Linux: Versioning the /etc/ configurations using 'etckeeper'

By -
One of the most important things for an administrator is to keep track of the changes.
The preferred  way to do that is to use a configuration management system, like 'cfengine', 'puppet', 'chef', 'ansible' or you named it.
Even so, you should still be able to see what exactly was changed on you system and when.

I'm using 'etckeeper'  to do that and I'm thinking that it is very useful.

The most important Unix distributions are including this software and you can install it by using your favorite package manager.

On CentOS6, you can run:
[root@centos6 ~]# yum install etckeeper
After installing, at least on CentOS, you have to initialize the repository, by running:
[root@centos6 ~]# etckeeper init
Initialized empty Git repository in /etc/.git/
The last thing is to commit these changes, that means that you will add the entire /etc directory to the repository:
[root@centos6 ~]# etckeeper commit -m "initial commit"
etckeeper warning: hardlinked files could cause problems with git:
sysconfig/network-scripts/ifcfg-eth0
sysconfig/networking/profiles/default/hosts
sysconfig/networking/profiles/default/ifcfg-eth0
sysconfig/networking/profiles/default/resolv.conf
sysconfig/networking/devices/ifcfg-eth0
That's all, now you have your system versioned and you can track all changes.

There are cron scripts that will commit changes every night.

Also, before installing any package, there are some hooks that will also commit changes before installing required package.
[root@centos6 etc]# touch myconfig
[root@centos6 etc]# yum install mtr
Loaded plugins: etckeeper, fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: ftp.ines.lug.ro
 * epel: fedora.mirrors.romtelecom.ro
 * extras: ftp.ines.lug.ro
 * remi: remi.schlundtech.de
 * remi-php55: remi.schlundtech.de
 * updates: mirrors.m247.ro
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mtr.x86_64 2:0.75-5.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================================================================
 Package                        Arch                              Version                                   Repository                       Size
==================================================================================================================================================
Installing:
 mtr                            x86_64                            2:0.75-5.el6                              base                             54 k

Transaction Summary
==================================================================================================================================================
Install       1 Package(s)

Total download size: 54 k
Installed size: 96 k
Is this ok [y/N]: y
Downloading Packages:
mtr-0.75-5.el6.x86_64.rpm                                                                                                  |  54 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
etckeeper: pre transaction commit
etckeeper warning: hardlinked files could cause problems with git:
sysconfig/network-scripts/ifcfg-eth0
sysconfig/networking/profiles/default/hosts
sysconfig/networking/profiles/default/ifcfg-eth0
sysconfig/networking/profiles/default/resolv.conf
sysconfig/networking/devices/ifcfg-eth0
hosts
resolv.conf
[master 761554f] saving uncommitted changes in /etc prior to yum run
 Author: smocanu <smocanu@centos6>
 1 files changed, 1 insertions(+), 0 deletions(-)
 create mode 100644 myconfig
On  debian and debian-like distributions, the steps are the same with the mention that, on recent versions, the initialization of the repository is made on package install:
smocanu@debian7:~$ sudo apt-get install etckeeper
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  etckeeper
0 upgraded, 1 newly installed, 0 to remove and 665 not upgraded.
Need to get 36.3 kB of archives.
After this operation, 249 kB of additional disk space will be used.
Get:1 ftp://ftp.ines.lug.ro/debian/ wheezy/main etckeeper all 0.63 [36.3 kB]
Fetched 36.3 kB in 0s (445 kB/s)
Preconfiguring packages ...
Selecting previously unselected package etckeeper.
(Reading database ... 175852 files and directories currently installed.)
Unpacking etckeeper (from .../etckeeper_0.63_all.deb) ...
Processing triggers for man-db ...
Setting up etckeeper (0.63) ...
Initialized empty Git repository in /etc/.git/
[master (root-commit) c452d79] Initial commit
 Committer: smocanu <smocanu@debian7>
If you are using cfengine as your system configuration management, here is a simple policy for etckeeper:
bundle agent etckeeper
{
  vars:
    any::
      "etckeeper_package" slist => {
                                    "etckeeper",
                                   };

  packages:
      "$(etckeeper_package)"
        package_policy => "add",
        package_method => generic,
        classes   => if_repaired("etckeeper_init");

  commands:
    etckeeper_init::
      "/usr/bin/etckeeper init"
      comment => "Initialize etckeeper.";

