2 | 2 |
.PP
|
3 | 3 |
metche - reducing root bus factor
|
4 | 4 |
.SH SYNOPSIS
|
5 | |
.PP
|
6 | |
\f[CR]
|
7 | |
metche\ [-h\ VSERVER]\ report\ (stable|testing|unstable)-YYYYMMDDHHMM
|
8 | |
metche\ [-h\ VSERVER]\ list
|
9 | |
metche\ [-h\ VSERVER]\ stabilize\ testing-YYYYMMDDHHMM
|
|
5 |
.IP
|
|
6 |
.nf
|
|
7 |
\f[C]
|
|
8 |
metche\ [-h\ VSERVER]\ report\ (stable|testing|unstable)-YYYYMMDDHHMM
|
|
9 |
metche\ [-h\ VSERVER]\ list
|
|
10 |
metche\ [-h\ VSERVER]\ stabilize\ testing-YYYYMMDDHHMM
|
10 | 11 |
\f[]
|
|
12 |
.fi
|
11 | 13 |
.SH DESCRIPTION
|
12 | 14 |
.PP
|
13 | 15 |
metche is a tool meant to ease collective system administration by
|
14 | 16 |
monitoring changes in the system configuration.
|
15 | 17 |
.PP
|
16 | 18 |
metche basic usage is to monitor changes in a directory, usually
|
17 | |
\f[B]/etc\f[]; optionally, metche can also monitor:
|
|
19 |
\f[C]/etc\f[]; optionally, metche can also monitor:
|
18 | 20 |
.IP \[bu] 2
|
19 | 21 |
one or more user maintained changelog files,
|
20 | 22 |
.IP \[bu] 2
|
|
22 | 24 |
.PP
|
23 | 25 |
metche should be installed with a cronjob that regularly runs to
|
24 | 26 |
automatically save the system state as needed.
|
25 | |
These states are saved in a way similar to the Debian development
|
26 | |
model:
|
|
27 |
These states are saved in a way similar to the Debian development model:
|
27 | 28 |
.IP \[bu] 2
|
28 | 29 |
\f[I]unstable\f[] states are saved as soon as a change is detected.
|
29 | 30 |
They are kept until a new \f[I]testing\f[] state appears.
|
30 | 31 |
.IP \[bu] 2
|
31 | |
\f[I]testing\f[] states is created from the last \f[I]unstable\f[]
|
32 | |
state that has not been changed after a short amount of time (by
|
33 | |
default, one hour).
|
|
32 |
\f[I]testing\f[] states is created from the last \f[I]unstable\f[] state
|
|
33 |
that has not been changed after a short amount of time (by default, one
|
|
34 |
hour).
|
34 | 35 |
Old \f[I]unstable\f[] states are deleted afterwards.
|
35 | 36 |
.IP \[bu] 2
|
36 | |
\f[I]stable\f[] states are created from the last \f[I]testing\f[]
|
37 | |
state, either manually, or after a long amount of time (by default,
|
38 | |
3 days).
|
|
37 |
\f[I]stable\f[] states are created from the last \f[I]testing\f[] state,
|
|
38 |
either manually, or after a long amount of time (by default, 3 days).
|
39 | 39 |
Old \f[I]testing\f[] states are deleted afterwards.
|
40 | 40 |
.PP
|
41 | 41 |
When a new \f[I]testing\f[] state is saved, an email is sent to a
|
42 | |
configurable address, giving an overwiew of the differences with
|
43 | |
the previous \f[I]testing\f[].
|
44 | |
A notification is also sent when a new \f[I]stable\f[] state is
|
45 | |
saved.
|
|
42 |
configurable address, giving an overwiew of the differences with the
|
|
43 |
previous \f[I]testing\f[].
|
|
44 |
A notification is also sent when a new \f[I]stable\f[] state is saved.
|
46 | 45 |
.PP
|
47 | |
metche's configuration is read from \f[B]/etc/metche.conf\f[].
|
48 | |
Various settings like changelog monitoring or time between system
|
49 | |
state switches are described there.
|
|
46 |
metche\[aq]s configuration is read from \f[C]/etc/metche.conf\f[].
|
|
47 |
Various settings like changelog monitoring or time between system state
|
|
48 |
switches are described there.
|
50 | 49 |
.SH OPTIONS
|
51 | 50 |
.PP
|
52 | |
If \f[B]-h\ VSERVER\f[] is specified, the VServer \f[I]VSERVER\f[]
|
53 | |
is operated on instead of the host system.
|
54 | |
This, along with the \f[B]VSNAMES\f[] option, allows to monitor
|
|
51 |
If \f[C]-h\ VSERVER\f[] is specified, the VServer \f[I]VSERVER\f[] is
|
|
52 |
operated on instead of the host system.
