etckeeper: revision control for /etc/

SeaGL 2018
2018Nov09
der.hans
https://mastodon.social/@lufthans

What does etckeeper do?

puts /etc/ into revision control

etckeeper author

Joey Hess

Other software from Joey Hess

in short

fini

What is system configuration?

/etc/ holds system configuration

Changes in /etc/ can affect system behavior and performance

plain text config files

What is etckeeper?

Part of a nutritious backup solution

What it does

puts /etc/ into version control

What is a VCS?

tracks changes to files

shows changes between versions

works great on text files

not so great on binary files

allows retreiving a specific version

the March 4th, 2014 networking configuration

safely

don’t want to accidentally expose some files

drwx------ 8 root root /etc/.git

aside, netsaint

Let me tell you a story …

completely

consistently

auto-checkins after package installs

Who cares?

etckeeper setup

$ sudo etckeeper init
$ sudo etckeeper vcs commit -m "Initial checkin"
$ profit

now it’s a repo

normal repo

do normal repo things

spear and magic helmet

well, there is some etckeeper magic

Add a file

$ sudo touch /etc/testfile
$ sudo git -C /etc add testfile
$ sudo git -C /etc commit -m "A test file"

Undo a typo

$ echo "10.10.10.1111   nextcloud" | sudo tee -a /etc/hosts >/dev/null
$ sudo git -C /etc/ diff -U0 hosts
diff --git a/hosts b/hosts
index 97f1792..ecc187a 100644
--- a/hosts
+++ b/hosts
@@ -9,0 +10 @@ ff02::2 ip6-allrouters
+10.10.10.1111  nextcloud
$ sudo git -C /etc/ commit hosts -m "Added nextcloud box"
$ sudo git -C /etc/ revert HEAD -m "oops, wrong IP"
$ echo "10.10.10.111    nextcloud" | sudo tee -a /etc/hosts >/dev/null
$ sudo git -C /etc/ commit hosts -m "Correctly added nextcloud box"

File recovery

$ sudo rm ls /etc/hosts.allow
rm: cannot remove 'ls': No such file or directory
$ sudo git -C /etc/ checkout hosts.allow

Supported VCSen

etckeeperification

convenience wrapper

Wrapper usage examples

Copying the repo

$ ssh server 'mkdir /etc-clone; cd /etc-clone; chmod 700 .; git init --bare'
$ git remote add backup ssh://server/etc-clone
$ git push backup --all

Ignores

use normal VCS ignores

All the files?

ephemeral files

cache data

Other tools

configuration management

package management

filesystem snapshots

Is some puppet mucking about with your files?

Beaker_Muppet.jpg

Is some seattlish chef bork bork borking your /etc/?

Swedish_Chef_Muppet-borkborkbork.jpg

Configuration management

Sets files or parts of files to specific state

Can log changes to a file

Doesn’t track all files in /etc/

CMS to set state, etckeeper to track changes

Package management

Sets files to an initial state

Might provide tools for automated configuration changes

Doesn’t track all files in /etc/

Pkg mgt to set initial state, etckeeper to track changes

Filesystem snapshots

Tracks changes to entire filesystem, more than just /etc/

Usually don’t keep all snapshots across time

Snapshots for backups, etckeeper to track changes

Package management hooks

Automagic checkins before and after pkg mgt changes

VCS hooks

# cat /etc/.git/hooks/pre-commit
#!/bin/sh
# pre-commit hook for etckeeper, to store metadata and do sanity checks
set -e
etckeeper pre-commit -d /etc

The Point

I hate sauerk^Huncommitted configuration changes

Summary

Finding Hans

Thank you!

Resources

etckeeper home page

my Opensource.com etckeeper article

Credits

Beaker - WikiPedia

Swedish Chef - mikeycooks on Pinterest