The System Difference checker
History
SYD was developed in the 90’s.
At the time I had designed a system that required a node of three servers to provide a set of functions. It worked well. Pretty soon other sites in the corporation wanted nodes to process their data locally.
Eventually there were seven nodes in the system meaning 21 servers. They all required identical application software and special configuration, but they were all supported by different support groups often in different countries, and that meant they were all on different hardware with different UNIX release levels, and different support arrangements. So I designed SYD.
SYD
SYD is an overlay system. I give SYD a specific config file for, say postfix, and SYD ensures that every server in the system is using that same config file, with the correct ownerships and permissions. Every night every server downloads an image file from a central server and then compares all the files in the image to those running on the live system. Any differences are reported by email. Hopefully, every morning there were no emails, but occasionally one of the local support groups had updated something, and an email would arrive.
It also means I could distribute new config files. I simply change the file on the image server, and overnight every server gets a copy of the new config file and sends an email saying the the config on the live system is now different to the one in the image.
You then log into each server and tell SYD to run in update mode, in that mode SYD forces the new config file onto the local server, and then reports there are no differences any more.
Logging into each server individually is a safety measure and avoids accidentally “updating” files on servers that don’t need it. However, if you have files that are regularly updated and that you think should be safe to handle automatically, then there is an automatic update list. If SYD detects a difference between the image and the local file, and that file is listed in the automatic list, then SYD will update the file automatically and email you what it did.
Sometimes you only want certain config files on SOME of the servers in the system. SYD allows you to specify a config file as being for ALL servers or just some of them. That night when the images are produced, only the images for the servers that need the specific file have it included in their image.
Sometimes you don’t want to impose a specific config, but you DO want to know that the file simply exists. You can tell SYD to just check a file exists on a server, like the postfix binary. SYD can also handle partial config files. Like when you need certain lines or blocks of text in a config, but are not bothered what the rest of the file contains. It can also check that symbolic links exist and their targets are correct.
The code
Syd is entirely written in shell script. The idea, at the time, was that it should work over many flavours of UNIX, so long as they all supported sh or ksh.
When I retired I rebuilt the system completely for UBUNTU Linux using bash.
It consists of the following shell scripts:
| syd | the original difference checker. It can run in many modes controlled by various arguments. It calls lots of built-in and standard commands like grep, awk, etc. |
| system_diff | The script that runs on every server every night, it retrieves the image file from the image server, unwraps it, checks the integrity of the controlled files and reports issues with an email. It runs syd a number of times in various modes to do this. |
| make_images | This script runs ONLY on the image server and is used to create images for every server in its list. This is run by the administrator whenever a change is needed on a server somewhere. It updates the individual server images on the image server. |
| others | There are various other config and control files. |