Shared configuration files: login.conf, auth.conf....

[cr0hn]

Hello,

I'm trying to deploy a web server architecture and I would like to share some system configuration files (for easily maintenance), like: login.conf, auth.conf, sysctl.conf, ttys.

My machine has 2 harddisks. One with base system, and other with above files. In my /etc I link the files to the shared folder, in second disk, like this:

/etc/login.conf -> /mnt/shared/system/etc/login.conf
/etc/auth.conf -> /mnt/shared/system/etc/auth.conf
....

The problem: When I start the machine, this error is displayed and I can't login:

"....
_secure_path: /etc/login.conf is not regular file
_secure_path: /etc/auth.conf is not regular file
 ..."

Any ideas?

Thanks!

 

[cr0hn]

Sorry, I put new thread in response to my own thread and I don't know how to delete it.

 

[usdmatt]

It looks like the system is making sure the configuration files are secure. Looking at the source for _secure_path it wants them to be normal files, owned by a specified user & group, and only writable by the owner.

Please also be advised that FreeBSD expects /etc to be part of the / filesystem and accessible early during boot. Many files are accessed in there before any of the other local filesystems are mounted. We had another user on here a while back who was also getting into a load of trouble because he was trying to make /etc a separate mount.

I would suggest you find a different way of maintaining the configuration files. Maybe have a folder tree on one of the servers (or a separate 'configuration' server) that matches the layout of /etc, containing just the files you want shared. You can then use something like net/rsync to 'pull' the config files into /etc on the live servers. Obviously security of the master files would need to be handled carefully if you share anything that affects logins/access.

There are also tools in ports to simplify management of many servers but I've never used any of these myself.

 

[wblock@]

One of the BSDCan talks used one big rc.conf for a bunch of servers:
http://www.youtube.com/watch?v=u3C4vwYABS8&list=PL4A10C737F224D0DC&index=22&feature=plpp_video
It starts slow but then gets pretty interesting.

 

[SirDice]

The way we do it is we have everything stored in a central CVS server. That allows us to keep track of changes (and back out easily in case of problems). A script on each machine checks out the production tagged files and copies them to the correct place. It takes a bit of fiddling but it works quite well.

 

[toddnni]

You might want to try sysutils/cfengine3. cfengine is not only quite easy to configure for your current needs, but it is also a good tool for more advanced configurations in the future.

 

[cr0hn]

Many thanks for your responses and ideas! I will try it.

 

[redw0lfx]

You can also try out sysutils/rubygem-chef-server which is just like sysutils/cfengine3, but have found it to be a bit quicker and simpler to setup.

 

[fluca1978]

It is not an option for /etc, since it has to be mounted with /, but in similar situation a nullfs mount would do the trick.
However, for configuration files we too use a set of scripts that auto-upload and track versions from a centralized repository.