      "/usr/bin/etckeeper commit -m 'initial commit'"
      comment => "Initial etckeeper commit.";
}

And you can test it using cf-agent tool:
[root@centos6 inputs]# rpm -ev etckeeper
[root@centos6 inputs]# cf-agent -vKf promises.cf | grep etckeeper
2014-06-04T19:49:04+0300  verbose: Parsing file '/var/cfengine/inputs/services/etckeeper.cf'
2014-06-04T19:49:04+0300  verbose: Resolving variables in bundle 'etckeeper'
2014-06-04T19:49:04+0300  verbose: Resolving variables in bundle 'etckeeper'
2014-06-04T19:49:05+0300  verbose: Resolving variables in bundle 'etckeeper'
2014-06-04T19:49:05+0300  verbose: Using bundlesequence =>  {'def','cfe_internal_hub_vars','cfsketch_run','cfe_internal_management','service_catalogue','example_use_goals','tzconfig(Europe/Bucharest)','system_time_ntp','configsysctl','copy_repos','configssh','manage_users','configsudo','confignetwork','apache_install','system_tools','jailkit','etckeeper'}
2014-06-04T19:50:02+0300  verbose: Looking for (etckeeper,*,*)
2014-06-04T19:50:02+0300  verbose: No installed packages matched (etckeeper,*,*)
2014-06-04T19:50:02+0300  verbose: Looking for (etckeeper,*,*)
2014-06-04T19:50:02+0300  verbose: No installed packages matched (etckeeper,*,*)
2014-06-04T19:50:02+0300  verbose: Checking if package (etckeeper,*,*) is at the desired state (installed=0,matched=0)
2014-06-04T19:50:02+0300  verbose: Package promises to refer to itself as 'etckeeper' to the manager
2014-06-04T19:50:02+0300  verbose: Package (etckeeper,any,any) found
2014-06-04T19:50:02+0300     info: Installing etckeeper...
2014-06-04T19:50:02+0300  verbose: Running /usr/bin/yum -y install etckeeper  in shell
2014-06-04T19:50:02+0300  verbose: Executing /usr/bin/yum -y install etckeeper ...
2014-06-04T19:50:06+0300     info: Q:yum -y install etcke ...:---> Package etckeeper.noarch 0:1.11-1.el6 will be installed
2014-06-04T19:50:07+0300     info: Q:yum -y install etcke ...: etckeeper           noarch           1.11-1.el6           epel            39 k
  Installing : etckeeper-1.11-1.el6.noarch                                  1/1
  Verifying  : etckeeper-1.11-1.el6.noarch                                  1/1
2014-06-04T19:50:09+0300     info: Q:yum -y install etcke ...:  etckeeper.noarch 0:1.11-1.el6      
2014-06-04T19:50:09+0300  verbose: /etckeeper: Additional promise info: version 'Promises.cf 3.5.3' source path '/var/cfengine/inputs/services/etckeeper.cf' at line 11
2014-06-04T19:50:09+0300  verbose: /etckeeper: Finished command related to promiser 'etckeeper' -- succeeded
2014-06-04T19:50:09+0300  verbose: Defining promise result class 'etckeeper_init'
2014-06-04T19:50:09+0300  verbose: Bulk package schedule execution ok for 'etckeeper' (outcome cannot be promised by cf-agent)
2014-06-04T19:50:09+0300  verbose: Comment 'Initialize etckeeper.'
2014-06-04T19:50:09+0300  verbose: Promiser string contains a valid executable '/usr/bin/etckeeper' - ok
2014-06-04T19:50:09+0300     info: Executing 'no timeout' ... '/usr/bin/etckeeper init'
2014-06-04T19:50:19+0300  verbose: /etckeeper/commands/'/usr/bin/etckeeper init': Additional promise info: version 'Promises.cf 3.5.3' source path '/var/cfengine/inputs/services/etckeeper.cf' at line 18 comment 'Initialize etckeeper.'
2014-06-04T19:50:19+0300  verbose: /etckeeper/commands/'/usr/bin/etckeeper init': Finished command related to promiser '/usr/bin/etckeeper init' -- succeeded
2014-06-04T19:50:19+0300   notice: Q: ".../etckeeper init": Initialized empty Git repository in /etc/.git/
2014-06-04T19:50:19+0300     info: Last 1 quoted lines were generated by promiser '/usr/bin/etckeeper init'
2014-06-04T19:50:19+0300     info: Completed execution of '/usr/bin/etckeeper init'
2014-06-04T19:50:19+0300  verbose: Comment 'Initial etckeeper commit.'
2014-06-04T19:50:19+0300  verbose: Promiser string contains a valid executable '/usr/bin/etckeeper' - ok
2014-06-04T19:50:19+0300     info: Executing 'no timeout' ... '/usr/bin/etckeeper commit -m 'initial commit''
2014-06-04T19:50:20+0300   notice: Q: ".../etckeeper comm": etckeeper warning: hardlinked files could cause problems with git:
Q: ".../etckeeper comm": sysconfig/network-scripts/ifcfg-eth0
Q: ".../etckeeper comm": sysconfig/networking/profiles/default/hosts
Q: ".../etckeeper comm": sysconfig/networking/profiles/default/ifcfg-eth0
Q: ".../etckeeper comm": sysconfig/networking/profiles/default/resolv.conf
Q: ".../etckeeper comm": sysconfig/networking/devices/ifcfg-eth0
That should be all about etckeeper.

