[openstack-dev] [congress] Using congress to improve the consistency of configuration files.

valentin.matton at orange.com valentin.matton at orange.com
Tue Jul 4 13:29:25 UTC 2017

We would like to use congress to check the consistency of the 
configuration files used by the various Openstack services on different 

Although installers do a great job for ensuring that the initial 
definition of those files are correct, it may be necessary to tweak 
those files on running instances
or to use templates that are out of the bounds of the pre-configured 
use-cases. Then the administrator must modify the configuration without 
any safety net.

Congress is such a safety net but it ensures policies on live resources 
deployed in the cloud, not on how the cloud is configured but we think 
that it could be extended
to perform such verification with the adequate datasource.
So we propose a new datasource that will query each node to fetch its 
configuration files as long as they follow oslo.config requirements and 
As a first step we propose to use agents deployed on the different nodes 
explicitly configured with the list of configuration files that push 
those files to the central
congress service. Later on, oslo.config could be modified to provide a 
hook used to push config files directly from running services.

The new datasource displays not only the option values, the file, host 
where they are defined but also the associated metadata so that generic 
rules can be defined.
It is then possible to define rules:
- that constrain the value of options between different nodes
- that constrain the values between different services or different 
service plugins.
- it is even possible to use the knowledge of those configuration 
options to check policies on live resources (for example when there is a 
limitation or a bug in a given

We have a working prototype and the corresponding specification along 
those principles that we would like to share. An initial blueprint has 
been submitted here:
Please feel free to react

V. Matton


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

More information about the OpenStack-dev mailing list