On Mon, Mar 02, 2026 at 09:19:50AM -0500, James Antill via infrastructure wrote: > > Pretty interesting... how can you keep the files list in sync though? > > Yeh, for the first pass it was kind of easy as I could just dump > everything that looked sane into a file. > But aging out older files is going to be annoying. > > A few files could be moved to rpm ghost files, which pushes the burden > onto someone else (but helps much more people when rpm -qf works). > > I did wonder about using more jnni2 magic to list one file for some of > the "sets" like httpd certs. > > > I wonder if a two pass thing might be possible? > > run the normal playbook for a host and record all the files it > > copies/templates/etc and then a second run of check-etc that > > takes that list and checks for any not in that list? > > Yeh, I'd wondered about that (or if you could already work it out from > the logs). > > I'd also wondered a couple of times about how useful it'd be if we > could have ansible create a container image, instead of a VM ... which > would be a better version of this, and likely be useful in other ways.
This might tie in with CI ideas... ie, if we have a pr and run a ci that creates a new container/vm and deploys to it, we can look at that to see everything that _should_ be in /etc. In the past I think we just avoided this drift problem by redeploying. Ie, if you think there's cruft there, just redeploy the server from scratch and it should be 'clean'. But knowning when to do that is a trick I guess. kevin -- _______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
