diff --git a/templates/nova.conf b/templates/nova.conf
index 95a504c7c..46bbd621c 100644
--- a/templates/nova.conf
+++ b/templates/nova.conf
@@ -3,52 +3,52 @@
 # overall then serializing live migrations so set this to 1 explictly
 max_concurrent_live_migrations=1
 state_path = /var/lib/nova
-{{if eq .service_name "nova-api"}}
+{{ if eq .service_name "nova-api" -}}
 allow_resize_to_same_host = true
-{{end}}
+{{- end }}
 # enable log rotation in oslo config by default
 max_logfile_count=1
 max_logfile_size_mb=20
 log_rotation_type=size
-{{if (index . "log_file") }}
+{{- if (index . "log_file") -}}
 log_file = {{ .log_file }}
-{{end}}
+{{- end }}
 debug=true
-{{if eq .service_name "nova-compute"}}
+{{- if eq .service_name "nova-compute" -}}
 compute_driver = {{ .compute_driver }}
-{{if eq .compute_driver "ironic.IronicDriver"}}
+{{ if eq .compute_driver "ironic.IronicDriver" -}}
 reserved_host_memory_mb = 0
-{{end}}
-{{ if (index . "enable_ceilometer") }}
+{{- end }}
+{{- if (index . "enable_ceilometer") -}}
 instance_usage_audit = true
 instance_usage_audit_period = hour
-{{end}}
+{{- end }}
 # ensure safe defaults for new hosts
 initial_cpu_allocation_ratio=4.0
 initial_ram_allocation_ratio=1.0
 initial_disk_allocation_ratio=0.9
 {{/*using a config drive will void issues with ovn and metadata*/}}
 force_config_drive=True
-{{end}}
-{{ if (index . "transport_url") }}
+{{- end }}
+{{ if (index . "transport_url") -}}
 transport_url={{.transport_url}}
-{{end}}
-{{if eq .service_name "nova-api"}}
+{{- end }}
+{{- if eq .service_name "nova-api" -}}
 # scaling should be done by running more pods
 osapi_compute_workers=1
 enabled_apis=osapi_compute
-{{else if eq .service_name "nova-metadata"}}
+{{- else if eq .service_name "nova-metadata" -}}
 # scaling should be done by running more pods
 metadata_workers=1
 enabled_apis=metadata
-{{end}}
-{{if eq .service_name "nova-novncproxy"}}
-{{ if (index . "SSLCertificateFile") }}
+{{- end }}
+{{- if eq .service_name "nova-novncproxy" -}}
+{{- if (index . "SSLCertificateFile") -}}
 ssl_only=true
 cert={{.SSLCertificateFile}}
 key={{.SSLCertificateKeyFile}}
-{{end}}
-{{end}}
+{{- end -}}
+{{- end }}
 
 [oslo_concurrency]
 lock_path = /var/lib/nova/tmp
@@ -59,29 +59,29 @@ amqp_auto_delete=false
 # we should consider using quorum queues instead
 # rabbit_quorum_queue=true
 {{/*we might just want to make this always false*/}}
-{{ if eq .service_name "nova-api"}}
+{{ if eq .service_name "nova-api" -}}
 # We cannot set this to true while is
 # https://review.opendev.org/c/openstack/oslo.log/+/852443 is not used in the
 # nova-api image otherwise logging from the heartbeat thread will cause hangs.
 heartbeat_in_pthread=false
-{{else}}
+{{- else -}}
 heartbeat_in_pthread=false
-{{end}}
+{{- end }}
 
-{{ if eq .service_name "nova-api"}}
+{{- if eq .service_name "nova-api" -}}
 [oslo_policy]
 enforce_new_defaults=true
 enforce_scope=true
 policy_file=/etc/nova/policy.yaml
-{{end}}
+{{- end -}}
 
-{{ if eq .service_name "nova-conductor"}}
+{{- if eq .service_name "nova-conductor" -}}
 [conductor]
 # scaling should be done by running more pods
 workers=1
-{{end}}
+{{- end -}}
 
