Conffiles and configuration management systems

Scott Kitterman ubuntu at kitterman.com
Thu May 6 13:07:27 BST 2010 


"Mathias Gug" <mathiaz at ubuntu.com> wrote:

>Hi,
>
>On Wed, May 05, 2010 at 02:47:39PM +0200, Loïc Minier wrote:
>> On Tue, May 04, 2010, Soren Hansen wrote:
>> > Add a capability to dpkg to let tools like puppet take over this conffile
>> > merging process. Or, the poor man's alternative: add a capability to
>> > dpkg to ignore specific conffiles.
>> 
>>  This sounds great!  When I read your proposal, I came up with another
>>  use case for delegating the conffile merging stuff: multiple instances
>>  of the same service.  I think it would be a step in the right direction
>>  to make dpkg more flexible with respect to conffile handling.  That
>>  said, things like ucf got a quite a lot of critics, not sure whether it
>>  was because of its actual implementation or because it was just because
>>  "it should be done in dpkg".
>> 
>
>Given that most conffiles are text files and that the problem we're looking at
>is merging changes between different versions from different sources, all of
>this starts to smell like a good use case for a VCS (see etckeeper): 
>
> * dpkg commits to a branch
> * puppet commits to the same (or another) branch
> * the admin is able to access a history of the configuration file as well
>   as checking if a file has changed (and what has changed).
>
I think it's probably better to take a step back and consider policy and design before implementation. 

The conffile policy seems to me to be a pretty fundamental concept in Debian that we should not lightly diverge on. 

The alternative to going our own way on policy would be to improve the way that packages expose their configuration to external adjustment. I recall nxvl doing work around this with Augeaus a few cycles ago. If we could build on that (or something similar) to provide a policy compliant, broadly available interface mechanism to systems like puppet, I think it would be much more powerful and maintainable in the long run.

Broad reaching server goals should probably be aimed at phased deployment through the meta-cycle that culminates in 12.04.  

Scott K

More information about the ubuntu-devel mailing list