On 03/06/2019 13.50, Thorsten Kukuk wrote:
for this, who don't want to read a lot of text, there is a video of
my talk about this topic from openSUSE Conference:
The slides can be found here:
and the full, detailed abstract can be found here:
What is this about?
RPM has a really very simple configuration file handling: overwrite
the config, move it away and write the new config or write the new config
in a different file (*.rpmsave and *.rpmnew).
If the rpm contains a configuration file marked as %config, and the
packager fixes a typo in a comment, RPM will move the by the admin
modified and adjusted configuration file away and put's the default
configuration file there, which means, your service will not work until
you merge the configuration files.
This is already bad, but it's getting really worse if you think about
atomic updates (transactional-updates on openSUSE):
- admin modifies configuration files
- admin starts an transactional update, the configuration file will
- admin makes changes to the configuration file
- admin reboots to active the changes
-> admin needs to find out which changes where done by whom and needs to
merge them all to get the service working again
While this shouldn't happen very often, more really seldom, if it happens,
it's really bad. Especially, if you think about big clusters with many
machines and not only a few workstations.
I have a routine, but it is not trivial.
Basically I scan the output of "rpmconfigcheck", and use meld on every
file pair, deciding what to apply and what not.
So I started looking into different solutions.
The first thing is: we are not alone with the problem, every distribution
with atomic updates has it, but every distribution has their own solution.
Which reminds me on the pre-FHS times, when you had to learn for every
distribution again where the configuration files and other tools could
So we need something, which helps everybody and is good enough specified,
that people will use this solution.
The second thing is: people want to have the configuration files in one
place, so that it is easy to find.
And at least, no, there is not the perfect solution solving everything,
for some I even have no idea, but for others we make big improvements
compared to today.
The goal is to provide a concept working for all Linux Distributors (like
the FHS, preferred is to get this into the FHS). Short to midterm, it should
solve the problems with atomic updates. Midterm to longterm, the result
should be, that no package installs anything in /etc, it should only contain
changes made by the system administrator or configuration files managed by
the system administrator.
But this makes harder to read the actual configuration, because we then
need to read two files: the one put by rpm, and the one we modified.
It would be fine if someone creates an special admin editor that
automatically loads both files, merging them into one visual result for
us to see and decide what to adapt, so that modifications go to the
As to the configs going to somewhere under /usr, I'm not sure I like
that. Maybe a directory under etc, or /etc.something
Cheers / Saludos,
Carlos E. R.
(from 15.0 x86_64 at Telcontar)