Bug 966325 – sql_connection appears in /etc/nova/nova.conf on compute node.

Bug 966325 - sql_connection appears in /etc/nova/nova.conf on compute node.

Summary:	sql_connection appears in /etc/nova/nova.conf on compute node.

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-packstack (Show other bugs)
Sub Component:
Version:	3.0
Hardware:	Unspecified Unspecified

Priority	urgent Severity urgent
Target Milestone:	snapshot2
Target Release:	3.0
Assigned To:	Martin Magr
QA Contact:	Brandon Perkins
Docs Contact:

URL:	https://tcms.engineering.redhat.com/c...
Whiteboard:
Keywords:

Depends On:	972365
Blocks:	894819
	Show dependency tree / graph

Reported:	2013-05-23 00:30 EDT by Brandon Perkins
Modified:	2016-04-26 10:20 EDT (History)
CC List:	9 users (show)

See Also:
Fixed In Version:	openstack-packstack-2013.1.1-0.15.dev625
Doc Type:	Bug Fix
Doc Text:	The sql_connection configuration key in /etc/nova/nova.conf on compute nodes was previously being populated with the full MySQL connection details. This is no longer required as compute nodes now access the database via the nova-conductor service. PackStack has been updated to only set the sql_connection string on nodes that require it.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-06-11 14:51:31 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	31698	None	None	None	Never
OpenStack gerrit	32374	None	None	None	Never

Groups: None (edit)

Description Brandon Perkins 2013-05-23 00:30:33 EDT

Description of problem:
sql_connection appears in /etc/nova/nova.conf on compute node.

Version-Release number of selected component (if applicable):
openstack-nova-common-2013.1.1-2.el6ost.noarch


How reproducible:
Always.

Steps to Reproduce:
1. Install a remote (to cloud controller) nova compute node via packstack.
2. # grep ^sql_connection /etc/nova/nova.conf


Actual results:
Shows full connection parameters:
sql_connection=mysql://nova:[PASSWORD]@[MySQL IP]/nova


Expected results:
Password should NOT appear on a compute node.

Additional info:
This violates the purpose of Grizzly feature: Remove database access from Nova Compute Nodes (no-db-compute)

Comment 3 Martin Magr 2013-06-03 11:16:42 EDT

Is it the only thing which should be changed on computed nodes or is there something else required to change from Folsom "with-DB" behaviour?

Comment 6 Russell Bryant 2013-06-04 14:02:28 EDT

Yes, that's all there is to it.  The only thing you *have* to do is have the nova-conductor service running.

Comment 11 Martin Magr 2013-06-10 06:11:09 EDT

The implementation was reverted due to bug #972365.

Comment 12 Perry Myers 2013-06-10 08:53:52 EDT

Just talked to mmagr on irc about this.

"in nova puppet module catalog application fails when there's not DB password in sql_connection ... so currently all-in-one installation works, but controller+1compute_node installation fails"

Given that this is a regression that prevents a multi-node setup from succeeding in Packstack, I think this should block snap2 actually.

Comment 15 Scott Lewis 2013-06-10 15:26:07 EDT

back in snap2

Comment 18 errata-xmlrpc 2013-06-11 14:51:31 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0938.html

Note You need to log in before you can comment on or make changes to this bug.