Add etckeeper git remote for pushing on commit
Overview
Tracking configuration changes in etckeeper is great, but even better is storing in an off-system private repository, preferably one with a decent web interface to the repo (makes browsing the repo much friendlier). Ideally you will have a local git server for this rather than some cloud service.
Since we only commit interactively (that is etckeeper autocommits are disabled), we don’t store passwords or use a passwordless SSH key on the system, which would be required if push without human intervention were required. Thils will mean you need enter the appropriate password on push.
Common configuration
- Set up a repo on your git server for receiving the etckeeper push (e.g.
https://gitserver.example.com/example-com-etckeeper/systemname.gitwhere example-com-etckeeperis an ‘organization’ which grants push access toyouruseridon thesystemname.gitrepository. The owner ofexample-com-etckeeperwould ideally not beyouruserid).
Case 1: Connection and authentication via HTTPS
If git server has a private (self-signed) CA certificate
Put the CA certificate for the server in
/etc/etckeeper/git-ssl/ca-private.your-server.example.com.pemConfigure git to use the certificate for
gitserver.example.comby executing:etckeeper vcs config http.https://gitserver.example.com/.sslCAInfo /etc/etckeeper/git-ssl/ca-private.your-server.example.com.pem # Adjust using your git server and system certificate name
For any git via HTTPS connection
If you have two factor authentication enabled on your git server, or are just following best practices, you may need or want to use a revokable ’token’ instead your main login password. Depending on the git system in use you may be able to limit the access granted to the token more precisely than with the main account password.
Convenience option: Configure the username of the account to use when pushing by executing:
etckeeper vcs config credential.https://gitserver.example.com youruserid # Adjust using your git server and git useridAdd your git server as a ‘remote’ to the local etckeeper repo:
etckeeper vcs remote add origin https://gitserver.example.com/example-com-etckeeper/systemname.git # Adjust using your git server and system namePush the repo so far to
gitserver.example.comand make your ‘origin’ remote the default ‘upstream’ for the ‘main’ branchetckeeper vcs push --set-upstream origin main # If your primary branch is not 'main' use yours (e.g. 'master' is still common)
You will be prompted for the password for the account you configured in step 1. above (youruserid). Use the token instead of a password if you generated one, otherwise use your account password (if you account has two factor authentication enabled, using your account password will likely fail and you will need to generate a token; details depend on your git server).
If all is well you will see the usual git push messages on the terminal.
Case 2: Connection and authentication via SSH
Make sure you have have the private key for the public key you have at
gitserver.example.com(not a real server)Add your git server as a ‘remote’ to the local etckeeper repo:
etckeeper vcs remote add origin ssh://git@gitserver.example.com/example-com-etckeeper/systemname.git # Adjust using your git server and system namePush the repo so far to
gitserver.example.comand make your ‘origin’ remote the default ‘upstream’ for the ‘main’ branchetckeeper vcs push --set-upstream origin main # If your primary branch is not 'main' use yours (e.g. 'master' is still common)Unless you have an ssh-agent active and have previously connected to this server on this host, you will be prompted for the password for the SSH private key associated with the public key on
gitserver.example.com. If you enter it correctly, you should see the usual git push messages on the console.
Finalize common configuration
If you added a private (self-signed) CA certificate, above
Commit your certificate:
etckeeper commit "Add self-signed CA for gitserver.example.com"
In all cases
Enable push on commit by editing
/etc/etckeeper/etckeeper.confto contain:PUSH_REMOTE="origin"Test by committing this change by executing:
etckeeper commit "Enable push to gitserver (origin) on commit"You should be prompted for the necessary credentials, and if entered correctly you should see the usual git push messages on the console.
Finally, commit to LBU
Execute:
lbu commit