Etckeeper permite que el contenido de /etc se almacene en un repositorio del Sistema de control de versiones (VCS). Se integra con APT y automáticamente envía cambios a /etc cuando los paquetes se instalan o actualizan. Colocar /etc bajo el control de versiones se considera una muy buena práctica.
Entorno
Para esta PoC (prueba de concepto) se utiliza Ubuntu LTS 22.04.
Instalación
1. Actualizar repositorios
root@ubuntu:/# apt update Hit:1 http://ar.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://ar.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:3 http://ar.archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:4 https://download.docker.com/linux/ubuntu focal InRelease Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:6 http://packages.microsoft.com/repos/code stable InRelease Hit:7 https://packages.microsoft.com/repos/vscode stable InRelease Reading package lists… Done Building dependency tree… Done Reading state information… Done
2. Instalar el paquete etckeeper
root@ubuntu:/# apt install etckeeper Reading package lists… Done Building dependency tree… Done Reading state information… Done The following NEW packages will be installed: etckeeper 0 upgraded, 1 newly installed, 0 to remove and 27 not upgraded. Need to get 29,6 kB of archives. After this operation, 167 kB of additional disk space will be used. Get:1 http://ar.archive.ubuntu.com/ubuntu jammy/main amd64 etckeeper all 1.18.16-1 [29,6 kB] Fetched 29,6 kB in 0s (135 kB/s) Preconfiguring packages … Selecting previously unselected package etckeeper. (Reading database … 211325 files and directories currently installed.) Preparing to unpack …/etckeeper_1.18.16-1_all.deb … Unpacking etckeeper (1.18.16-1) … Setting up etckeeper (1.18.16-1) … Created symlink /etc/systemd/system/multi-user.target.wants/etckeeper.timer → /lib/systemd/system/etckeeper.timer. etckeeper.service is a disabled or a static unit, not starting it. hint: Using 'master' as the name for the initial branch. This default branch name hint: is subject to change. To configure the initial branch name to use in all hint: of your new repositories, which will suppress this warning, call: hint: hint: git config --global init.defaultBranch hint: hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and hint: 'development'. The just-created branch can be renamed via this command: hint: hint: git branch -m Initialized empty Git repository in /etc/.git/ Auto packing the repository in background for optimum performance. See "git help gc" for manual housekeeping. [master (root-commit) 186a88c] Initial commit Author: User1 [email protected] 2531 files changed, 234468 insertions(+) create mode 100755 .etckeeper create mode 100644 .gitignore create mode 100644 NetworkManager/NetworkManager.conf create mode 100644 NetworkManager/conf.d/default-wifi-powersave-on.conf create mode 100755 NetworkManager/dispatcher.d/01-ifupdown ... ... ...
La salida es mucho más larga, muestra una extensa lista de archivos que se agregan al versionado del directorio /etc.
El archivo de configuración se encuentra en /etc/etckeeper/etckeeper.conf. La opción principal es qué VCS usar. De manera predeterminada, etckeeper está configurado para usar git.
# The VCS to use. #VCS="hg" VCS="git" #VCS="bzr" #VCS="darcs" # Options passed to git commit when run by etckeeper. GIT_COMMIT_OPTIONS="" # Options passed to hg commit when run by etckeeper. HG_COMMIT_OPTIONS="" # Options passed to bzr commit when run by etckeeper. BZR_COMMIT_OPTIONS="" # Options passed to darcs record when run by etckeeper. DARCS_COMMIT_OPTIONS="-a" # Etckeeper includes both a cron job and a systemd timer, which each # can commit exiting changes to /etc automatically once per day. # To enable the systemd timer, run: systemctl enable etckeeper.timer # The cron job is enabled by default; to disable it, uncomment this next line. #AVOID_DAILY_AUTOCOMMITS=1 # Uncomment the following to avoid special file warning # (the option is enabled automatically for daily autocommits regardless). #AVOID_SPECIAL_FILE_WARNING=1 # Uncomment to avoid etckeeper committing existing changes to # /etc before installation. It will cancel the installation, # so you can commit the changes by hand. #AVOID_COMMIT_BEFORE_INSTALL=1 # The high-level package manager that's being used. # (apt, pacman, pacman-g2, yum, dnf, zypper, apk etc) HIGHLEVEL_PACKAGE_MANAGER=apt # The low-level package manager that's being used. # (dpkg, rpm, pacman, pacmatic, pacman-g2, apk etc) LOWLEVEL_PACKAGE_MANAGER=dpkg # To push each commit to a remote, put the name of the remote here. # (eg, "origin" for git). Space-separated lists of multiple remotes # also work (eg, "origin gitlab github" for git). PUSH_REMOTE=""
El repositorio se inicializa automáticamente (y se confirma por primera vez) durante la instalación del paquete. Es posible deshacer esto ingresando el siguiente comando:
sudo etckeeper uninit
Uso de etckeeper
Como ejemplo, editamos el archivo “/etc/services” del servidor. Agregamos una línea cualquiera y guardamos
... tfido 60177/tcp # fidonet EMSI over telnet fido 60179/tcp # fidonet EMSI over TCP # Local services # Esta es una linea de prueba
Hacemos un commit de los cambios con etckeeper commit
root@ubuntu:/etc# etckeeper commit "Cambio en archivo /etc/services" [master 674db95] Cambio en archivo /etc/services Author: User1 <[email protected]> 1 file changed, 1 insertion(+)
Para ver el versionado del directorio
root@ubuntu:/etc# etckeeper vcs log commit 674db95de8abc3f724e4a38abd1744fe2126a581 (HEAD -> master) Author: User1 <[email protected]> Date: Thu Jan 12 17:54:24 2023 -0300 Cambio en archivo /etc/services commit 186a88ce3d8d2e520132ff8bdcaa17588c223264 Author: User1 <[email protected]> Date: Thu Jan 12 17:19:40 2023 -0300 Initial commit
Para poder ver los cambios entre un commit y otro
root@ubuntu:/etc# etckeeper vcs diff 674db95de8abc3f724e4a38abd1744fe2126a581 186a88ce3d8d2e520132ff8bdcaa17588c223264 diff --git a/services b/services index c1f7167..f90e9de 100644 --- a/services +++ b/services @@ -359,4 +359,3 @@ tfido 60177/tcp # fidonet EMSI over telnet fido 60179/tcp # fidonet EMSI over TCP # Local services -# Esta es una linea de prueba
Para chequear si hay algún cambio sin commitear
root@ubuntu:/etc# etckeeper vcs status On branch master nothing to commit, working tree clean
El contenido de este artículo esta bajo licencia Creative Commons.