|
|
53 |
This, along with the \f[C]VSNAMES\f[] option, allows one to monitor
|
55 | 54 |
several VServers running on the system.
|
56 | 55 |
.PP
|
57 | |
One of the following commands must be specified on the command
|
58 | |
line:
|
|
56 |
One of the following commands must be specified on the command line:
|
59 | 57 |
.TP
|
60 | 58 |
.B report
|
61 | 59 |
When run with the \f[I]report\f[] command, metche displays a report
|
62 | |
against the specified saved state, or if unspecified, against the
|
63 | |
latest testing state.
|
64 | |
This is useful when you have broken your system and want to know
|
65 | |
which changes have been made since a given, known working, system
|
66 | |
state.
|
|
60 |
against the specified saved state, or if unspecified, against the latest
|
|
61 |
testing state.
|
|
62 |
This is useful when you have broken your system and want to know which
|
|
63 |
changes have been made since a given, known working, system state.
|
67 | 64 |
.RS
|
68 | 65 |
.RE
|
69 | 66 |
.TP
|
70 | 67 |
.B list
|
71 | |
When run with the \f[I]list\f[] command, metche displays a list of
|
72 | |
all the saved states.
|
|
68 |
When run with the \f[I]list\f[] command, metche displays a list of all
|
|
69 |
the saved states.
|
73 | 70 |
.RS
|
74 | 71 |
.RE
|
75 | 72 |
.TP
|
76 | 73 |
.B stabilize
|
77 | |
When run with the \f[I]stabilize\f[] command, metche turns a
|
78 | |
\[lq]testing state\[rq] into a \[lq]stable state\[rq].
|
79 | |
By default, it will use the last \[lq]testing state\[rq], but this
|
80 | |
can be overriden by giving a specific state as argument.
|
|
74 |
When run with the \f[I]stabilize\f[] command, metche turns a "testing
|
|
75 |
state" into a "stable state".
|
|
76 |
By default, it will use the last "testing state", but this can be
|
|
77 |
overridden by giving a specific state as argument.
|
81 | 78 |
.RS
|
82 | 79 |
.RE
|
83 | 80 |
.TP
|
84 | 81 |
.B cron
|
85 | |
This command should not be called manually, but used from a
|
86 | |
cronjob.
|
87 | |
When called, it can perform various operations like: saving
|
88 | |
\[lq]unstable\[rq], \[lq]testing\[rq] or \[lq]stable\[rq] states as
|
89 | |
needed and sending reports and notification if configured to do so.
|
90 | |
This command does not support the \f[B]-h\f[] option.
|
|
82 |
This command should not be called manually, but used from a cronjob.
|
|
83 |
When called, it can perform various operations like: saving "unstable",
|
|
84 |
"testing" or "stable" states as needed and sending reports and
|
|
85 |
notification if configured to do so.
|
|
86 |
This command does not support the \f[C]-h\f[] option.
|
91 | 87 |
.RS
|
92 | 88 |
.RE
|
93 | 89 |
.SH FILES
|
94 | 90 |
.PP
|
95 | |
\f[B]/etc/metche.conf\f[] contains metche configuration.
|
|
91 |
\f[C]/etc/metche.conf\f[] contains metche configuration.
|
96 | 92 |
.PP
|
97 | |
When configured to monitor one changelog, \f[B]CHANGELOG_FILE\f[]
|
98 | |
(default: \f[B]/root/Changelog\f[]).
|
|
93 |
When configured to monitor one changelog, \f[C]CHANGELOG_FILE\f[]
|
|
94 |
(default: \f[C]/root/Changelog\f[]).
|
99 | 95 |
.PP
|
100 | 96 |
When configured to monitor multiple changelogs,
|
101 | |
\f[B]CHANGELOG_DIR/*/Changelog\f[] (default:
|
102 | |
\f[B]/root/changelogs\f[]).
|
|
97 |
\f[C]CHANGELOG_DIR/*/Changelog\f[] (default: \f[C]/root/changelogs\f[]).
|
103 | 98 |
.PP
|
104 | |
System states are saved in \f[B]BACKUP_DIR\f[] (default:
|
105 | |
\f[B]/var/lib/metche\f[]).
|
|
99 |
System states are saved in \f[C]BACKUP_DIR\f[] (default:
|
|
100 |
\f[C]/var/lib/metche\f[]).
