjtime
/bash_completion.d
/config-archive
/cups/ppd
/eselect
/fonts
/gconf
/gre.d
/group
/gshadow
/gtk-2.0
/hotplug
/ld.*
/login.*
/make.*
/mono
/mtab
/ndiswrapper
/opt
/pango
/php
/protocols
/qt4
/reader.conf.d
/revdep-rebuild
/rmt
/runlevels
/skel
/splash
/ssl
/t1lib
/terminfo
/xdg
/xinet.d
ca-certificates.conf
modprobe.conf
modprobe.d
modules.conf
timezone
|
hope that helps. |
|
| Back to top |
|
|
Azangod
Tux's lil' helper
Joined: 18 May 2005
Posts: 107
Location: Italy
|
| Posted: Wed Jul 29, 2009 12:35 pm Post subject: |
|
|
Thanks, I've heard of many admins using git, but nothing about subversion.
I'm wondering why.
It's because GIT is old & well know or there are some other issues about subversion. Or simply subversion does'nt fit for this particular task? |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3526
|
| Posted: Wed Jul 29, 2009 1:13 pm Post subject: |
|
|
I believe subversion is older than GIT. I've been considering moving /etc into subversion, but the details of the process and job, along with my lacking understanding of subversion have held me back. At home I have 2 servers and 3 clients. I think I'd like a tree structure using branches, with one root, split into servers and clients, the each of those split into per-system. But I've never really worked like that with subversion - at work I use tags to mark release points, and those tags don't seem to "inherit" changes from the trunk. My impression is that branches are like tags, with the similar inheritance issue, and at that point it alls seems to start looking like enough extra work with enough pitfalls that I never get around to it.
I've learned enough about subversion to make it do what I need to do at work. I could probably stand to learn quite a bit more.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
Azangod
Tux's lil' helper
Joined: 18 May 2005
Posts: 107
Location: Italy
|
| Posted: Wed Jul 29, 2009 2:20 pm Post subject: |
|
|
I did'nt know that subversion is older than git. I've always believed that git was a milestone, the vcs choice of kenerl developers from the stone era.
Maybe i did'nt understood your use of subversion but seems to me that there is something odd. | Quote: | | at work I use tags to mark release points, and those tags don't seem to "inherit" changes from the trunk |
I use subversion for software developing. As far as I know there are'nt (in subversion) any built-in concept like 'tags', 'branch' or trunk. For svn a dirctory is simply a directory and branches, tags or trunk makes no difference. These names are a mere naming-convention among developers.
Every time you publish a release (let say for example svn cp repos/project/trunk repos/project/tags/myreleas) you do nothing else but a mere copy of all files.
If you want to start a new branches to try to insert a new feature you will do something like
svn cp repos/project/trunk repos/project/branches/test
At this point who works on the trunk is unaware of the changes made in test and vice-versa. Lets assume that 10 is the number of the revision at the creation of the branch test and that at the revision number 30 the developing of the branch is done and so it's time to merge it into the trunk. At this point it's you who decide to merge, svn takes no action on it's own.
You coul merge test in trunk using something like:
svn merge repos/project/branches/test -r10:30
*typed on a working copy of the trunk*
Doing so svn will try to automatically merge and you'll end up with your working copy modified to accomodate any update applied on test between revisions 10 and 30. If you are lucky svn did all the work quetly, otherwise you have to manually resolve some conflict.
Uhm, I hope this whole soup is at least readable in my ridiculous english... and I hope it had be of any help too! |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3526
|
| Posted: Wed Jul 29, 2009 3:35 pm Post subject: |
|
|
| Azangod wrote: | | I did'nt know that subversion is older than git. I've always believed that git was a milestone, the vcs choice of kenerl developers from the stone era. |
Git isn't that stone-aged. Some years ago there was a proprietary versioning system called bitkeeper. The owner of bitkeeper struck some sort of deal with the kernel developers, allowing the Linux kernel to use it for free, yet remaining proprietary. The kernel developers rather got to like it, especially compared to what they had before. (Don't remember what that was, if it was anything at all other than patches in Linus' inbox.) Then someone started reverse-engineering some sort of client access, and the bitkeeper people got annoyed. Linus developed git in a feverish Gordon Letwin HPFS weekend, and it's all history.
