Version control of a web server config files

Question

Between me and a Network Architect we manage a bunch of Web Servers (FreeBSD). He's responsible for all server/network related stuff (IPs, Firewalls, users/groups, etc.) and I'm responsible for all web-related stuff (Apache, PHP, MySQL). Sometimes the responsibilities overlap.

It happend few times that some changes were made to the config files which more or less affected the server and we were not able to figure out which of us made the changes and why.

I - being a Web Developer - think it'd be a good practice to put the files under version control (we currently use Subversion), so that whenever we change anything we have to commit an comment the changes. It'll solve all the problems with wondering who did what and why.

The particular config files I was thinking of were:

• firewall config
• apache config (with extras)
• php config (php.ini)
• MySQL config (my.conf)

I already know, that the idea version control of server config files is sound based on other question asked here. My only worry is how to do it properly on the Web Server side since the files are in different locations. Putting the whole /usr/local/etc under version control seems pointless as it contains not just the config files.

I was wondering whether not to create a new folder, say /config which would be under version control and would contain all the config files we need and then replace the original ones with symlinks to ones in the /config folder. E.g.:

/usr/local/etc/apache22/httpd.conf -> /config/apache22/httpd.conf

So the question is: Is this a good idea and if not, what is a better solution?

Answer 1

If you use GIT then puitting the whole /usr/local/etc under version control is not pointless at all.

• you can only track a handfull of files if you so chose
• the working directory with all config files tracked is hardly bigger in size

Just install git, then go to /usr/local/etc and write git init. This will create the .git folder in your current location (basically making this folder a repository).

Then add the config files you want to track: git add firewall/firewall_config.conf apache2/httpd.conf etc and commit: git commit -m "Initial Configuration"

Your config files are now being tracked.

Answer 2

Since you are versioning sensitive configuration files, I would recommend setting up an internal git server like gitlab. Create a git repository for each server, or server template/image/etc. Go to the / directory and 'git init'.

You can be selective about what you put under version control by only using 'git add /path/to/file for the files that you will be customizing.

Then, 'git -m 'commit comment' and 'git push -u origin master'.

Answer 3

Have you looked at any of the management tools made to do just this sort of thing? I recommend Puppet or Chef, having used them in previous jobs to do this sort of thing.