0

I'm using ansible to provision a server. One of the roles installs etckeeper, which automatically creates the git repo and makes the first commit.

If many tasks run after that (which install via apt or perform configuration changes), then the repo is a mess of commits - before I even start using the server.

I want one commit at the end of the ansible playbook, triggered via notify: etckeeper commit.

Is that possible?

lonix
  • 896
  • 10
  • 23
  • Where are the commits coming from? – Michael Hampton Sep 20 '19 at 21:52
  • @MichaelHampton From etckeeper. During the playbook's tasks I install lots of stuff (via apt) and every time etckeeper makes a commit. – lonix Sep 21 '19 at 06:05
  • You mean from apt? OK, now I get it. apt is running etckeeper. – Michael Hampton Sep 21 '19 at 07:28
  • @MichaelHampton Yeah from what I understand, apt has some pre- and post- install / uninstall triggers, and etckeeper uses them to know when something was changed, and then automatically commits the whole of `/etc`. But during provisioning, that results in dozens of useless commits, so I'm hoping there's a way to only commit once at the very end of the ansible playbook. – lonix Sep 21 '19 at 08:27

1 Answers1

1

From the manual:

Here's how to disable the automatic commits after each apt run, while still letting it git add new files:

rm /etc/etckeeper/commit.d/50vcs-commit

Once the auto commit feature is disabled you can trigger the script via Ansible at the end of the play.

Henrik Pingel
  • 9,380
  • 2
  • 28
  • 39
  • But then it won't perform commits again. The idea is to disable it only for a while, not forever. – lonix Oct 01 '19 at 13:44
  • Well, you could run a command like `mv /etc/etckeeper/commit.d/50vcs-commit /etc/etckeeper/commit.d/.50vcs-commit` at the beginning of the playbook and a similar at the end. In any way I don't see the point using etckeeper and Ansible. – Henrik Pingel Oct 02 '19 at 12:11
  • That's a decent workaround. – lonix Oct 02 '19 at 13:45
  • Why not use ansible and etckeeper? You provision a server with everything required, including etckeeper. – lonix Oct 02 '19 at 13:45
  • Because the content of `/etc` is already managed by Ansible. Ansible playbooks should be under version control. So there are two systems keeping track of the config. The info in etckeeper is out of context as etckeeper cannot know why Ansible changed something in etc. But that is just my opinion. – Henrik Pingel Oct 04 '19 at 07:17
  • Ideally yes. But in real world scnearios, where something has to be done right away, and there's no time to upgrade the ansible infrastructure... then you just do it, and rely on etckeeper. Clean up the mess afterwards. – lonix Oct 04 '19 at 08:31