My version is probably somewhat incorrect, but wikipedia can be friendly, too: http://en.wikipedia.org/wiki/BitKeeper
As for subversion, what you say sounds like the impression I have, just better phrased. I've never used "svn merge", and could clearly stand to learn more.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
Azangod
Tux's lil' helper
Joined: 18 May 2005
Posts: 107
Location: Italy
|
| Posted: Wed Jul 29, 2009 8:36 pm Post subject: |
|
|
Nice story founded on wiki... another piece of code "once granted for free" that after some time becomes commercial-only.
At least I could say I've learned something new today.
It seems I've to take a good look at GIT for my admin issues.. one time or another... if I'm can find the time
About subversion I suggest this guide: http://svnbook.red-bean.com/
The merge process is quite simple when you have understood the logic that lies beneath. I've tryed svn two years ago and since then I've never thought of moving nor trying something else: it simply has everithing needed. At least for what I need it for.
Mybe one of the colest features is its capability of managing folders that permits to have many project as needed in a single repository! No need to manage a repos-per-project. |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3526
|
| Posted: Thu Jul 30, 2009 1:30 pm Post subject: |
|
|
I use the redbook regularly - for what I need to do at work. Home admin is on a time-available basis, and I just don't have that much to spare.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
Azangod
Tux's lil' helper
Joined: 18 May 2005
Posts: 107
Location: Italy
|
| Posted: Fri Jul 31, 2009 6:27 am Post subject: |
|
|
I know! Days of 48 hours wont help much in the long run... but sometimes I really would like to have more time  |
|
| Back to top |
|
|
V-Li
Retired Dev
Joined: 03 Jan 2006
Posts: 613
|
| Posted: Fri Jul 31, 2009 9:12 am Post subject: |
|
|
| A distributed VCS like Bazaar, Git, Mercurial or Darcs should be the better choice as you can transfer the whole history easily by just copying the directory. |
|
| Back to top |
|
|
Azangod
Tux's lil' helper
Joined: 18 May 2005
Posts: 107
Location: Italy
|
| Posted: Fri Jul 31, 2009 9:29 am Post subject: |
|
|
| V-Li wrote: | | A distributed VCS like Bazaar, Git, Mercurial or Darcs should be the better choice as you can transfer the whole history easily by just copying the directory. |
What do you mean with history?
With svn I can see the whole story of every file (or directory) since creation no matter what happens: moving, copying into other branches or projects.
Maybe you are speaking about interaction between different repos? I've never tryed that. I live very well having a single phisical repository with all my projects in.
I could say I'm satisfied. I can manage easilly documentation and binary (such images and videos) too.
