git: keeping track of configurations with etckeeper

23 September 2015

We all know it: days after “someone” did changes on a system, somebody finds out that anything doesn’t work properly. And then we have to figure out who has made those changes. “was it me? was it my colleague? was it one of the developers?” and so on… Keeping track of all the changes in the configurations-files would be very nice. We could see the differences of the configurations and we could just rollback to an old state. Beside this we alsohave more opportunities to find out who has made those changes. V ersion C ontrol S ystems is what we need in those cases and etckeeper is a very nice wrapper for well known versioncontrolsystems.

Common VCS can handle this alone. why do we need etckeeper?

  1. Etckeeper simplifies the tasks(installation, commits, etc..)
  2. Most VCS don’t care much about file-permissions. Etckeeper does.
  3. It’s very simple to roll out etckeeper on many machines(puppet,ansible, etc..)
  4. It uses git defaultly, but it supports many different VCS
  5. Nobody needs special know how about the VCS for making commits.

How to install etckeeper?

On debian-systems:

dr@tardis: apt-get install etckeeper

The debian-package automatically calls “etckeeper init” after the installation and initialises in that way our (git)repository. It also creates a “/etc/.gitignore” for some files. A very important file is /etc/.etckeeper which keeps track of the filepermissions!

How to use it?

Once it is installed, it commits automagically all the changes once a day(cron.daily). So it works out of the box. If we want to commit any changes manually we can use the following command:

dr@tardis: etckeeper commit

Of course we have the full power of git and we can use all our well known git commands. I will not explain them here because they have a really good documentation on their website

Reminding all admins to comment and commit

I would like to make commits at least every time whenever an administrator is logging out, because in that way every admin can supply some comments and his initials. So I add the following oneliner in my /root/.bash_logout:

etckeeper commit

Something very important from the README-File

One thing i really wanna quote from the README-File:

You can use any git commands you like, but do keep in mind that, if you check out a different branch or an old version, git is operating directly on your system’s /etc. If you do decide to check out a branch or tag, make sure you run “etckeeper init” again, to get any metadata changes:

git checkout april_first_joke_etc etckeeper init


For me etckeeper is a nice little tool. It’s a great extension to our well known versioncontrolsystems. We can track changes, open testing-branches or just have an eye on differences between some changes. And it simplifies our daily tasks.


[ Linux  Sysadmin  Tricks  git  ]
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti