Typically this sort of issue is handled in a configuration management system like Puppet.
# This is the lowest level class and the most generic...
class yourapp (
$keystore_path = $yourapp::params::keystore_path,
$config_file_path = $yourapp::params::config_file_path,
$config_file_owner = $yourapp::params::config_file_owner,
$config_file_group = $yourapp::params::config_file_group,
$config_file_mode = $yourapp::params::config_file_mode,
# and so on ...
) {
# Lots of things you need to do, but the key one I want to demonstrate is creating your
# configuration file; this isn't necessarily the best way to do it, but it's enough for an
# example...
file { 'my_app_server_config' :
path => "$config_file_path",
owner => "$config_file_owner",
group => "$config_file_group",
mode => $config_file_mode,
ensure => present,
content => template('yourapp/yourapp.yaml.erb'),
}
}
# This is the class where you do your lookups into Heira or whatever your external CM system is...
class profiles::yourapp {
$runtime_data_path = heira('profiles::yourapp::runtime_data_path')
$keystore_path = "$runtime_data_path/keystore.jks"
$etc_path = heira('profiles::yourapp::etc_path')
$config_file_path = "$etc_path/yourapp.yaml"
# configure your application
class { '::yourapp' :
keystore_path => "$keystore_path",
config_file_path => "$config_file_path",
}
# Whatever other component modules you need to configure/setup your application
}
# This is the class that defines all the profiles on a given host/VM - business specific wrapper class
class roles::something::something_else {
include profiles::yourapp
include profiles::someotherbusinessapp
# roles are really, really business specific. Just keep in mind that they are intended to include only profiles, and profiles are
# really just collections of specific technology configurations.
}
# and finally, here's a snippet of the ERB file mentioned above, which will end up on
# the host at the path $config_file_path (probably /etc/yourapp/yourapp.yaml).
keyStorePath: <%= @keystore_path %>
All of the above is in a version control system, probably Git these days but whatever works for you.
Do not, please, please, please, do not just have your admins randomly edit files on your live hosts. Use Puppet, Chef, Salt, Ansible, take your freaking pick, to manage the configurations on these hosts and use a VCS to track the changes that are made. It's not as hard as it sounds and you actually have a chance at knowing who made what changes, when, and why, and how to undo them when sh*t hits the fan.
Glenn