openstack/devstack
Code Issues Proposed changes

Restrict database access to nova-compute in singleconductor mode

Browse Source 
Change I4820abe57a023050dd8d067c77e26028801ff288 removed access
to the database for the nova-compute process but only in
superconductor mode. Grenade runs in singleconductor mode though
so we are getting tracebacks in nova-compute logs during grenade
runs because nova-compute is running with nova.conf which is
configured with access to the nova API database.

This change handles removing database access for nova-compute
generically to cover both the singleconductor and superconductor
cases.

Change-Id: I81301eeecc7669a169deeb1e2c5d298a595aab94
Closes-Bug: #1812398
This commit is contained in:
Matt Riedemann 2019-01-18 10:42:13 -05:00
parent 85e6aaf541
commit 8253787137
1 changed files with 6 additions and 5 deletions

11
lib/nova

@ -897,25 +897,26 @@ function start_nova_compute {
local compute_cell_conf=$NOVA_CONF local compute_cell_conf=$NOVA_CONF
fi fi
cp $compute_cell_conf $NOVA_CPU_CONF
if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
# NOTE(danms): Grenade doesn't setup multi-cell rabbit, so # NOTE(danms): Grenade doesn't setup multi-cell rabbit, so
# skip these bits and use the normal config. # skip these bits and use the normal config.
NOVA_CPU_CONF=$compute_cell_conf
echo "Skipping multi-cell conductor fleet setup" echo "Skipping multi-cell conductor fleet setup"
else else
# "${CELLSV2_SETUP}" is "superconductor" # "${CELLSV2_SETUP}" is "superconductor"
cp $compute_cell_conf $NOVA_CPU_CONF
# FIXME(danms): Should this be configurable? # FIXME(danms): Should this be configurable?
iniset $NOVA_CPU_CONF workarounds disable_group_policy_check_upcall True iniset $NOVA_CPU_CONF workarounds disable_group_policy_check_upcall True
# Since the nova-compute service cannot reach nova-scheduler over # Since the nova-compute service cannot reach nova-scheduler over
# RPC, we also disable track_instance_changes. # RPC, we also disable track_instance_changes.
iniset $NOVA_CPU_CONF filter_scheduler track_instance_changes False iniset $NOVA_CPU_CONF filter_scheduler track_instance_changes False
iniset_rpc_backend nova $NOVA_CPU_CONF DEFAULT "nova_cell${NOVA_CPU_CELL}" iniset_rpc_backend nova $NOVA_CPU_CONF DEFAULT "nova_cell${NOVA_CPU_CELL}"
# Make sure we nuke any database config
inidelete $NOVA_CPU_CONF database connection
inidelete $NOVA_CPU_CONF api_database connection
fi fi
# Make sure we nuke any database config
inidelete $NOVA_CPU_CONF database connection
inidelete $NOVA_CPU_CONF api_database connection
# Console proxies were configured earlier in create_nova_conf. Now that the # Console proxies were configured earlier in create_nova_conf. Now that the
# nova-cpu.conf has been created, configure the console settings required # nova-cpu.conf has been created, configure the console settings required
# by the compute process. # by the compute process.