Server setup scripts, patches and migrations

Posted by Ben Swinburne on Server Fault See other posts from Server Fault or by Ben Swinburne
Published on 2013-07-01T15:30:35Z Indexed on 2013/07/01 16:22 UTC
Read the original article Hit count: 329

I have written some scripts which I use to configure various servers in a uniform way. Each time I deploy a server I run the relevant scripts so that I know they're all configured the same.

I then have some patch scripts, which are changes to the originals which I can then run to ensure that modifications to the original set up can be run on each server.

E.g.

  • disable.sh - Disable SELinux etc to ensure other scripts all run correctly
  • general.sh - Jailkit, AV, Repos, RKHunter, security tweaks, uninstall unused bits etc
  • web.sh - Installs and configures Apache2

  • 001_update_nr_licence_key.sh - Update a licence key for a piece of software which has changed since its install in general.sh

I can run the first 3 without a problem, but when it comes to running patches I am a bit stuck. Is there a sensible way of doing these with some software?

My current thought is write to a log file the role of the server be it web or db for example and then note the name of the patch which has run. It could then iterate through a folder to find all patches for that role which it has not yet run and execute them. This seems a bit long winded however.

Could someone advise me as to the best way I can keep my servers uniform?

© Server Fault or respective owner

Related posts about scripting

Related posts about update