|
106 | 101 |
.SH SECURITY
|
107 | 102 |
.PP
|
108 | |
metche is able to use GnuPG to encrypt the email it sends, but does
|
109 | |
not by default; just enable the \f[B]ENCRYPT_EMAIL\f[]
|
110 | |
configuration option, and make sure \f[B]EMAIL_ADDRESS\f[]' public
|
111 | |
key is in root's keyring, trusted enough to be used blindly by
|
112 | |
metche.
|
113 | |
If \f[B]EMAIL_ADDRESS\f[] is an email alias or mailing-list's
|
114 | |
address, you probably want to use the \f[B]group\f[] option in
|
115 | |
\f[B]/root/.gnupg/gpg.conf\f[] so that metche reports are encrypted
|
116 | |
for every person subscribed to this alias or mailing-list; for more
|
117 | |
information, see \f[B]gpg(1)\f[].
|
|
103 |
metche is able to use GnuPG to encrypt the email it sends, but does not
|
|
104 |
by default; just enable the \f[C]ENCRYPT_EMAIL\f[] configuration option,
|
|
105 |
and make sure \f[C]EMAIL_ADDRESS\f[]\[aq] public key is in root\[aq]s
|
|
106 |
keyring, trusted enough to be used blindly by metche.
|
|
107 |
If \f[C]EMAIL_ADDRESS\f[] is an email alias or mailing-list\[aq]s
|
|
108 |
address, you probably want to use the \f[C]group\f[] option in
|
|
109 |
\f[C]/root/.gnupg/gpg.conf\f[] so that metche reports are encrypted for
|
|
110 |
every person subscribed to this alias or mailing-list; for more
|
|
111 |
information, see \f[C]gpg(1)\f[].
|
118 | 112 |
.PP
|
119 | |
When \f[B]DO_DETAILS\f[] is enabled and \f[B]ENCRYPT_EMAIL\f[] is
|
120 | |
disabled, metche sends in \f[I]clear text email\f[] the changes
|
121 | |
made to the watched directory\&... either make sure that the
|
122 | |
\f[B]EXCLUDES\f[] configuration variable prevents it to send
|
123 | |
sensitive information, or triple check that secure connections will
|
124 | |
be used end-to-end on the email path.
|
125 | |
If unsure, set \f[B]EMAIL_ADDRESS\f[] configuration variable to a
|
126 | |
local mailbox.
|
127 | |
Please note that \f[B]EMAIL_ADDRESS\f[] is not used for VServers: a
|
128 | |
VServer's report messages are sent to its root email address.
|
|
113 |
When \f[C]DO_DETAILS\f[] is enabled and \f[C]ENCRYPT_EMAIL\f[] is
|
|
114 |
disabled, metche sends in \f[I]clear text email\f[] the changes made to
|
|
115 |
the watched directory...
|
|
116 |
either make sure that the \f[C]EXCLUDES\f[] configuration variable
|
|
117 |
prevents it to send sensitive information, or triple check that secure
|
|
118 |
connections will be used end-to-end on the email path.
|
|
119 |
If unsure, set \f[C]EMAIL_ADDRESS\f[] configuration variable to a local
|
|
120 |
mailbox.
|
|
121 |
Please note that \f[C]EMAIL_ADDRESS\f[] is not used for VServers: a
|
|
122 |
VServer\[aq]s report messages are sent to its root email address.
|
129 | 123 |
.PP
|
130 | |
metche stores, in \f[B]BACKUP_DIR\f[] (default:
|
131 | |
\f[B]/var/lib/metche\f[]), various backups of \f[B]WATCHED_DIR\f[].
|
132 | |
Make sure that this backup place is at least as secured as the
|
133 | |
source.
|
|
124 |
metche stores, in \f[C]BACKUP_DIR\f[] (default:
|
|
125 |
\f[C]/var/lib/metche\f[]), various backups of \f[C]WATCHED_DIR\f[].
|
|
126 |
Make sure that this backup place is at least as secured as the source.
|
134 | 127 |
.SH BUGS
|
135 | 128 |
.PP
|
136 | |
See
|
137 | |
metche's ticket system (https://labs.riseup.net/code/projects/metche/issues)
|
138 | |
for known bugs, missing features, and the development road-map.
|
|
129 |
See metche\[aq]s ticket
|
|
130 |
system (https://labs.riseup.net/code/projects/metche/issues) for known
|
|
131 |
bugs, missing features, and the development road-map.
|
139 | 132 |
.SH AUTHORS
|
140 | |
metche and this manual page were written by the boum.org collective, and are now maintained by the metche developers collective <metche@lists.riseup.net>.
|
141 | |
|
|
133 |
metche and this manual page were written by the boum.org collective, and
|
|
134 |
are now maintained by the metche developers collective
|
|
135 |
<metche@lists.riseup.net>.
|