How to version control /etc in Linux (using etckeeper)

It is a good idea to “version control” everything in /etc directory, so that you can track configuration changes, or recover from a previous configuration state if need be.

etckeeper is a collection of tools for versioning content, specifically in /etc directory. Uses existing revision control systems (e.g., git, bzr, mercurial, or darcs) to store version history in a corresponding backend repository. It integrates with package managers (e.g., apt, yum) to automatically commit any changes made to /etc directory during package installation, upgrade or removal. It tracks file metadata that revison control systems do not normally support, but that is important for /etc, such as the permissions of /etc/shadow.

# install w/ git the default
$ (el/centos) sudo yum install etckeeper git-core | (debian/ubuntu) sudo aptitude install etckeeper git-core
# or w/ bzr
$ (el/centos) sudo yum install etckeeper bzr | (debian/ubuntu) sudo aptitude install etckeeper etckeeper-bzr
$ cat /etc/etckeeper/etckeeper.conf

# setup
$ etckeeper init
$ etckeeper commit "initial commit"

# now can use regular git/bzr commands to handle further changes, or etckeeper vcs
$ etckeeper vcs status | sudo git status
$ etckeeper vcs diff /etc | sudo git diff /etc
$ etckeeper commit "any comment" | sudo git commit -m "any comment"
$ etckeeper vcs log /etc/sysconfig/*
$ etckeeper vcs diff -r1..3
$ etckeeper vcs diff -c3
$ etckeeper vcs revert --revision 2 /etc

# automatic commit changes made to /etc as part of package installation or upgrade
$ yum install httpd
$ etckeeper vcs log | git log --summary -1
$ etckeeper vcs diff -c5

# manually commit changes made to /etc by other commands
$ passwd someuser
$ git status
$ git commit -a -m "changed a password"

# remove/ignore some files
$ git rm --cached printcap # modified by CUPS
$ echo printcap >> .gitignore
$ git commit -a -m "don't track printcap"

# checkout a different /etc branch
$ git checkout april_first_joke_etc
$ etckeeper init

# use clone to backup /etc to a remove server
$ ssh server 'mkdir /etc-clone; cd /etc-clone; chmod 700 .; git init --bare'
$ git remote add backup ssh://server/etc-clone
$ git push backup --all

# multiple machines, start with a etckeeper repository on one machine, then add another machine's etckeeper repository as a git remote and diff/merge them, dont checkout
$ git remote add dodo ssh://dodo/etc
$ git fetch dodo
$ git diff dodo/master group |head

from How to version control /etc directory in Linux


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s