Description of problem: sql_connection appears in /etc/nova/nova.conf on compute node. Version-Release number of selected component (if applicable): openstack-nova-common-2013.1.1-2.el6ost.noarch How reproducible: Always. Steps to Reproduce: 1. Install a remote (to cloud controller) nova compute node via packstack. 2. # grep ^sql_connection /etc/nova/nova.conf Actual results: Shows full connection parameters: sql_connection=mysql://nova:[PASSWORD]@[MySQL IP]/nova Expected results: Password should NOT appear on a compute node. Additional info: This violates the purpose of Grizzly feature: Remove database access from Nova Compute Nodes (no-db-compute)
Is it the only thing which should be changed on computed nodes or is there something else required to change from Folsom "with-DB" behaviour?
Yes, that's all there is to it. The only thing you *have* to do is have the nova-conductor service running.
The implementation was reverted due to bug #972365.
Just talked to mmagr on irc about this. "in nova puppet module catalog application fails when there's not DB password in sql_connection ... so currently all-in-one installation works, but controller+1compute_node installation fails" Given that this is a regression that prevents a multi-node setup from succeeding in Packstack, I think this should block snap2 actually.
back in snap2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0938.html