Foreman-installer: An easier way to compare changes that have happened on the the Foreman host?

We use foreman-installer and are at Foreman version 1.23.2. But inevitably, someone here will make manual changes to a file managed by foreman-installer.

To detect these changes, I usually run a command like foreman-installer --noop --dont-save-answers --verbose. This does print which files have changed since the last run, because it shows diffs:

[ WARN 2020-08-17T18:54:26 verbose]  /Stage[main]/Foreman::Puppetmaster/File[/etc/puppetlabs/puppet/foreman.yaml]/content:
[ WARN 2020-08-17T18:54:26 verbose] --- /etc/puppetlabs/puppet/foreman.yaml     2020-02-07 10:52:04.777710541 -0800
[ WARN 2020-08-17T18:54:26 verbose] +++ /tmp/puppet-file20200817-28724-9ab092   2020-08-17 18:54:26.451256118 -0700
[ WARN 2020-08-17T18:54:26 verbose] @@ -1,6 +1,6 @@
[ WARN 2020-08-17T18:54:26 verbose]  ---
[ WARN 2020-08-17T18:54:26 verbose]  :url: "https://foreman.example.org"
[ WARN 2020-08-17T18:54:26 verbose] -#:ssl_ca: "/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem"
[ WARN 2020-08-17T18:54:26 verbose] +:ssl_ca: "/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem"

However, this log can be quite long and hard to parse.

Is there an easier way for me to see which files on the host have been changed?

That’s a good question that I never thought about. For this we rely on Puppet and I don’t know if you can actually tune the output. I suppose a report would actually be pretty easy to parse since it’s YAML, but AFAIK we don’t store those so they’re not very useful.

That actually gives me an idea of another problem: figuring out what failed during a run. Rather than parsing the output, we can simply configure it to store a report and use that.

It’s documented here:

Then you can simply print all events with status noop.

Slightly less important, but I think --noop implies --dont-save-answers.