Re: How to use RPM for config file mainenance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 28, 2012 at 9:44 AM, Fred van Zwieten <fvzwieten@xxxxxxxxx> wrote:
Hi,

I would like to use RPM to manage my configuration files. The problem is, of course, that these configuration files already belong to other packages. For a lot of packages, the problem is solved using the conf.d approach, but not all software takes that route. Take, for example, ntp.conf. It belongs to the ntp package, but I want to change it using the RPM deployment mechanism.

I know there are great solutions like cfengine, chef and puppet for this, but I prefer not to use them. There are a number of reasons for this:

1. I want rpm -V to work on these config files so I can use rpm as a IDS
2. I want to be able to sign the packages so I know the config files are genuine.
2. Our prod systems are locked down in a way that is not very puppet friendly: The whole system is mounted read-only, with the obvious exception of /var, /tmp, etc, these are mounted noexec, among others. When we do maintenance, we shutdown network connectivity, with the exception of the RPM system, remount the system writeable and do the rpm update. Then, we lock the system down again and do a new rpm -V.

I have seen various "solutions" to this config-file-is-owned-by-two-packages problem, but I don't like them, so far. The most popular seem to be to install your own config files in a separate location and copy them to the correct location in the %post. This is no good.

So, is there an elegant and RPM native solution to this problem where I can be sure my config files come from verified and signed packages?
Is not native (dunno if elegant), but https://github.com/yersinia/rpm-gen-rpm-configuration (I'm the author) follows the spirit of rpm for generate a spec file that include in a sane way configuration data. (no conflict, dependency resolution, post verification..)

I used it for a few years, I still use it to generate some simple configuration rpm. Maybe it does not handle well the character % if present in the configuration file but it is simple fix.

Hope useful

Hth



 

Fred
_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
http://lists.rpm.org/mailman/listinfo/rpm-list

_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
http://lists.rpm.org/mailman/listinfo/rpm-list

[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux