gsmaclean.com
JJ MacLean

Git for config backups

linux, tools

In addition to full VM backups, having config file backups can help with system migrations and change rollback if something goes awry. This is especially useful for a system with live timeseries databases that you wouldn’t want to roll back and lose data (e.g. Graylog, LibreNMS).

Prerequisites

Create SSH keys to be used between your git instance (in my case on-prem GitLab)

ssh-keygen -t rsa -b 4096 -C "gitlab"

The SSH connection uses the id_rsa private key on the local machine, and the id_rsa.pub public key is added to the git server.

ssh -Tv git@githost # tests connection with -v as debug

You may get a permissions error for the id_rsa that permissions are too broad – in that case chmod

chmod 400 .ssh/id_rsa

You also need to setup author data (or it will try to use the system settings).

git config --global user.name "My Name"
git config --global user.email "email@addr.com"

Linux /etc/ using etckeeper

etckeeper (https://etckeeper.branchable.com/) 

sudo apt install etckeeper
vim /etc/etckeeper/etckeeper.conf  # add in PUSH_REMOTE="origin"

The PUSH_REMOTE parameter automates a push when apt installs or updates packages. You still need to configure the general git settings in /etc/ to successfully push to GitLab. Note that etckeeper uses the old ‘master’ branch name, rather than the newer ‘main’ branch name.

git remote add origin git@githost:group/reponame.git
git push -u origin master # pushes initial commit and creates repo

Make sure the id_rsa private key is accessible to the user this is running as.

Linux general files using Git

This can be used for text config files, but it can also be used for small binary backup files – though you lose any benefit of diffs and you may have to deal with a large amount of space being used. Your mileage may vary.

cd existing_folder
git init --initial-branch=main # use a different branch if using etckeeper
git remote add origin git@githost:group/reponame.git
git add .
git commit -m "Initial commit"
git push -u origin main

For branch naming I’m using a path or function, e.g. varlibgrafana for /var/lib/grafana/ or mongodump for graylog’s mongodb dump files.

Next up is integrating LibreNMS and Oxidized into GitLab, but some Ruby gem complexity means that will have to be a later post!