How to use RPM for config file mainenance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I would like to use RPM to manage my configuration files. The problem is, of course, that these configuration files already belong to other packages. For a lot of packages, the problem is solved using the conf.d approach, but not all software takes that route. Take, for example, ntp.conf. It belongs to the ntp package, but I want to change it using the RPM deployment mechanism.

I know there are great solutions like cfengine, chef and puppet for this, but I prefer not to use them. There are a number of reasons for this:

1. I want rpm -V to work on these config files so I can use rpm as a IDS
2. I want to be able to sign the packages so I know the config files are genuine.
2. Our prod systems are locked down in a way that is not very puppet friendly: The whole system is mounted read-only, with the obvious exception of /var, /tmp, etc, these are mounted noexec, among others. When we do maintenance, we shutdown network connectivity, with the exception of the RPM system, remount the system writeable and do the rpm update. Then, we lock the system down again and do a new rpm -V.

I have seen various "solutions" to this config-file-is-owned-by-two-packages problem, but I don't like them, so far. The most popular seem to be to install your own config files in a separate location and copy them to the correct location in the %post. This is no good.

So, is there an elegant and RPM native solution to this problem where I can be sure my config files come from verified and signed packages?

Fred
_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
http://lists.rpm.org/mailman/listinfo/rpm-list


[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux