Hello,
I have some crufty old servers that have quite a few modified configuration
files. I'm looking into moving these customizations into a configuration
management solution (probably Ansible).
Is there a way to compare files in /etc against the default versions that ships
with Alpine?
I know there is update-conf and the *.apk-new files, however, this qusetion is
more along the lines of auditing all installed packages' configuration files,
as opposed to migrating configuration files on upgrade.
Best,
--
Winston Weinert
winston@ml1.nethttps://winny.tech/
Dear Winston,
it might be a bit boring, but I would suggest the following approach:
(1) fetch a list of installed packages from your old system
(2) install a fresh (second) Alpine system with the version you have now (e. g. 3.14)
(3) install exactly the apps you have installed right now on the new system
(4) use just any tool that can compare the contents of two directories to find the differences
Cheers, Daniel
On Sat, 8 Jan 2022 16:51:20 -0600
Winston Weinert <winston@ml1.net> wrote:
> Hello,> > I have some crufty old servers that have quite a few modified configuration> files. I'm looking into moving these customizations into a configuration> management solution (probably Ansible).> > Is there a way to compare files in /etc against the default versions that ships> with Alpine?> > I know there is update-conf and the *.apk-new files, however, this qusetion is> more along the lines of auditing all installed packages' configuration files,> as opposed to migrating configuration files on upgrade.> > Best,> -- > Winston Weinert> winston@ml1.net> https://winny.tech/
Using apk audit will handle this,
Jeff
On Sat, Jan 8, 2022, 5:51 PM Winston Weinert <winston@ml1.net> wrote:
> Hello,>> I have some crufty old servers that have quite a few modified configuration> files. I'm looking into moving these customizations into a configuration> management solution (probably Ansible).>> Is there a way to compare files in /etc against the default versions that> ships> with Alpine?>> I know there is update-conf and the *.apk-new files, however, this> qusetion is> more along the lines of auditing all installed packages' configuration> files,> as opposed to migrating configuration files on upgrade.>> Best,> --> Winston Weinert> winston@ml1.net> https://winny.tech/>
> Using apk audit will handle this,
Bingo! It appears older version of apk does list an audit subcommand in the
'apk --help' usage, so I hadn't heard of 'apk audit' before :). Never-the-less
this 'apk audit' subcommand does work on these old crufty servers.
Based on the discussion in this thread, I came up with a solution:
1) Ensure all .apk files for your installed packages are available locally.
a) run 'setup-apkcache'
b) run 'apk cache download'
c) If some packages are missing, I guess one could compare against a .apk
that has a different version number.
2) Loop over the output of 'apk audit'
a) Determine what package owns the file: 'apk -v info -W FILE'
b) Try to find a .apk that looks like it is for the given package:
'find /path/to/apkcache -type f -name "PKG.*.apk"'
c) Run diff against the file from the 'apk audit' output and the file
extracted from the .apk ('tar -xzOf the-pkg.apk FILE' seems to work)
There might be some oversights in the above steps, I'm interested to hear about
them.
Thanks,
--
Winston Weinert
winston@ml1.nethttps://winny.tech/