-{{ if eq .service_name "nova-scheduler"}}
+{{ if eq .service_name "nova-scheduler" -}}
 [filter_scheduler]
 available_filters = nova.scheduler.filters.all_filters
 enabled_filters = AggregateInstanceExtraSpecsFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter,PciPassthroughFilter,NUMATopologyFilter
@@ -100,56 +100,59 @@ query_placement_for_availability_zone=true
 query_placement_for_image_type_support=true
 enable_isolated_aggregate_filtering=true
 image_metadata_prefilter=true
+{{- end }}
 
-{{end}}
-
-{{if eq .service_name "nova-novncproxy"}}
+{{- if eq .service_name "nova-novncproxy" -}}
 [console]
 ssl_minimum_version=tlsv1_3
-{{end}}
+{{- end }}
 
 [api]
 # for compatibility with older release we override the default
 # to be the empty string. This ensures no domain suffix is added
 # to the instance name.
 dhcp_domain = ''
-{{if eq .service_name "nova-api" "nova-metadata"}}
+{{ if eq .service_name "nova-api" "nova-metadata" -}}
 auth_strategy = keystone
-{{ if eq .service_name "nova-metadata"}}
+{{- if eq .service_name "nova-metadata" -}}
 local_metadata_per_cell = {{ .local_metadata_per_cell }}
-{{end}}
+{{- end }}
+
 [oslo_middleware]
 enable_proxy_headers_parsing = True
+
 [wsgi]
 api_paste_config = /etc/nova/api-paste.ini
-{{end}}
+{{- end }}
+
 
 [oslo_messaging_notifications]
-{{ if (index . "nova_enabled_notification") }}
+{{ if (index . "nova_enabled_notification") -}}
 transport_url =  {{ .nova_cell_notify_transport_url }}
 driver = messagingv2
 notification_format=versioned
-{{ else }}
+{{- else -}}
 driver = noop
-{{end}}
+{{- end }}
 
-{{if (index . "enable_ceilometer") }}
+{{ if (index . "enable_ceilometer") -}}
 [notifications]
 notify_on_state_change = vm_and_task_state
-{{ end }}
+{{- end }}
+
 
-{{ if eq .service_name "nova-novncproxy"}}
+{{ if eq .service_name "nova-novncproxy" -}}
 [vnc]
 enabled = True
 novncproxy_host = "::0"
 novncproxy_port = 6080
-{{if (index . "VencryptClientKey") }}
+{{- if (index . "VencryptClientKey") -}}
 auth_schemes=vencrypt,none
 vencrypt_client_key=/etc/pki/tls/private/vencrypt.key
 vencrypt_client_cert=/etc/pki/tls/certs/vencrypt.crt
 vencrypt_ca_certs=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
-{{end}}
-{{ else if and (eq .service_name "nova-compute") .vnc_enabled }}
+{{- end -}}
+{{- else if and (eq .service_name "nova-compute") .vnc_enabled -}}
 [vnc]
 enabled = True
 novncproxy_base_url = {{ .novncproxy_base_url }}
@@ -159,45 +162,45 @@ server_listen = "::0"
 # dns currently so we need to use my_ip for now.
 # https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.console_host
 server_proxyclient_address = "$my_ip"
-{{else if and (eq .service_name "nova-compute") (not .vnc_enabled) }}
+{{ else if and (eq .service_name "nova-compute") (not .vnc_enabled) -}}
 [vnc]
 enabled = False
-{{end}}
+{{- end }}
+
 
 [cache]
 # always enable caching
 enabled = True
-{{if (index . "MemcachedServers")}}
+{{ if (index . "MemcachedServers") -}}
 # on contoler we prefer to use memcache when its deployed
-{{if .MemcachedTLS}}
+{{ if .MemcachedTLS -}}
 backend = dogpile.cache.pymemcache
-{{else}}
+{{- else -}}
 backend = dogpile.cache.memcached
-{{end}}
+{{- end -}}
 memcache_servers={{ .MemcachedServers }}
 tls_enabled={{ .MemcachedTLS }}
-{{else}}
+{{- else -}}
 # on compute nodes or where memcache is not deployed we should use an in memory
 # dict cache
 backend = oslo_cache.dict
-{{end}}
+{{- end }}
 
