Bug 966325 - sql_connection appears in /etc/nova/nova.conf on compute node.
sql_connection appears in /etc/nova/nova.conf on compute node.
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
3.0
Unspecified Unspecified
urgent Severity urgent
: snapshot2
: 3.0
Assigned To: Martin Magr
Brandon Perkins
https://tcms.engineering.redhat.com/c...
:
Depends On: 972365
Blocks: 894819
  Show dependency treegraph
 
Reported: 2013-05-23 00:30 EDT by Brandon Perkins
Modified: 2016-04-26 10:20 EDT (History)
9 users (show)

See Also:
Fixed In Version: openstack-packstack-2013.1.1-0.15.dev625
Doc Type: Bug Fix
Doc Text:
The sql_connection configuration key in /etc/nova/nova.conf on compute nodes was previously being populated with the full MySQL connection details. This is no longer required as compute nodes now access the database via the nova-conductor service. PackStack has been updated to only set the sql_connection string on nodes that require it.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-11 14:51:31 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 31698 None None None Never
OpenStack gerrit 32374 None None None Never

  None (edit)
Description Brandon Perkins 2013-05-23 00:30:33 EDT
Description of problem:
sql_connection appears in /etc/nova/nova.conf on compute node.

Version-Release number of selected component (if applicable):
openstack-nova-common-2013.1.1-2.el6ost.noarch


How reproducible:
Always.

Steps to Reproduce:
1. Install a remote (to cloud controller) nova compute node via packstack.
2. # grep ^sql_connection /etc/nova/nova.conf


Actual results:
Shows full connection parameters:
sql_connection=mysql://nova:[PASSWORD]@[MySQL IP]/nova


Expected results:
Password should NOT appear on a compute node.

Additional info:
This violates the purpose of Grizzly feature: Remove database access from Nova Compute Nodes (no-db-compute)
Comment 3 Martin Magr 2013-06-03 11:16:42 EDT
Is it the only thing which should be changed on computed nodes or is there something else required to change from Folsom "with-DB" behaviour?
Comment 6 Russell Bryant 2013-06-04 14:02:28 EDT
Yes, that's all there is to it.  The only thing you *have* to do is have the nova-conductor service running.
Comment 11 Martin Magr 2013-06-10 06:11:09 EDT
The implementation was reverted due to bug #972365.
Comment 12 Perry Myers 2013-06-10 08:53:52 EDT
Just talked to mmagr on irc about this.

"in nova puppet module catalog application fails when there's not DB password in sql_connection ... so currently all-in-one installation works, but controller+1compute_node installation fails"

Given that this is a regression that prevents a multi-node setup from succeeding in Packstack, I think this should block snap2 actually.
Comment 15 Scott Lewis 2013-06-10 15:26:07 EDT
back in snap2
Comment 18 errata-xmlrpc 2013-06-11 14:51:31 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0938.html

Note You need to log in before you can comment on or make changes to this bug.