Syncing Configs Across Multiple Servers

1

I have a few servers, and there’s some common configs between them. For example, my SSH authorized_keys, core Nginx config, PHP config, Tinc host configs, etc. There’s a few options I’ve thought of to keep these in sync:

  • Manual copy and paste
  • Chef
  • Ansible
  • Git repository
  • Script to rsync the configs from one particular server to all the other servers (one way syncing)
  • Syncing system like Dropbox/Seafile (edit on any system, sync to all of them)

I was wondering what people on this forum do!

At work we use Chef for everything (both dev servers and and production servers) but there’s a devops team that deal with that, so I don’t have any experience with it. Seems to work well, but I’ve never had to edit its configs.

1 Like
2

Since configs are security sensitive I like to keep them on the specific machine even if it’s more work in the end.

3

I mean for configs that aren’t sensitive, like PHP config. SSH public keys aren’t sensitive either; you can share public keys :smiley:

As a side note… It’s good to see you on this forum, @eol

3 Likes
4

Ah ok.
Got it.
Thank you.

1 Like
5

One example from recently was that I wanted to enable TLS 1.3 in the Nginx config on every server. I manually SSH’d to every server and edited the Nginx config. Would have been easier if I had some way of pushing the change out across all servers.

6

.sh
ssh, scp, rsync, crond, sed, cp, mv, …

7

Ansible is my favourite.

1 Like
8

Ansible works well for this, the playbooks are fairly trivial to write to sync files or edit the same files on multiple systems.

9

Vouch for Ansible.

10

+1 for ansible

11

It looks like I have to learn how Ansible works. I manage multiple servers with the same config too.

4 Likes
12

Did anyone say Ansible yet?
'cause I’d say Ansible

Albeit there’s some impermanent config files & some dreadfully untidy stuff I tend to backup to a borg repo and rsync whenever I have to deploy a new server

1 Like
13

$ cat /root/list
server1
server2

$ cat /usr/bin/run
for i in $(cat /root/list); do ssh root@i $@; done

Roughly how I manage my fleet, just fits my play style. Not quite config sync, but easy to make changes everywhere at once.

2 Likes
14

Did you consider clusterssh for one-time edits to be spread on multiple (similar) boxes?

4 Likes
15

Very nice.

16

Thanks! Sounds like Ansible is worth looking at. Anyone willing to share some examples of how they’re using Ansible (eg. example playbooks you use, etc)?

17

Here’s an old one of mine, I used it to setup Debian containers: - name: Debian initial setup hosts: debian become: yes become_method: s - Pastebin.com

It’s not sophisticated at all, it simply delete/install packages, copy some files (.zshrc, . vimrc) and edit the config of others (sudo, sshd_config)

6 Likes