Comments

Post a Comment

Popular posts from this blog

JunOS - mount USB stick

By -
There are times when you have to use a USB stick to copy to or from it files to a Juniper router/switch. Fortunetly it will not be to very frequently, but there will be a time when you will need it. JunOS being a UNIX( FreeBSD ) based OS, you have to identify and mount the device attached. First, you have to check the device name, so you can identify it on /dev: smocanu@j2350> show log messages | match mass May 16 15:25:45  j2350 /kernel: umass0: Kingston DataTraveler SE9, rev 2.00/1.00, addr 2 May 16 15:25:46  j2350 /kernel: da0 at umass-sim0 bus 0 target 0 lun 0 Then you have to verify the partition number, usually it is the first one: smocanu@j2350> start shell % ls -las /dev/da0 /dev/da0 /dev/da0s1 Now you can mount your USB stick: % mkdir /var/tmp/usb % mount_msdosfs /dev/da0s1 /var/tmp/usb Once your USB stick is mounted, you can copy to/from it files, using /var/tmp/usb path. Do not forget that you have to umount the USB storage, before remov...
Read more

SSH: Generating and using SSH keys

By -
Image
One of the preferred method of authentication on network devices is using SSH with a SSH public key. In order to be able to authenticate yourself, you have to generate a SSH key pair. A SSH key is composed of two parts, one private key (which should remain "private" and also should be password protected ) and one public key which should be installed on the SSH server in order to authenticate you. SSH client on Linux: In order to generate a SSH key pair on Linux, you will need to use "ssh-keygen" tool, which is a part of the "openssh-client" package on Debian-like operating systems: smocanu@debian7:~$ dpkg -S $(which ssh-keygen) openssh-client: /usr/bin/ssh-keygen or a part of "openssh" package on RedHat-like operating systems: smocanu@centos6 ~$ rpm -qf $(which ssh-keygen) openssh-5.3p1-94.el6.x86_64 The generating process is quite simple, just run the "ssh-keygen" command, and it will ask you the location of the new key ...
Read more

JunOS - loging on secondary node of a cluster and copying file between nodes

By -
First at all you have to know that you should be able to login to a secondary node of a J/SRX cluster using OOB( out of band management interface - fxp0 ), but, if this is not possible you can do it from the primary node. In my case there is a cluster of SRX240H2. You have to login into the cluster and check the status of it: smocanu@srx240h2# run show chassis cluster status Cluster ID: 1 Node                  Priority          Status    Preempt  Manual failover Redundancy group: 0 , Failover count: 1     node0                   100         primary        no       no     node1     ...
Read more