drift
Classify /etc into the files that actually encode this workload versus vendor-shipped defaults and host-specific noise. Runs entirely locally, calls no API, and needs no account — so it works even without credentials.
vrtmv drift --image centos7.vmdk
vrtmv drift --root /mnt/vm --json
vrtmv drift --ssh user@host --sudo --preserve-ssh
| Flag | Purpose |
|---|---|
--root / --image / --ssh | The source (see Sources). |
--ssh-port, --ssh-key, --jump, --sudo | SSH collection options. |
--preserve-ssh | Carry host SSH keys (public and private) instead of holding them back as a caveat. Off by default. |
--json | Emit the full classification as JSON instead of a text summary. |
The four lanes
| Lane | Meaning |
|---|---|
| carry | Workload configuration to reproduce on the target. |
| caveat | Host identity, accounts, and SSH keys — acknowledged, not blindly carried. |
| default | Vendor-shipped and unmodified — nothing to do. |
| skipped | Secrets, generated files, and noise — deliberately not read or carried. |
Modification is decided by checksum against the package's own recorded baseline (dpkg .md5sums and conffiles; the rpm backend reconstructs file ownership). Symlinks are never followed, /etc/shadow and secrets are skipped unread, and reads are size-bounded.
Service accounts
drift also derives the service accounts a workload depends on — from file ownership and from systemd User=/Group= directives — and harvests unit enablement, masks, and operator-authored units. Where an owner cannot be resolved, that gap is reported rather than guessed.