In 2009 I migrated the School of Computer Science and
Statistics mail server from Solaris to Debian Linux.
I made a lot of changes and improvements during the migration; one of the
simplest was to keep
/etc under version control. I assume most people are
familiar with version control from writing code - if you’re not, please spend a
couple of hours reading and experimenting with any modern VCS, you’ll be
thankful you did. I first set up a version controlled
/etc almost 10 years ago
when I was Netsoc’s sysadmin, but back then I was
using CVS, and it was complicated by Solaris putting binaries and named pipes in
/etc for backwards (and I really mean backwards) compatibility. This time I
used etckeeper and
git. One of the reasons for using git is that it’s
distributed: if we added a second mail server, I wanted to make synchronising
/etc as simple as possible. It has proven to be very useful:
Being able to see the changes I made in previous days, especially during the initial setup, when a lot of services needed a lot of configuration.
Finding out when files last changed, so we can assure ourselves and users that we haven’t changed anything that would cause the problems they’re having, or find out that someone else made a change unbeknownst to us that could be responsible.
Avoiding directory listings like this:
dovecot.conf dovecot.conf.2008-2009 dovecot.conf.2009-05-07 dovecot.conf.2009.07.13 dovecot.conf.2009-12-19.attempt.3.nearly.there dovecot.conf.before-changes dovecot.conf.Friday dovecot.conf.worked-for-brendan dovecot.conf.worked.yesterday dovecot.conf.yesterday dovecot.jic.conf.jan
Setup is explained in /usr/share/doc/etckeeper/README.gz but I’ll summarise here:
cd /etc etckeeper init git status # review the list of files to be added; files can be removed with # git rm --cached FILE # files can be ignored by adding them to /etc/.gitignore git commit -m "Initial import of /etc"
That’s it - you now have a version controlled /etc. Chances are that you’ll need to ignore some files because they’re generated from others or modified daemons, but that’s easy to do. If you intend cloning the repository, please read the security advice in /usr/share/doc/etckeeper/README.gz to avoid any nasty surprises.