Hi list,
For deploying a number of servers at a client's, we've started using
package-based configuration. The idea is not new and not complicated:
put the local configuration files in Debian packages to deploy them.
This answers to the following needs:
* simplicity;
* ability to deploy only some of the configuration or to generate
the configuration depending on the server;
* differentiating modifications made by the local administrator
from those coming from the deployment tool (as dpkg asks in this
case).
Other options that come to mind are cfengine, but it is too complex for
small or medium-sized installations, or a RCS, but it isn't flexible
enough.
However not all Debian packages allow such things easily. Packages that
split their configuration files, like apache or exim4, allow to ship
extra configuration files. Some others allow multiple layers of
defaults; for example, one of the reasons for the GConf changes was to
allow such packages to be deployed. For other packages, the
configuration shipped by Debian has to be replaced.
Several options were considered:
1. Customize the configuration files in every Debian package we
want to have configured. This works as expected, but it means a
lot of work whenever the packages are updated, e.g. for security
updates.
2. Ship the packages as provided by Debian, and replace the
configuration files by maintainer scripts in specific packages.
This is ugly, and leads to dpkg asking whether files should be
overwritten when it shouldn't.
3. Strip the packages from their configuration files, and ship the
configuration files in specific packages. As the stripping
operation can be automated, this is acceptable in production.
Option 3 is currently winning, but we'd like to improve things in the
future.
First question to the developers, what are you using for deploying
configuration on your servers?
For something more interesting to debian-devel contributors, what could
be done to improve the situation?
* The first thing that comes to mind is the ability to divert
conffiles. This could help a lot to build things around existing
packages. Do you think this is realistic? Can this be done with
the current conffile architecture in dpkg?
* Otherwise, there could be an interface to dpkg for handling
special cases, putting conffiles in a different internal state
with a specific command.
* ... any other ideas are welcome.
--
.''`. Josselin Mouette /\./\
: :' : josselin.mouette@ens-lyon.org
`. `' joss@debian.org
`- Debian GNU/Linux -- The power of freedom
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=