etckeeper is a package to keep track of changes in the /etc folder, that’s where the configuration is supposed to be. So you get a trackrecord of changes in configuration -a must have-, most definitely when you run yum-cron nightly. Its also a great way to document why some things have been changed.


Like most cool tools, after doing it, you totally forget how you got it working. So here I share how I did it and plan how to use it. I picked git, as this is the default way, and git is hip these days.

On the server you want keep in revision

# like most things in life, package is in epel
yum install epel-release

# I choice you, git!
yum install etckeeper git

# go etc
cd /etc

# lets init
etckeeper init

# first commit
etckeeper commit "init our configuration server"

Remote

While strictly speaking not necessary I like to have my configuration saved somewhere else, when git FUBAR’s or server won’t boot, at-least we can look how the configuration was (or was not) changed.

on our target server : (I try to create a password less login, perhaps other methods are available)

# I want the configuration on a remote server (central in my case)
# note : security wise this might not be 100%

# create a key
ssh-keygen

# copy the key 
ssh-copy-id -i [email protected]

# or alternative
cat .ssh/id_rsa.pub | ssh [email protected] 'cat >> /home/etckeeper/.ssh/authorized_keys'

on the remote server :

# adduser and set pasword for first time login
adduser etckeeper
passwd etckeeper

# create git
su etckeeper
git init --bare /opt/etckeeper/public.git

and finally on the target server add the remote : (adapt as needed)

git remote add origin [email protected]:/opt/etckeeper/public.git

and change the configuration :

nano +43 /etc/etckeeper/etckeeper.conf

change

PUSH_REMOTE=""

to

PUSH_REMOTE="origin"

Manually record changes

Changing something  in /etc ? A good idea to tell your colleagues why (or the future you).

etckeeper commit "I added this ip to /etc/hosts cause I'm to lazy to type a ip."

Auto changes to /etc

Defaults will catch those ! Yum, yum-cron are caught by a plugin. I am not sure about rpm, but etckeeper will autocommit all changes it finds!

What changed ?

Since we use git, most git commands work (git status, git log). So its as easy as : cd /etc && git log  or for short cd /etc && git log --pretty=oneline

Pulling back changes 

I have not yet pulled back from the repo, but this should work :

etckeeper vcs checkout [HASH]

if you only need one file :

etckeeper vcs checkout [HASH] [FILE]

Useful sources :