drift

Classify /etc into the files that actually encode this workload versus vendor-shipped defaults and host-specific noise. Runs entirely locally, calls no API, and needs no account — so it works even without credentials.

vrtmv drift --image centos7.vmdk
vrtmv drift --root /mnt/vm --json
vrtmv drift --ssh user@host --sudo --preserve-ssh
FlagPurpose
--root / --image / --sshThe source (see Sources).
--ssh-port, --ssh-key, --jump, --sudoSSH collection options.
--preserve-sshCarry host SSH keys (public and private) instead of holding them back as a caveat. Off by default.
--jsonEmit the full classification as JSON instead of a text summary.

The four lanes

LaneMeaning
carryWorkload configuration to reproduce on the target.
caveatHost identity, accounts, and SSH keys — acknowledged, not blindly carried.
defaultVendor-shipped and unmodified — nothing to do.
skippedSecrets, generated files, and noise — deliberately not read or carried.

Modification is decided by checksum against the package's own recorded baseline (dpkg .md5sums and conffiles; the rpm backend reconstructs file ownership). Symlinks are never followed, /etc/shadow and secrets are skipped unread, and reads are size-bounded.

Service accounts

drift also derives the service accounts a workload depends on — from file ownership and from systemd User=/Group= directives — and harvests unit enablement, masks, and operator-authored units. Where an owner cannot be resolved, that gap is reported rather than guessed.