etckeeper: revision control for /etc/

SeaGL 2018

What does etckeeper do?

puts /etc/ into revision control

etckeeper author

Joey Hess

Other software from Joey Hess

in short


What is system configuration?

/etc/ holds system configuration

Changes in /etc/ can affect system behavior and performance

plain text config files

What is etckeeper?

Part of a nutritious backup solution

What it does

puts /etc/ into version control

What is a VCS?

tracks changes to files

shows changes between versions

works great on text files

not so great on binary files

allows retreiving a specific version

the March 4th, 2014 networking configuration


don’t want to accidentally expose some files

drwx------ 8 root root /etc/.git

aside, netsaint

Let me tell you a story …



auto-checkins after package installs

Who cares?

etckeeper setup

$ sudo etckeeper init
$ sudo etckeeper vcs commit -m "Initial checkin"
$ profit

now it’s a repo

normal repo

do normal repo things

spear and magic helmet

well, there is some etckeeper magic

Add a file

$ sudo touch /etc/testfile
$ sudo git -C /etc add testfile
$ sudo git -C /etc commit -m "A test file"

Undo a typo

$ echo "   nextcloud" | sudo tee -a /etc/hosts >/dev/null
$ sudo git -C /etc/ diff -U0 hosts
diff --git a/hosts b/hosts
index 97f1792..ecc187a 100644
--- a/hosts
+++ b/hosts
@@ -9,0 +10 @@ ff02::2 ip6-allrouters
+  nextcloud
$ sudo git -C /etc/ commit hosts -m "Added nextcloud box"
$ sudo git -C /etc/ revert HEAD -m "oops, wrong IP"
$ echo "    nextcloud" | sudo tee -a /etc/hosts >/dev/null
$ sudo git -C /etc/ commit hosts -m "Correctly added nextcloud box"

File recovery

$ sudo rm ls /etc/hosts.allow
rm: cannot remove 'ls': No such file or directory
$ sudo git -C /etc/ checkout hosts.allow

Supported VCSen


convenience wrapper

Wrapper usage examples

Copying the repo

$ ssh server 'mkdir /etc-clone; cd /etc-clone; chmod 700 .; git init --bare'
$ git remote add backup ssh://server/etc-clone
$ git push backup --all


use normal VCS ignores

All the files?

ephemeral files

cache data

Other tools

configuration management

package management

filesystem snapshots

Is some puppet mucking about with your files?


Is some seattlish chef bork bork borking your /etc/?


Configuration management

Sets files or parts of files to specific state

Can log changes to a file

Doesn’t track all files in /etc/

CMS to set state, etckeeper to track changes

Package management

Sets files to an initial state

Might provide tools for automated configuration changes

Doesn’t track all files in /etc/

Pkg mgt to set initial state, etckeeper to track changes

Filesystem snapshots

Tracks changes to entire filesystem, more than just /etc/

Usually don’t keep all snapshots across time

Snapshots for backups, etckeeper to track changes

Package management hooks

Automagic checkins before and after pkg mgt changes

VCS hooks

# cat /etc/.git/hooks/pre-commit
# pre-commit hook for etckeeper, to store metadata and do sanity checks
set -e
etckeeper pre-commit -d /etc

The Point

I hate sauerk^Huncommitted configuration changes


Finding Hans

Thank you!


etckeeper home page

my etckeeper article


Beaker - WikiPedia

Swedish Chef - mikeycooks on Pinterest