this post was submitted on 30 Oct 2024
20 points (95.5% liked)

Sysadmin

5572 readers
44 users here now

A community dedicated to the profession of IT Systems Administration

founded 5 years ago
MODERATORS
 

Programs with custom services, virtual environments, config files in different locations, programs creating datas in different location...

I know today a lot of stuff runs in docker, but how does a sysadmin remember what has done on its system? Is it all about documenting and keeping your docs updated? Is there any other way?

(Eg. For installing calibre-web I had to create a python venv, the venv is owned by root in /opt, but the service starting calibre web in /etc/systemd/system needs to be executed with the User=<user> specifier because calibre web wants to write in a user home directory, at the same time the database folder needs to be owned by www-data because I want to r/w it from nextcloud... So calibreweb is installed as a custom root(?) program, running in a virtual env, can access a folder owned by someone else, but still needs to be executed by another user to store its data there... )

Despite my current confusion in understanding if all of this is right in terms of security, syntax and ownership, No fucking way I will remember all this stuff in a week from now.. So... What do you use to do, if you do something? Do you use flowcharts? Simple text documents? Both?

Essentially, how do you keep track?

top 10 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 5 hours ago

"Infrastructure as code" is what the strategy is typically called. You use one of the many tools for orchestrating configuration of hosts (Ansible, OpenTofu, Puppet, Saltstack, Chef, etc.). These allow you to provide configuration files and code for setting up your hosts in a central place. This place is typically a Git repo, allowing you to keep track of when which change was made.

Depending on the tool you use, you trigger applying the configuration on your dev PC, or there's a hosted CI/CD server which automatically rolls out the changes when a new commit is pushed.

[–] [email protected] 7 points 19 hours ago

Don't make a mess, and do the changes you need with ansible. Effectively making its code your documentation.

[–] [email protected] 6 points 22 hours ago (2 children)

Yes. Documentation. Documentation aaaalll the way.

You are right. In two months you wont remember the shit you had to enable/disable to make things work.

Doing things that arent a reocurring doing should be documented. Not crazy. A basic how to set up is enough.

Common/reocurring errors/situations? Document 'em

Got a semi permanent fix for problem, so that it will most likely never come up again, but possibly in 5 years? Document it fella.

You'll kiss your past self on the head and say thanks when you have an critical ticket in 5 years and remember nothing about the doing itself but that you wrote some documentation.

It will save your ass and possibly you might come out as the hero of the day for having a solution right away for a super nieche problem.

I've making a private hosted documentation for stuff, tricks and problems i learn at work.

I've had plenty of situatuons where i remembered that i already encountered such a situation yeeeaars ago at my previois employer and that i've written somtehting down in my personal documentation. Bam and just by a few mins I've got either a really good or at least a shittysysadmin-style solution that works.

[–] [email protected] 4 points 20 hours ago

You are right. In two months you wont remember the shit you had to enable/disable to make things work.

Tried to login to my router that I reset up about 2 months ago...hell if I remember the password

[–] [email protected] 3 points 22 hours ago

Yep, and don't just state the what, but the why in your docs.

The why really helps with knowing if a step is still important, or if it no longer applies. This is especially important with anything cloud based, as I've seen weird workarounds become no longer needed due to updates, and I would never have caught it without my notes on why we had the weird workaround to begin with.

[–] [email protected] 4 points 20 hours ago

Follow some basic rules so as to avoid making the mess.

Only install standard packages from distro's repository and Python's pseudo-official PIP. For both, keep a text file with the installed package names. No compiling from source EVER. Too much hassle to maintain.

Back up config files that I changed. Not all of them.

Keep a text file to record what I did, with exact commands etc, whenever I need to go off-road. Much experience taught me that this is a chore that is very much worth the effort.

But still, the problem you point to is real. It's the reason for immutable distros. The idea of which I find quite tempting.

[–] _haha_oh_wow_ 2 points 20 hours ago* (last edited 20 hours ago)

We use a mix of FreshDesk for tickets/(some) projects/helpdesk articles and Teams/Sharepoint for documentation and distribution of info/help to techs, analysts, end users, etc.

As for the non-technical side of the answer: Basically, yeah, just document everything you can when you come across anything that needs documented.

[–] [email protected] 1 points 22 hours ago (1 children)

I take daily work log notes in obsidian, then transclude chunks from those notes into topic notes and attach config files, images, context from the web, etc.

[–] [email protected] 1 points 3 hours ago

Obsidian was a game changer for me. I just paste all the stuff, make a tag and forget about it until it is needed. For those not using it, there are dozens of plugins and unlimited options for customization. I have a standard daily note with timestamps and changelog over the whole vault and sqlite-like queries that manage dynamic dataviews.

[–] [email protected] 1 points 22 hours ago

I use a lot of comments in config files, and in the past I've also used bookstack to make documentation (something I should probably do again). You're right that docker (especially docker compose) has helped with this immensely.