-{{ if eq .service_name "nova-scheduler"}}
+{{ if eq .service_name "nova-scheduler" -}}
 [workarounds]
 disable_fallback_pcpu_query=true
-{{end}}
-{{ if eq .service_name "nova-compute"}}
+{{- end }}
+{{ if eq .service_name "nova-compute" -}}
 [workarounds]
 enable_qemu_monitor_announce_self=true
 reserve_disk_resource_for_image_cache=true
 # NOTE(gibi): We need this as live migration does not work with
 # cpu_mode=host-model . See https://bugs.launchpad.net/nova/+bug/2039803
 skip_cpu_compare_on_dest = true
-{{end}}
-
+{{- end }}
 
-{{ if eq .service_name "nova-compute" }}
-{{ if eq .compute_driver "libvirt.LibvirtDriver" }}
+{{ if eq .service_name "nova-compute" -}}
+{{- if eq .compute_driver "libvirt.LibvirtDriver" -}}
 [libvirt]
 live_migration_permit_post_copy=true
 live_migration_permit_auto_converge=true
@@ -216,27 +219,26 @@ live_migration_uri = qemu+ssh://nova@%s/system?keyfile=/var/lib/nova/.ssh/ssh-pr
 # https://issues.redhat.com/browse/OSPRH-8806
 # https://issues.redhat.com/browse/OSPRH-8712
 cpu_power_management=false
-{{end}}
-{{end}}
+{{- end -}}
+{{- end}}
 
-{{if (index . "cell_db_address")}}
+{{ if (index . "cell_db_address") -}}
 [database]
 connection = mysql+pymysql://{{ .cell_db_user }}:{{ .cell_db_password}}@{{ .cell_db_address }}/{{ .cell_db_name }}?read_default_file=/etc/my.cnf
-{{end}}
+{{- end }}
 
-
-{{if (index . "api_db_address")}}
+{{- if (index . "api_db_address") -}}
 [api_database]
 connection = mysql+pymysql://{{ .api_db_user }}:{{ .api_db_password }}@{{ .api_db_address }}/{{ .api_db_name }}?read_default_file=/etc/my.cnf
-{{end}}
+{{- end }}
 
 [keystone_authtoken]
-{{ if eq .service_name "nova-api"}}
+{{ if eq .service_name "nova-api" -}}
 www_authenticate_uri = {{ .www_authenticate_uri}}
-{{end}}
-{{if (index . "MemcachedServersWithInet")}}
+{{- end -}}
+{{- if (index . "MemcachedServersWithInet") -}}
 memcached_servers={{ .MemcachedServersWithInet }}
-{{end}}
+{{- end }}
 auth_url =  {{ .keystone_internal_url }}
 auth_type = password
 project_domain_name = {{ .default_project_domain }}
@@ -271,7 +273,9 @@ username = {{ .nova_keystone_user }}
 password = {{ .nova_keystone_password }}
 region_name = {{ .openstack_region_name }}
 valid_interfaces = internal
-{{if (index . "debug") }}debug=true{{end}}
+{{ if (index . "debug") -}}
+debug=true
+{{- end }}
 
 [neutron]
 auth_url = {{ .keystone_internal_url }}
@@ -283,9 +287,9 @@ username = {{ .nova_keystone_user }}
 password = {{ .nova_keystone_password }}
 region_name = {{ .openstack_region_name }}
 valid_interfaces = internal
-{{if eq .service_name "nova-metadata"}}
+{{ if eq .service_name "nova-metadata" -}}
 metadata_proxy_shared_secret = {{ .metadata_secret }}
-{{end}}
+{{- end -}}
 service_metadata_proxy = true
 
 [cinder]
@@ -320,8 +324,8 @@ project_name = service
 username = {{ .nova_keystone_user }}
 password = {{ .nova_keystone_password }}
 
-{{ if (index . "compute_driver") }}
-{{if eq .compute_driver "ironic.IronicDriver"}}
+{{- if (index . "compute_driver") -}}
+{{- if eq .compute_driver "ironic.IronicDriver" -}}
 [ironic]
 auth_type = password
 auth_url = {{ .keystone_internal_url }}
@@ -330,8 +334,8 @@ username = {{ .nova_keystone_user }}
 password = {{ .nova_keystone_password }}
 project_domain_name = {{ .default_project_domain }}
 user_domain_name = {{ .default_user_domain}}
-{{ end }}
-{{ end }}
+{{- end -}}
+{{- end }}
 
 [upgrade_levels]
 compute = auto