When you build a server it’s easy to just hack together all the needed parts.
If you need to come back to the server some time later and change something you are already in trouble. How do you document what you changed and where?
My solution to these problems is to put the whole filesystem under version control. It doesn’t have to be all fancy and store permissions and all that. It is enough if I can see the changes in files. What was done and when. It’s basically the same as using a pen and paper to log what you did when you built the server and all changes after that.
The exact state of the server is of course stored in full filesystem backups.
Whenever I build a new machine the first thing on first login is to create a repository to the root of the filesystem.
cd / hg init .
Or maybe the first command is to install the version control system of my choice:
apt-get install mercurial
After these I have repository at the root and ready to version
control everything. This has to be restricted. I create a
.hgignore file which excludes everything:
syntax: glob *
This way I can now choose which files I’ll put under version control. Whenever I need to change a file I first add and commit the initial version of it:
cd /etc hg add passwd hg ci -m "Added passwd"
And so on for all other files I edit.
We have global “ignore all” directive in our hgignore file so we need to explicitly add all files. One easy way to do this is with command:
hg st -in . | hg add