Etckeeper is a simple, easy-to-use, modular and configurable collection of tools to let
/etc be managed using version control. It allows the contents of
/etc to be stored in a Version Control System (VCS) repository such as git. Thus allowing you to use git to review or revert changes that were made to
/etc, in case of a mistake.
In Linux/Unix, the
/etc directory is where host-specific system-wide configuration files and directories are located; it is a central location for all system-wide configuration files. A configuration file is a local file used to control how a program works – it must be static and cannot be an executable binary.
To keep track of changes to system configuration files, system administrators normally make copies (or backups) of configuration files before modifying them. That way if they directly modified the original file and made a mistake, they can revert to the saved copy.
In this guide, we will learn how to Install and configure etckeeper in Opensuse Leap 15.
Ensure that your system is up to date
sudo zypper refresh sudo zypper update -y
Etckeeper is available in the default OpenSUSE repositories. To install, use the following command. This will also install dependencies:
sudo zypper install etckeeper
Type y when prompted to accept the installation and wait for it to finish.
Confirm the installed package with this command
~> rpm -qi etckeeper Name : etckeeper Version : 1.18.7 Release : bp153.1.17 Architecture: x86_64 Install Date: Thu Mar 3 17:44:56 2022 Group : System/Management Size : 113726 License : GPL-2.0+ Signature : RSA/SHA256, Sat Mar 13 02:04:56 2021, Key ID 9c214d4065176565 Source RPM : etckeeper-1.18.7-bp153.1.17.src.rpm Build Date : Sat Mar 13 02:04:32 2021 Build Host : lamb54 Relocations : (not relocatable) Packager : https://bugs.opensuse.org Vendor : openSUSE URL : http://etckeeper.branchable.com/ Summary : Store /etc under Version Control Description : The etckeeper program is a tool to let /etc be stored in a git, mercurial, bzr or darcs repository. It hooks into yum to automatically commit changes made to /etc during package upgrades. It tracks file metadata that version control systems do not normally support, but that is important for /etc, such as the permissions of /etc/shadow. It is quite modular and configurable, while also being simple to use if you understand the basics of working with version control. Distribution: SUSE Linux Enterprise 15 SP3
Once etckeeper is installed, we need to configure it. The etckeeper configuration file is located in this path /etc/etckeeper/etckeeper.conf.
Open it using your favourite text editor, I am using vim.
sudo vim /etc/etckeeper/etckeeper.conf
The configurations in the file have small, clear descriptions. The options alows you to set the version control system to use, pass options to VSC; to enable or disable timer, enable or disable special file warning, enable or disable etckeeper from committing existing changes to
/etc before installation.
Also, you can set the front-end or higher-level package manager (such as apt, yum, dnf etc.) and underlying or low-level package manager (dpkg, rpm etc.) to work with etckeeper.
If you have made any change(s) in the file, save it and close the file.
Initializing git repository
Next we will initialize a git repository to keep track of the changes in our /etc. Etckeeper will need to be run with root or as a user with sudo command. Let us switch to the /etc directory and initialize it .
cd /etc sudo etckeeper init
This is the output on my server
~> cd /etc /etc> sudo etckeeper init hint: Using 'master' as the name for the initial branch. This default branch name hint: is subject to change. To configure the initial branch name to use in all hint: of your new repositories, which will suppress this warning, call: hint: hint: git config --global init.defaultBranch <name> hint: hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and hint: 'development'. The just-created branch can be renamed via this command: hint: hint: git branch -m <name> Initialized empty Git repository in /etc/.git/
Next, step for etckeeper to be able to work automatically, you need to run the first commit to start keeping track of the changes in
/etc, as follows.
sudo etckeeper commit "initial commit with original etc configs"
Making Changes and Committing
After running your first commit, etckeeper via git is now tracking any changes in the
/etc directory. Now try to make any changes in any of the configuration files.
Then run the following command to show files that have changed since the last commit; this command essentially shows the changes in
/etc not staged for commit, where VCS means git and “status” is a git sub-command.
sudo etckeeper vcs status
You should see an output similar to this with the files that changed:
/etc> sudo etckeeper vcs status On branch master Changes not staged for commit: (use "git add <file>..." to update what will be committed) (use "git restore <file>..." to discard changes in working directory) modified: hosts modified: ssh/sshd_config no changes added to commit (use "git add" and/or "git commit -a")
Then commit the recent changes as follows.
sudo etckeeper commit "updated hosts file and disallowed root ssh login"
You should see output similar to this
/etc> sudo etckeeper commit "updated hosts file and disallowed root ssh login" [master 9984ce4] updated hosts file and disallowed root ssh login Author: ec2-user <[email protected]> 2 files changed, 3 insertions(+), 3 deletions(-)
To view a log of all commits (each commit’s id and comment), you can run the following command.
sudo etckeeper vcs log
/etc> sudo etckeeper vcs log commit 9984ce498ba68d15c8e1ac84dbec7b3cb6e3202f (HEAD -> master) Author: ec2-user <[email protected]> Date: Thu Mar 3 18:02:25 2022 +0000 updated hosts file and disallowed root ssh login commit 179ae7654496e9190c700c1ea4584d0ff05d3418 Author: ec2-user <[email protected]> Date: Thu Mar 3 17:59:00 2022 +0000 initial commit with original etc configs
You can also show the details of a commit, simply specify the commit ID (the first few characters can work) as shown:
sudo etckeeper vcs show 9984ce498ba68d15c8e1ac84dbec7b3cb6e3202f
Besides, you can view the difference between two commits as shown. This is especially useful if you want to revoke changes as shown in the next section. You can use the arrow keys to scroll up and down or left and right, and quit by pressing
sudo etckeeper vcs show 9984ce 179ae
How to Revoke Changes
The essence of etckeeper is to help you track changes to your
/etc directory and reverse the changes where necessary. Assuming you realize that you made some mistakes in the /etc/ssh/sshd_config when you last edited it and the sshd service can’t be restarted because of errors in the configuration structure, you can revert to the saved copy in a specific commit (e.g 9984ce) where you think the configuration was correct as follows.
sudo etckeeper vcs checkout 9984ce /etc/ssh/sshd_config
Alternatively, you can cancel all changes and revert to versions of all files under
/etc (and its sub-directories) stored in a specific commit.
sudo etckeeper vcs checkout 9984ce
Etckeeper also ships with a service and timer units for Systemd, included in the package. To launch “Autocommit” of changes in the
/etc directory, simply start
etckeeper.timer unit for now and check if it is up and running, as follows.
sudo systemctl start etckeeper.timer
Confirm the status
/etc> sudo systemctl status etckeeper.timer ● etckeeper.timer - Daily autocommit of changes in /etc directory Loaded: loaded (/usr/lib/systemd/system/etckeeper.timer; disabled; vendor preset: disabled) Active: active (waiting) since Thu 2022-03-03 18:08:39 UTC; 4s ago Trigger: Fri 2022-03-04 18:08:39 UTC; 23h left Triggers: ● etckeeper.service Docs: man:etckeeper(8) Mar 03 18:08:39 opensusesrv systemd: Started Daily autocommit of changes in /etc directory.
And enable it to auto-start at system boot as shown.
sudo systemctl enable etckeeper.timer
In this guide we learnt how to install and use etckeeper to manage changes in the /etc directory using a version management system like git.