Bug 966325 - sql_connection appears in /etc/nova/nova.conf on compute node.
Summary: sql_connection appears in /etc/nova/nova.conf on compute node.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack
Version: 3.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: snapshot2
: 3.0
Assignee: Martin Magr
QA Contact: Brandon Perkins
URL: https://tcms.engineering.redhat.com/c...
Whiteboard:
Depends On: 972365
Blocks: 894819
TreeView+ depends on / blocked
 
Reported: 2013-05-23 04:30 UTC by Brandon Perkins
Modified: 2019-09-09 16:13 UTC (History)
8 users (show)

Fixed In Version: openstack-packstack-2013.1.1-0.15.dev625
Doc Type: Bug Fix
Doc Text:
The sql_connection configuration key in /etc/nova/nova.conf on compute nodes was previously being populated with the full MySQL connection details. This is no longer required as compute nodes now access the database via the nova-conductor service. PackStack has been updated to only set the sql_connection string on nodes that require it.
Clone Of:
Environment:
Last Closed: 2013-06-11 18:51:31 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 31698 0 None None None Never
OpenStack gerrit 32374 0 None None None Never
Red Hat Product Errata RHBA-2013:0938 0 normal SHIPPED_LIVE openstack-packstack bug fix advisory 2013-06-11 22:48:19 UTC

Description Brandon Perkins 2013-05-23 04:30:33 UTC
Description of problem:
sql_connection appears in /etc/nova/nova.conf on compute node.

Version-Release number of selected component (if applicable):
openstack-nova-common-2013.1.1-2.el6ost.noarch


How reproducible:
Always.

Steps to Reproduce:
1. Install a remote (to cloud controller) nova compute node via packstack.
2. # grep ^sql_connection /etc/nova/nova.conf


Actual results:
Shows full connection parameters:
sql_connection=mysql://nova:[PASSWORD]@[MySQL IP]/nova


Expected results:
Password should NOT appear on a compute node.

Additional info:
This violates the purpose of Grizzly feature: Remove database access from Nova Compute Nodes (no-db-compute)

Comment 3 Martin Magr 2013-06-03 15:16:42 UTC
Is it the only thing which should be changed on computed nodes or is there something else required to change from Folsom "with-DB" behaviour?

Comment 6 Russell Bryant 2013-06-04 18:02:28 UTC
Yes, that's all there is to it.  The only thing you *have* to do is have the nova-conductor service running.

Comment 11 Martin Magr 2013-06-10 10:11:09 UTC
The implementation was reverted due to bug #972365.

Comment 12 Perry Myers 2013-06-10 12:53:52 UTC
Just talked to mmagr on irc about this.

"in nova puppet module catalog application fails when there's not DB password in sql_connection ... so currently all-in-one installation works, but controller+1compute_node installation fails"

Given that this is a regression that prevents a multi-node setup from succeeding in Packstack, I think this should block snap2 actually.

Comment 15 Scott Lewis 2013-06-10 19:26:07 UTC
back in snap2

Comment 18 errata-xmlrpc 2013-06-11 18:51:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0938.html


Note You need to log in before you can comment on or make changes to this bug.