summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Riedemann <mriedem.os@gmail.com>2019-01-18 10:42:13 -0500
committerMatt Riedemann <mriedem.os@gmail.com>2019-01-21 09:25:25 -0500
commitc7114582c0b88f379cae795c8bc88bf840d0965a (patch)
tree0bef51ed4299b5b4adb8b7932ceed6b3de15a208
parentffb6cf7b4a221d957ba697ad81216d9b75bd53de (diff)
Restrict database access to nova-compute in singleconductor modestable/queens
Change I4820abe57a023050dd8d067c77e26028801ff288 removed access to the database for the nova-compute process but only in superconductor mode. Grenade runs in singleconductor mode though so we are getting tracebacks in nova-compute logs during grenade runs because nova-compute is running with nova.conf which is configured with access to the nova API database. This change handles removing database access for nova-compute generically to cover both the singleconductor and superconductor cases. Conflicts: lib/nova NOTE(mriedem): Conflict is due to not having change I2a98795674183e2c05c29e15a3a3bad1a22c0891 in stable/queens. Change-Id: I81301eeecc7669a169deeb1e2c5d298a595aab94 Closes-Bug: #1812398 (cherry picked from commit 82537871376afe98a286e1ba424cf192ae60869a) (cherry picked from commit 1b2408b4f33710d404c4da4dde6bc096d6e691f4)
Notes
Notes (review): Code-Review+2: Ian Wienand <iwienand@redhat.com> Workflow+1: Ian Wienand <iwienand@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Wed, 23 Jan 2019 14:06:39 +0000 Reviewed-on: https://review.openstack.org/632100 Project: openstack-dev/devstack Branch: refs/heads/stable/queens
-rw-r--r--lib/nova11
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/nova b/lib/nova
index 79ffb4d..b2195c2 100644
--- a/lib/nova
+++ b/lib/nova
@@ -867,25 +867,26 @@ function start_nova_compute {
867 local compute_cell_conf=$NOVA_CONF 867 local compute_cell_conf=$NOVA_CONF
868 fi 868 fi
869 869
870 cp $compute_cell_conf $NOVA_CPU_CONF
871
870 if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then 872 if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
871 # NOTE(danms): Grenade doesn't setup multi-cell rabbit, so 873 # NOTE(danms): Grenade doesn't setup multi-cell rabbit, so
872 # skip these bits and use the normal config. 874 # skip these bits and use the normal config.
873 NOVA_CPU_CONF=$compute_cell_conf
874 echo "Skipping multi-cell conductor fleet setup" 875 echo "Skipping multi-cell conductor fleet setup"
875 else 876 else
876 # "${CELLSV2_SETUP}" is "superconductor" 877 # "${CELLSV2_SETUP}" is "superconductor"
877 cp $compute_cell_conf $NOVA_CPU_CONF
878 # FIXME(danms): Should this be configurable? 878 # FIXME(danms): Should this be configurable?
879 iniset $NOVA_CPU_CONF workarounds disable_group_policy_check_upcall True 879 iniset $NOVA_CPU_CONF workarounds disable_group_policy_check_upcall True
880 # Since the nova-compute service cannot reach nova-scheduler over 880 # Since the nova-compute service cannot reach nova-scheduler over
881 # RPC, we also disable track_instance_changes. 881 # RPC, we also disable track_instance_changes.
882 iniset $NOVA_CPU_CONF filter_scheduler track_instance_changes False 882 iniset $NOVA_CPU_CONF filter_scheduler track_instance_changes False
883 iniset_rpc_backend nova $NOVA_CPU_CONF DEFAULT "nova_cell${NOVA_CPU_CELL}" 883 iniset_rpc_backend nova $NOVA_CPU_CONF DEFAULT "nova_cell${NOVA_CPU_CELL}"
884 # Make sure we nuke any database config
885 inidelete $NOVA_CPU_CONF database connection
886 inidelete $NOVA_CPU_CONF api_database connection
887 fi 884 fi
888 885
886 # Make sure we nuke any database config
887 inidelete $NOVA_CPU_CONF database connection
888 inidelete $NOVA_CPU_CONF api_database connection
889
889 if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then 890 if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
890 # The group **$LIBVIRT_GROUP** is added to the current user in this script. 891 # The group **$LIBVIRT_GROUP** is added to the current user in this script.
891 # ``sg`` is used in run_process to execute nova-compute as a member of the 892 # ``sg`` is used in run_process to execute nova-compute as a member of the