966325 – sql_connection appears in /etc/nova/nova.conf on compute node.

Bug 966325 - sql_connection appears in /etc/nova/nova.conf on compute node.

Summary: sql_connection appears in /etc/nova/nova.conf on compute node.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-packstack
Sub Component:
Version:	3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	snapshot2
Target Release:	3.0
Assignee:	Martin Magr
QA Contact:	Brandon Perkins
Docs Contact:
URL:	https://tcms.engineering.redhat.com/c...
Whiteboard:
Depends On:	972365
Blocks:	894819
TreeView+	depends on / blocked

Reported:	2013-05-23 04:30 UTC by Brandon Perkins
Modified:	2019-09-09 16:13 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-packstack-2013.1.1-0.15.dev625
Doc Type:	Bug Fix
Doc Text:	The sql_connection configuration key in /etc/nova/nova.conf on compute nodes was previously being populated with the full MySQL connection details. This is no longer required as compute nodes now access the database via the nova-conductor service. PackStack has been updated to only set the sql_connection string on nodes that require it.
Clone Of:
Environment:
Last Closed:	2013-06-11 18:51:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	31698	None	None	None	Never
OpenStack gerrit	32374	None	None	None	Never
Red Hat Product Errata	RHBA-2013:0938	normal	SHIPPED_LIVE	openstack-packstack bug fix advisory	2013-06-11 22:48:19 UTC

Description Brandon Perkins 2013-05-23 04:30:33 UTC

Description of problem:
sql_connection appears in /etc/nova/nova.conf on compute node.

Version-Release number of selected component (if applicable):
openstack-nova-common-2013.1.1-2.el6ost.noarch


How reproducible:
Always.

Steps to Reproduce:
1. Install a remote (to cloud controller) nova compute node via packstack.
2. # grep ^sql_connection /etc/nova/nova.conf


Actual results:
Shows full connection parameters:
sql_connection=mysql://nova:[PASSWORD]@[MySQL IP]/nova


Expected results:
Password should NOT appear on a compute node.

Additional info:
This violates the purpose of Grizzly feature: Remove database access from Nova Compute Nodes (no-db-compute)

Comment 3 Martin Magr 2013-06-03 15:16:42 UTC

Is it the only thing which should be changed on computed nodes or is there something else required to change from Folsom "with-DB" behaviour?

Comment 6 Russell Bryant 2013-06-04 18:02:28 UTC

Yes, that's all there is to it.  The only thing you *have* to do is have the nova-conductor service running.

Comment 11 Martin Magr 2013-06-10 10:11:09 UTC

The implementation was reverted due to bug #972365.

Comment 12 Perry Myers 2013-06-10 12:53:52 UTC

Just talked to mmagr on irc about this.

"in nova puppet module catalog application fails when there's not DB password in sql_connection ... so currently all-in-one installation works, but controller+1compute_node installation fails"

Given that this is a regression that prevents a multi-node setup from succeeding in Packstack, I think this should block snap2 actually.

Comment 15 Scott Lewis 2013-06-10 19:26:07 UTC

back in snap2

Comment 18 errata-xmlrpc 2013-06-11 18:51:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0938.html

Note You need to log in before you can comment on or make changes to this bug.