From 82537871376afe98a286e1ba424cf192ae60869a Mon Sep 17 00:00:00 2001
From: Matt Riedemann <mriedem.os@gmail.com>
Date: Fri, 18 Jan 2019 10:42:13 -0500
Subject: [PATCH] Restrict database access to nova-compute in singleconductor
 mode

Change I4820abe57a023050dd8d067c77e26028801ff288 removed access
to the database for the nova-compute process but only in
superconductor mode. Grenade runs in singleconductor mode though
so we are getting tracebacks in nova-compute logs during grenade
runs because nova-compute is running with nova.conf which is
configured with access to the nova API database.

This change handles removing database access for nova-compute
generically to cover both the singleconductor and superconductor
cases.

Change-Id: I81301eeecc7669a169deeb1e2c5d298a595aab94
Closes-Bug: #1812398
---
 lib/nova | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/nova b/lib/nova
index d1d0b3c16b..199550bf03 100644
--- a/lib/nova
+++ b/lib/nova
@@ -897,25 +897,26 @@ function start_nova_compute {
         local compute_cell_conf=$NOVA_CONF
     fi
 
+    cp $compute_cell_conf $NOVA_CPU_CONF
+
     if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
         # NOTE(danms): Grenade doesn't setup multi-cell rabbit, so
         # skip these bits and use the normal config.
-        NOVA_CPU_CONF=$compute_cell_conf
         echo "Skipping multi-cell conductor fleet setup"
     else
         # "${CELLSV2_SETUP}" is "superconductor"
-        cp $compute_cell_conf $NOVA_CPU_CONF
         # FIXME(danms): Should this be configurable?
         iniset $NOVA_CPU_CONF workarounds disable_group_policy_check_upcall True
         # Since the nova-compute service cannot reach nova-scheduler over
         # RPC, we also disable track_instance_changes.
         iniset $NOVA_CPU_CONF filter_scheduler track_instance_changes False
         iniset_rpc_backend nova $NOVA_CPU_CONF DEFAULT "nova_cell${NOVA_CPU_CELL}"
-        # Make sure we nuke any database config
-        inidelete $NOVA_CPU_CONF database connection
-        inidelete $NOVA_CPU_CONF api_database connection
     fi
 
+    # Make sure we nuke any database config
+    inidelete $NOVA_CPU_CONF database connection
+    inidelete $NOVA_CPU_CONF api_database connection
+
     # Console proxies were configured earlier in create_nova_conf. Now that the
     # nova-cpu.conf has been created, configure the console settings required
     # by the compute process.