Should we maintain different versions of configuration files depending on the services we intend to run per server ?

asked 2014-10-13 06:00:53 -0500

James Pic aka is_null gravatar image

Consider nova services running on 3 servers:

  • compute server: nova-compute service
  • controller server: nova-api, nova-cert ...
  • horizon server: nova-novncproxy

On each server, there is a /etc/nova/nova.conf. The question is:

  • should we maintain different versions of /etc/nova/nova.conf for each server with only the necessary configuration sections/keys or
  • should we maintain a single version of /etc/nova/nova.conf for every server and just change the server specific config (ie. my_ip)

What are the pros and cons of each approach ?

Note: as a developer myself, I'd rather only maintain one template for nova.conf, rather than having a bunch of different templates containing 90% of the same information.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2014-10-13 06:39:38 -0500

SamYaple gravatar image

updated 2014-10-14 01:57:21 -0500

As we talked about in IRC, my approach to this is far more hands off. These will be statements of fact, but they are simply my opinion.

  • You should not be changing your conf files by hand. Using an automated deploy tool will simplify your life.
  • Should you have to adjust your conf by hand, make as few changes as possible and keep them specific to that node.
  • If you adjust one conf, adjust them all. A deployment tool is ideal here, a dsh group with a sed command is acceptable.

There are no pros to adjusting each file. A potential slight isolation of data should a host get comprimised. However, the compromised conf will still have the database credentials and everything you want to know exists there anyway.

The cons are having to maintain multiple copies of your nova.conf in multiple locations. This is not reasonable. This violates DRY. A change to a common attribute has to be made in several locations. This greatly increases the chance for error.

That being said, if you are using a configuration tool to maintain the multiple copies and push them out accordingly, then you should be alright. It's just needlessly complicated.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-10-13 05:53:48 -0500

Seen: 186 times

Last updated: Oct 14 '14