I have a few servers, and there’s some common configs between them. For example, my SSH authorized_keys, core Nginx config, PHP config, Tinc host configs, etc. There’s a few options I’ve thought of to keep these in sync:
- Manual copy and paste
- Git repository
- Script to rsync the configs from one particular server to all the other servers (one way syncing)
- Syncing system like Dropbox/Seafile (edit on any system, sync to all of them)
I was wondering what people on this forum do!
At work we use Chef for everything (both dev servers and and production servers) but there’s a devops team that deal with that, so I don’t have any experience with it. Seems to work well, but I’ve never had to edit its configs.
Since configs are security sensitive I like to keep them on the specific machine even if it’s more work in the end.
I mean for configs that aren’t sensitive, like PHP config. SSH public keys aren’t sensitive either; you can share public keys
As a side note… It’s good to see you on this forum, @eol
One example from recently was that I wanted to enable TLS 1.3 in the Nginx config on every server. I manually SSH’d to every server and edited the Nginx config. Would have been easier if I had some way of pushing the change out across all servers.
ssh, scp, rsync, crond, sed, cp, mv, …
Ansible works well for this, the playbooks are fairly trivial to write to sync files or edit the same files on multiple systems.
It looks like I have to learn how Ansible works. I manage multiple servers with the same config too.
Did anyone say Ansible yet?
'cause I’d say Ansible
Albeit there’s some impermanent config files & some dreadfully untidy stuff I tend to backup to a borg repo and rsync whenever I have to deploy a new server
$ cat /root/list
$ cat /usr/bin/run
for i in $(cat /root/list); do ssh root@i $@; done
Roughly how I manage my fleet, just fits my play style. Not quite config sync, but easy to make changes everywhere at once.
Did you consider clusterssh for one-time edits to be spread on multiple (similar) boxes?
Thanks! Sounds like Ansible is worth looking at. Anyone willing to share some examples of how they’re using Ansible (eg. example playbooks you use, etc)?
Here’s an old one of mine, I used it to setup Debian containers: - name: Debian initial setup hosts: debian become: yes become_method: s - Pastebin.com
It’s not sophisticated at all, it simply delete/install packages, copy some files (.zshrc, . vimrc) and edit the config of others (sudo, sshd_config)