Sunday, August 11, 2013

How to version control /etc directory in Linux

In Linux, /etc directory contains important system-related or application-specific configuration files. Especially in a server environment, it is wise to back up various server configurations in /etc directory regularly, to save trouble from any accidental changes in the directory, or to help with re-installation of necessary packages. Better yet, it is a good idea to “version control” everything in /etc directory, so that you can track configuration changes, or recover from a previous configuration state if need be.
In Linux, etckeeper is a collection of tools for versioning content, specifically in /etc directory. etckeeper uses existing revision control systems (e.g., git, bzr, mercurial, or darcs) to store version history in a corresponding backend repository. The advantage of etckeeper is that it integrates with package managers (e.g., apt, yum) to automatically commit any changes made to /etc directory during package installation, upgrade or removal.
In this tutorial, I will describe how to version control /etc directory in Linux with etckeeper. Here, I will configure etckeeper to use bzr as a backend version control repository.

Install Etckeeper on Linux

To install etckeeper and bzr on Ubuntu, Debian or Mint:
$ sudo apt-get install etckeeper bzr

To install etckeeper and bzr on CentOS or RHEL, first set up EPEL repository, and then run:
$ sudo yum install etckeeper etckeeper-bzr

To install etckeeper and bzr on Fedora, simply run:
$ sudo yum install etckeeper etckeeper-bzr

Set up and Initialize Etckeeper

The first thing to do after installing etckeeper is to edit its configuration file. You can leave other options as default.
$ sudo vi /etc/etckeeper/etckeeper.conf
# The VCS to use.

# Avoid etckeeper committing existing changes to /etc automatically once per day.
Now go ahead and initialize etckeeper as follows.
$ sudo etckeeper init

At this point, everything in /etc directory has been added to the backend bzr repository. However, note that the added content has not been committed yet. You need to either commit the action manually, or install/upgrade any package with a standard package manager such as apt or yum, which will trigger the first commit automatically. Here, I will do the first commit manually as follows.
$ sudo etckeeper commit “initial commit”

Etckeeper Examples

To check the status of /etc directory, run the following command. This will show any (uncommitted) change made to /etc directory since the latest version.
$ sudo etckeeper vcs status

To show differences between the latest version and the current state of /etc:
$ sudo etckeeper vcs diff /etc

To commit the current (changed) state of /etc directory:
$ sudo etckeeper commit “any comment”

To check the commit history of the entire /etc dirctory or specific files/subdirectories:
$ sudo etckeeper vcs log
$ sudo etckeeper vcs log /etc/sysconfig/*

To check the difference between two specific revisions (revision number 1 and 3):
$ sudo etckeeper vcs diff -r1..3

To view the change made by a specific revision (e.g., revision number 3):
$ sudo etckeeper vcs diff -c3

To revert the content of /etc directory to a specific revision (e.g., revision number 2):
$ sudo etckeeper vcs revert --revision 2 /etc

Automatic Commits by Etckeeper

As mentioned eariler, etckeeper automatically commits changes made to /etc as part of package installation or upgrade. In this example, I try installing Apache HTTP Server as a test.
$ sudo yum install httpd

To view the commit history auto-generated by package installation:
$ sudo etckeeper vcs log
revno: 5
committer: dan 
branch nick: fedora /etc repository
timestamp: Mon 2013-08-05 06:39:33 -0400
  committing changes in /etc after yum run
  Package changes:
To view the changes made in /etc directory by package installation:

$ sudo etckeeper vcs diff -c5 

No comments:

Post a Comment