From e5cbbcfc6a5fa31565d21e6c0ea260faca3b253d Mon Sep 17 00:00:00 2001 From: Dan Smith Date: Wed, 6 Feb 2013 11:26:59 -0500 Subject: [PATCH] Ban database access in nova-compute This adds a wedge between nova-compute and the database implementation to specifically catch, log, and deny accesses. Theoretically, this should not be needed as a production environment would not even have the compute nodes configured to talk to the database. However, testing and upgraded environments may retain database access and thus avoid hitting real issues that can be fixed up prior to release. Putting this into the tree now will help ensure we have a consistent error scenario for test setups prior to release. Note that if nova is configured to use a local conductor, we do not insert the wedge, which provides an easy out for anyone needing to get a production system past a missed database access. Related to bp no-db-compute. Based on Russell's original tracer hack: I328fa92d5bfdadd5022f5c7efe981396d8ae7962 Change-Id: I478230220633e0d2ff94b6a4d756e07eab8517d7 --- bin/nova-compute | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/bin/nova-compute b/bin/nova-compute index 8826015d4104..814147d66328 100755 --- a/bin/nova-compute +++ b/bin/nova-compute @@ -31,6 +31,7 @@ else: import os import sys +import traceback # If ../nova/__init__.py exists, add ../ to Python search path, so that # it will override what happens to be installed in /usr/(local/)lib/python... @@ -42,6 +43,8 @@ if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'nova', '__init__.py')): from nova import config +import nova.db.api +from nova import exception from nova.openstack.common import cfg from nova.openstack.common import log as logging from nova import service @@ -49,11 +52,31 @@ from nova import utils CONF = cfg.CONF CONF.import_opt('compute_topic', 'nova.compute.rpcapi') +CONF.import_opt('use_local', 'nova.conductor.api', group='conductor') +LOG = logging.getLogger('nova.compute') + + +def block_db_access(): + class NoDB(object): + def __getattr__(self, attr): + return self + + def __call__(self, *args, **kwargs): + stacktrace = "".join(traceback.format_stack()) + LOG.error('No db access allowed in nova-compute: %s' % stacktrace) + raise exception.DBError('No db access allowed in nova-compute') + + nova.db.api.IMPL = NoDB() + if __name__ == '__main__': config.parse_args(sys.argv) logging.setup('nova') utils.monkey_patch() + + if not CONF.conductor.use_local: + block_db_access() + server = service.Service.create(binary='nova-compute', topic=CONF.compute_topic, db_allowed=False)