etckeeper is a package to keep track of changes in the /etc folder, that’s where the configuration is supposed to be. So you get a trackrecord of changes in configuration -a must have-, most definitely when you run yum-cron nightly. Its also a great way to document why some things have been changed.
Like most cool tools, after doing it, you totally forget how you got it working. So here I share how I did it and plan how to use it. I picked git, as this is the default way, and git is hip these days.
On the server you want keep in revision
# like most things in life, package is in epel yum install epel-release # I choice you, git! yum install etckeeper git # go etc cd /etc # lets init etckeeper init # first commit etckeeper commit "init our configuration server"
While strictly speaking not necessary I like to have my configuration saved somewhere else, when git FUBAR’s or server won’t boot, at-least we can look how the configuration was (or was not) changed.
on our target server : (I try to create a password less login, perhaps other methods are available)
# I want the configuration on a remote server (central in my case) # note : security wise this might not be 100% # create a key ssh-keygen # copy the key ssh-copy-id -i [email protected] # or alternative cat .ssh/id_rsa.pub | ssh [email protected] 'cat >> /home/etckeeper/.ssh/authorized_keys'
on the remote server :
# adduser and set pasword for first time login adduser etckeeper passwd etckeeper # create git su etckeeper git init --bare /opt/etckeeper/public.git
and finally on the target server add the remote : (adapt as needed)
git remote add origin [email protected]:/opt/etckeeper/public.git
and change the configuration :
nano +43 /etc/etckeeper/etckeeper.conf
Manually record changes
Changing something in /etc ? A good idea to tell your colleagues why (or the future you).
etckeeper commit "I added this ip to /etc/hosts cause I'm to lazy to type a ip."
Auto changes to /etc
Defaults will catch those ! Yum, yum-cron are caught by a plugin. I am not sure about rpm, but etckeeper will autocommit all changes it finds!
What changed ?
Since we use git, most git commands work (git status, git log). So its as easy as :
cd /etc && git log or for short
cd /etc && git log --pretty=oneline
Pulling back changes
I have not yet pulled back from the repo, but this should work :
etckeeper vcs checkout [HASH]
if you only need one file :
etckeeper vcs checkout [HASH] [FILE]
Useful sources :