By the way I've never tryed any other VCS. Surely I'll try GIT (because it seems the most commonn choice among sysadmins) for the only purpose of maintaining /etc directory of my servers. One day... for now I've more urgent matter to take care of |
|
| Back to top |
|
|
V-Li
Retired Dev
Joined: 03 Jan 2006
Posts: 613
|
| Posted: Tue Aug 04, 2009 7:28 pm Post subject: |
|
|
| Inside of /etc you have a .git or .bzr or .whatever directory which contains the whole (!) repository. So copying the /etc directory over to another machine preserves all the history without creating a Subversion repository there, importing and so on. |
|
| Back to top |
|
|
Azangod
Tux's lil' helper
Joined: 18 May 2005
Posts: 107
Location: Italy
|
| Posted: Wed Aug 05, 2009 9:27 am Post subject: |
|
|
| V-Li wrote: | | Inside of /etc you have a .git or .bzr or .whatever directory which contains the whole (!) repository. So copying the /etc directory over to another machine preserves all the history without creating a Subversion repository there, importing and so on. |
Whoa, it's surely handy but over time, it does'nt become too huge? I mean... if every directory brings along the whole history, after fifthy revision (on a photoshop source for example) it may become really really huge and space wasting |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3526
|
| Posted: Wed Aug 05, 2009 12:31 pm Post subject: |
|
|
| Azangod wrote: | | V-Li wrote: | | Inside of /etc you have a .git or .bzr or .whatever directory which contains the whole (!) repository. So copying the /etc directory over to another machine preserves all the history without creating a Subversion repository there, importing and so on. |
Whoa, it's surely handy but over time, it does'nt become too huge? I mean... if every directory brings along the whole history, after fifthy revision (on a photoshop source for example) it may become really really huge and space wasting |
Revision systems usually don't store whole files, they store diffs in one form or another. The size growth is much slower, assuming changes are really changes, not wholesale replacements. I'd expect the biggest such volumes to be certificates in /etc/ssl and I believe X tucks some binaries into /etc/X11.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
Azangod
Tux's lil' helper
Joined: 18 May 2005
Posts: 107
Location: Italy
|
| Posted: Fri Aug 07, 2009 1:48 pm Post subject: |
|
|
| depontius wrote: | | Revision systems usually don't store whole files, they store diffs in one form or another. The size growth is much slower, assuming changes are really changes, not wholesale replacements. I'd expect the biggest such volumes to be certificates in /etc/ssl and I believe X tucks some binaries into /etc/X11. |
Yes I know. My concernings where about binary files managment. Images are considered binary. Not too much sense in storing diff-files. So I was wondering what will become in a directory if there are stored 100 revision of a 100mb photoshop file... it's a lot of space. Thaking along the whole repository in such a case is suicide. I'm sure that developers of these systems have found a moure suitable solution.
Btw i'm happy about svn. Got to try GIT to store my etc files and nothing more. One day I'll try. |
|
| Back to top |
|
|
V-Li
Retired Dev
Joined: 03 Jan 2006
Posts: 613
|
| Posted: Fri Aug 07, 2009 4:37 pm Post subject: |
|
|
| Git packs quite well, although binary files press a big problem here, but that is usually not the target for such a version control system. |
|
| Back to top |
|
|
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1850
Location: PB, Germany
|
| Posted: Thu Apr 07, 2011 11:48 am Post subject: |
|
|
Just to point out my idea using mercurial for /etc: Planning Mercurial for /etc ...
_________________
HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770 |
|
| Back to top |
|
|
cwr
Veteran
Joined: 17 Dec 2005
Posts: 1969
|
| Posted: Fri Apr 08, 2011 7:43 am Post subject: |
|
|
I'd be inclined to use Mercurial, (or even Bazaar, which I haven't tried) rather than Subversion.
You're dealing with text files, which a DVCS is at home with, and they all handle merges better
than Subversion. Check the docs on http://mercurial.selenic.com before making a decision;
they give a good overview of VCS and DVCS advantages and disadvantages.
On the whole, avoid Git - it's a good idea for the kernel, but it has a major learning curve.
It took me five minutes to learn enough to start using Mercurial, with I suppose half a
dozen essential commands, and it really is a very powerful and convenient piece of
software.
Will |
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
| Posted: Fri Apr 08, 2011 12:43 pm Post subject: |
|
|
| I've found git repositories with a working directory checkout to be smaller than the corresponding SVN checkout alone, even with huge (1.5GB) directory trees of binaries and 5 years of history. Also it doesn't pollute the entire FS tree with hidden files like SVN does. |
|
| Back to top |
|
|
rh1
Guru
Joined: 10 Apr 2010
Posts: 501
|
| Posted: Fri Apr 08, 2011 1:07 pm Post subject: |
|
|
| Quote: | On the whole, avoid Git - it's a good idea for the kernel, but it has a major learning curve.
