Using Etckeeper For Version Control Of /etc

Updated on November 21, 2023
Using Etckeeper For Version Control Of /etc header image

Introduction

The /etc/ directory plays a critical role in the way a Linux system functions. The reason for this is because nearly every system configuration file is located inside /etc/. The data stored in /etc/ is not only related to the built-in system libraries, but for newly installed software and its configuration as well. System and software installs, upgrades, and configuration changes are all stored in /etc/. Thus, is it a good practice to utilize version control when managing /etc/ to avoid potential errors caused by unforeseen or accidental maloperations.

With Etckeeper, you can easily manage /etc/ with your version control mechanism by using a Git, Mercurial, Bazaar, or Darcs repository. By default, Etckeeper uses git to maintain /etc/'s version repository directory at a daily granularity to minimize potential data loss. Additionally, it allows you to commit your changes manually at any time.

In this article, let's have a look at how to install Etckeeper on a CentOS 6 server instance, as well as how to manually perform a commit and undo changes.

Prerequisites

The instructions in this article were validated on a Vultr CentOS 6 instance with a LEMP stack. Instructions for other distributions may be different.

Note: it is a good security practice to access your system as a non-root user with sudo privileges.

Step 1: Install Etckeeper

Etckeeper is included in the EPEL Yum repo. You need to setup the EPEL Yum repo before you can install Etckeeper:

sudo yum install epel-release
sudo yum update
sudo yum install etckeeper

A successful installation of Etckeeper will automatically install git and other dependencies.

You can customize Etckeeper's configuration by editing the configuration file located at /etc/etckeeper/etckeeper.conf. However, the default configuration is adequate and we shall be using it for the purpose of this tutorial.

Step 2: Configure /etc as the git working directory of Etckeeper

You can make Etckeeper treat /etc/ as the git working directory by executing the following commands:

cd /etc
sudo etckeeper init

The "init" sub-command above will create a file named .gitignore and a directory named .git in /etc/.

The .gitignore contains a predefined list of files and does not require management with version control. If necessary, you can add or delete file names in it as you wish, just remember to put one file name per line between the line # begin section managed by etckeeper... and the line # end section managed by etckeeper.

The .git directory is the place to store the version repository of the /etc/ directory.

Step 3: Perform the initial commit

Before the initial commit, you can have a look at what will be committed:

sudo etckeeper vcs status | more

The vcs sub-command of Etckeeper will invoke the version control software (which is git) to perform the following sub-command in the /etc/ directory. So the command above equals to:

sudo git -C /etc status | more

Press the space bar to turn a page. If you find any files that should not be version controlled, add them into the .gitignore file.

Now, you can commit all of the contents in the /etc directory (except those files defined in .gitignore) into your git repository. Remember to write some meaningful comments between two quotation marks for review.

sudo etckeeper commit "Initial config in /etc"

Here, you can compress the git directory to save disk space:

sudo etckeeper vcs gc

Step 4: Perform another commit after making changes in /etc

Coupled with git, Etckeeper can record any changes that happen in the /etc/ directory, such as adding, modifying, or deleting files, as well as ownership and/or permission changes for files and directories. Everything under /etc/ falls under its version control policy.

Please note that having /etc/ under version control does not mean that you can perform any operation on it. Severe maloperations can render the system inoperable before Etckeeper can restore the configuration to a working state.

For testing purposes, you should only make safe changes to /etc/, such as adding a new file, modifying the host name in /etc/hosts, or install a new software using Yum.

For example, add the file abcde in /etc/:

sudo touch /etc/abcde

Then, add the line 192.168.0.2 desktop in the /etc/hosts file:

echo '192.168.0.2 desktop' | sudo tee -a /etc/hosts

At last, you can perform the "commit" sub-command again:

sudo etckeeper commit "add a file /etc/abcde and add a line to /etc/hosts"

Step 5: Revoke your changes

Firstly, you can check the git history to get each commit's id and comment:

sudo etckeeper vcs log

Secondly, you can check the details of any commit with the first several bits of its commit id. Here, we assume that the first commit id is 7f5bff, the second commit id is 1aa658.

sudo etckeeper vcs show 1aa658

You can press j to move down, press k to move up, input /keyword<Enter> to search, press q to quit.

Thirdly, you can also compare the differences between two commits with the following command. Be aware of the sequence of two commits, a natural sequence is putting the former one before the latter one.

sudo etckeeper vcs diff 7f5bff..1aa658

Now, you find that you misconfigured the host name in /etc/hosts during the first commit and the second commit, but adding the file /etc/abcde is a correct operation, you can revoke your change in only the /etc/hosts file with the following command:

sudo etckeeper vcs checkout 7f5bff /etc/hosts

If you want to revoke all of the changes between the first commit and the second commit, you can use the following command:

sudo etckeeper vcs checkout 7f5bff

Of course, you can still return to the second commit:

sudo etckeeper vcs checkout 1aa658

Conclusion

Having Etckeeper configured properly, you can tune and maintain your system with more confidence. Nonetheless, be aware that version control is different from backup and the /etc/ directory is not the only place to be concerned about. In order to keep your system in shape, you also need to backup your system regularly besides the version control mechanism.