Well, I find myself needing to update systems. I've written before about my (possibly) strange way of thinking about systems, and one would think using such techniques would make life simpler. And to a point it does. But GuixSD is still beta and does work well on managed vps systems1 or ?inside virtual box.
Configuration management
Systems upgrades are really just an artifact of configuration
management. If I need to upgrade from wheezy to stretch, it should be
just a matter of updating /etc/apt/sources.list
, and running the
normal apt-get update && apt-get upgrade && apt-get dist-upgrade
. Of
course enabling such magic requires everything is properly
packaged. GuiSD is similar, one just has to run guix pull &&
guix package -u
, still everything has to be packaged or have a
package
recipe. Guix
packages are somewhat easier to create than debian packages, I think
mainly because the entire package description is a single function
definition2, but such may just be my
perception. So things that are properly packaged should just work. Oh
wait, what about configuration files and executables that need weird
setuid or setguid permissions or data files that need special
permissions to be secure or any of the above that need to adhere to
PCI, SOX, or other regulatory requirements? Regulatory requirements
are outside the scope of this post, as I don't have to worry about
such things at the house or my vps systems.
My current thinking is if the packaging is done properly, configuration management largely takes care of itself. So the key then is to package things appropriately.
Packaging
I largely use Debian with Guix on top. I have a few systems running
GuixSD. Packaging applications that don't have configuration files is
relatively straight forward in Debian and Guix and well documented, so
I won't speak to those here, other that to say Debian has more things
already packaged than Guix. I'll start blogging about Debian
packaging with the tag deb. Briefly, I am using
pbuilder, git
buildpackage,
amongst other tools.
To help handle configuration, I've found
config-package-dev
which handles packaging configuration files sanely, by hooking into
dpkg-divert
so upgrades work out right.
To manage distribution of these custom packages I've built a debian package repository with reprepro.
That leaves things such as file permissions and drift. I suspect tools such as CFengine, Puppet, Chef and their cousins are still the proper tool for such a job. Although none of them work with Guix.