It took me five minutes to learn enough to start using Mercurial, with I suppose half a
dozen essential commands, and it really is a very powerful and convenient piece of
software.
|
Not trying to start another mercurial vs git flame war but it took me 5 minutes to learn enough to start using git too. |
|
| Back to top |
|
|
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1850
Location: PB, Germany
|
| Posted: Fri Apr 08, 2011 1:08 pm Post subject: |
|
|
Continuing the discussion about mercurial here...
I had long time discussions with mercurial people at #mercurial channel. Summarily what they said is, Mercurial is not SVN and Mercurial is not the right tool.
This is mainly because of the requirements and methods I tried to explain:
I have different Linux machines each having more or less different configuration. Mainly I need to track /etc, but because sometimes I also add usr/share/kde/....kdmrc or even var/lib/portage/world I made / being a mercurial repo (beware of Bug 284673!). Each machine gets its own feature branch. I never merge feature branches. I think about having a seperate feature branch being a template branch with default configurations.
Now what is not the way of thinking in mercurial is what I often need: I would need to branch files directly. Say I have adapted etc/conf.d/local.start on hostA and next time on hostB I would need to merge parts of that file.
Mercurial people say, a revision is for the complete set of files. You can merge branches and revisions of branches, but never single files. Ok there are a lot of Mercurial Extensions, some of them could do the job:
The Mercurial way of merging actually is: Go back to the revision the bug appears, fix it (making a unnamed or even named branch), comit and merge. For our case that would mean: If there is a version of a file that might be distributed among other branches this must be a pre-branch revision and you can branch from that. This model absolutely breaks with what I planned.
Does anybody has any suggestion about that?
Anyway, I'm already using Mercurial on this purpose for a while now. I need to merge a file? No problem, I do
| Code: | | vimdiff etc/make.conf <(hg cat -r hostB etc/make.conf) |
I install a fresh system and need a template to start with, I just do
| Code: | | hg cat -r templates etc/make.conf > etc/make.conf |
Btw. it actually makes no sense to switch to a different branch and update.
One disadvantage of this approach is that hg cat does not really merge. So as I know from other SCM like Perforce (not sure about SVN?) there is no coherent history of a file that is merged from an ancestor. So this approach does not use Mercurial the way it is made for, it just uses Mercurial as a datastore.
Pushing and pulling is done with a central server, using Bitbucket like mentioned in the other thread. Just make sure you are not pushing your wireless keys or stuff.
There is the side effekt, for some people a disadvantage, that all hosts know the complete repository and data of all other hosts. For me this is fine. If the host is offline (some of them are mobile PCs) I still have access to all other hosts configurations. If I'm online again, I can push or pull from the central repository. With this model I would never push or pull between hosts directly.
_________________
HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Last edited by Massimo B. on Fri Apr 08, 2011 1:17 pm; edited 1 time in total |
|
| Back to top |
|
|
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1850
Location: PB, Germany
|
| Posted: Fri Apr 08, 2011 1:13 pm Post subject: |
|
|
| Ant P. wrote: | | I've found git repositories ........doesn't pollute the entire FS tree with hidden files like SVN does. |
Mercurial neither. Please for further discussion talk about if any other SCM does better fit to the requirements than Mercurial does, like merging a single file with history.
All the other comparisons of hg vs. svn (and git, svk, p4, cvs etc.) are written in lots of other developer places...
_________________
HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770 |
|
| Back to top |
|
|
wcg
Guru
Joined: 06 Jan 2009
Posts: 588
|
| Posted: Fri Apr 08, 2011 5:17 pm Post subject: |
|
|
| Quote: | | Mercurial people say, a revision is for the complete set of files. |
This is git's paradigm of a revision, too:
http://en.wikipedia.org/wiki/Git_%28software%29
(A numbered or named revision is not a revision of a file, but rather
a revision of the repository context that includes that file.)
_________________
TIA |
|
| Back to top |
|
|
|
Networking & Security
