How to use etckeeper to manage /etc in OpenSUSE Leap 15

Etckeeper is a simple, easy-to-use, modular and configurable collection of tools to let /etc be managed using version control. It allows the contents of /etc to be stored in a Version Control System (VCS) repository such as git. Thus allowing you to use git to review or revert changes that were made to /etc, in case of a mistake.

In Linux/Unix, the /etc directory is where host-specific system-wide configuration files and directories are located; it is a central location for all system-wide configuration files. A configuration file is a local file used to control how a program works – it must be static and cannot be an executable binary.

To keep track of changes to system configuration files, system administrators normally make copies (or backups) of configuration files before modifying them. That way if they directly modified the original file and made a mistake, they can revert to the saved copy.

In this guide, we will learn how to Install and configure etckeeper in Opensuse Leap 15.

Installing etckeeper

Ensure that your system is up to date

sudo zypper refresh
sudo zypper update -y

Etckeeper is available in the default OpenSUSE repositories. To install, use the following command. This will also install dependencies:

sudo zypper install etckeeper

Type y when prompted to accept the installation and wait for it to finish.

Confirm the installed package with this command

~> rpm -qi etckeeper
Name        : etckeeper
Version     : 1.18.7
Release     : bp153.1.17
Architecture: x86_64
Install Date: Thu Mar  3 17:44:56 2022
Group       : System/Management
Size        : 113726
License     : GPL-2.0+
Signature   : RSA/SHA256, Sat Mar 13 02:04:56 2021, Key ID 9c214d4065176565
Source RPM  : etckeeper-1.18.7-bp153.1.17.src.rpm
Build Date  : Sat Mar 13 02:04:32 2021
Build Host  : lamb54
Relocations : (not relocatable)
Packager    : https://bugs.opensuse.org
Vendor      : openSUSE
URL         : http://etckeeper.branchable.com/
Summary     : Store /etc under Version Control
Description :
The etckeeper program is a tool to let /etc be stored in a git,
mercurial, bzr or darcs repository. It hooks into yum to automatically
commit changes made to /etc during package upgrades. It tracks file
metadata that version control systems do not normally support, but that
is important for /etc, such as the permissions of /etc/shadow. It is
quite modular and configurable, while also being simple to use if you
understand the basics of working with version control.
Distribution: SUSE Linux Enterprise 15 SP3

Configuring etckeeper

Once etckeeper is installed, we need to configure it. The etckeeper configuration file is located in this path /etc/etckeeper/etckeeper.conf.

Open it using your favourite text editor, I am using vim.

sudo vim /etc/etckeeper/etckeeper.conf

The configurations in the file have small, clear descriptions. The options alows you to set the version control system to use, pass options to VSC; to enable or disable timer, enable or disable special file warning, enable or disable etckeeper from committing existing changes to /etc before installation.

Also, you can set the front-end or higher-level package manager (such as apt, yum, dnf etc.) and underlying or low-level package manager (dpkg, rpm etc.) to work with etckeeper.

If you have made any change(s) in the file, save it and close the file.

Initializing git repository

Next we will initialize a git repository to keep track of the changes in our /etc. Etckeeper will need to be run with root or as a user with sudo command. Let us switch to the /etc directory and initialize it .

cd /etc
sudo etckeeper init

This is the output on my server

~> cd /etc
/etc> sudo etckeeper init
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint: 	git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint: 	git branch -m <name>
Initialized empty Git repository in /etc/.git/

Next, step for etckeeper to be able to work automatically, you need to run the first commit to start keeping track of the changes in /etc, as follows.

sudo etckeeper commit "initial commit with original etc configs"

Making Changes and Committing

After running your first commit, etckeeper via git is now tracking any changes in the /etc directory. Now try to make any changes in any of the configuration files.

Then run the following command to show files that have changed since the last commit; this command essentially shows the changes in /etc not staged for commit, where VCS means git and “status” is a git sub-command.

sudo etckeeper vcs status

You should see an output similar to this with the files that changed:

/etc> sudo etckeeper vcs status
On branch master
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   hosts
	modified:   ssh/sshd_config

no changes added to commit (use "git add" and/or "git commit -a")

Then commit the recent changes as follows.

sudo etckeeper commit "updated hosts file and disallowed root ssh login"

You should see output similar to this

/etc> sudo etckeeper commit "updated hosts file and disallowed root ssh login"
[master 9984ce4] updated hosts file and disallowed root ssh login
 Author: ec2-user <ec2-user@opensusesrv>
 2 files changed, 3 insertions(+), 3 deletions(-)

View Commit Logs

To view a log of all commits (each commit’s id and comment), you can run the following command.

sudo etckeeper vcs log

Output

/etc> sudo etckeeper vcs log
commit 9984ce498ba68d15c8e1ac84dbec7b3cb6e3202f (HEAD -> master)
Author: ec2-user <ec2-user@opensusesrv>
Date:   Thu Mar 3 18:02:25 2022 +0000

    updated hosts file and disallowed root ssh login

commit 179ae7654496e9190c700c1ea4584d0ff05d3418
Author: ec2-user <ec2-user@opensusesrv>
Date:   Thu Mar 3 17:59:00 2022 +0000

    initial commit with original etc configs

You can also show the details of a commit, simply specify the commit ID (the first few characters can work) as shown:

sudo etckeeper vcs show 9984ce498ba68d15c8e1ac84dbec7b3cb6e3202f

Besides, you can view the difference between two commits as shown. This is especially useful if you want to revoke changes as shown in the next section. You can use the arrow keys to scroll up and down or left and right, and quit by pressing q.

sudo etckeeper vcs show 9984ce 179ae

How to Revoke Changes

The essence of etckeeper is to help you track changes to your /etc directory and reverse the changes where necessary. Assuming you realize that you made some mistakes in the /etc/ssh/sshd_config when you last edited it and the sshd service can’t be restarted because of errors in the configuration structure, you can revert to the saved copy in a specific commit (e.g 9984ce) where you think the configuration was correct as follows.

sudo etckeeper vcs checkout 9984ce /etc/ssh/sshd_config

Alternatively, you can cancel all changes and revert to versions of all files under /etc (and its sub-directories) stored in a specific commit.

sudo etckeeper vcs checkout 9984ce

Enable Changes to be Committed Automatically

Etckeeper also ships with a service and timer units for Systemd, included in the package. To launch “Autocommit” of changes in the /etc directory, simply start etckeeper.timer unit for now and check if it is up and running, as follows.

sudo systemctl start etckeeper.timer

Confirm the status

/etc> sudo systemctl status etckeeper.timer
● etckeeper.timer - Daily autocommit of changes in /etc directory
     Loaded: loaded (/usr/lib/systemd/system/etckeeper.timer; disabled; vendor preset: disabled)
     Active: active (waiting) since Thu 2022-03-03 18:08:39 UTC; 4s ago
    Trigger: Fri 2022-03-04 18:08:39 UTC; 23h left
   Triggers: ● etckeeper.service
       Docs: man:etckeeper(8)

Mar 03 18:08:39 opensusesrv systemd[1]: Started Daily autocommit of changes in /etc directory.

And enable it to auto-start at system boot as shown.

sudo systemctl enable etckeeper.timer

Conclusion

In this guide we learnt how to install and use etckeeper to manage changes in the /etc directory using a version management system like git.

comments powered by Disqus
Built with Hugo
Theme Stack designed by Jimmy