Ban database access in nova-compute
This adds a wedge between nova-compute and the database implementation to specifically catch, log, and deny accesses. Theoretically, this should not be needed as a production environment would not even have the compute nodes configured to talk to the database. However, testing and upgraded environments may retain database access and thus avoid hitting real issues that can be fixed up prior to release. Putting this into the tree now will help ensure we have a consistent error scenario for test setups prior to release. Note that if nova is configured to use a local conductor, we do not insert the wedge, which provides an easy out for anyone needing to get a production system past a missed database access. Related to bp no-db-compute. Based on Russell's original tracer hack: I328fa92d5bfdadd5022f5c7efe981396d8ae7962 Change-Id: I478230220633e0d2ff94b6a4d756e07eab8517d7
This commit is contained in:
parent
32d6f568ae
commit
e5cbbcfc6a
|
@ -31,6 +31,7 @@ else:
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
|
import traceback
|
||||||
|
|
||||||
# If ../nova/__init__.py exists, add ../ to Python search path, so that
|
# If ../nova/__init__.py exists, add ../ to Python search path, so that
|
||||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||||
|
@ -42,6 +43,8 @@ if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'nova', '__init__.py')):
|
||||||
|
|
||||||
|
|
||||||
from nova import config
|
from nova import config
|
||||||
|
import nova.db.api
|
||||||
|
from nova import exception
|
||||||
from nova.openstack.common import cfg
|
from nova.openstack.common import cfg
|
||||||
from nova.openstack.common import log as logging
|
from nova.openstack.common import log as logging
|
||||||
from nova import service
|
from nova import service
|
||||||
|
@ -49,11 +52,31 @@ from nova import utils
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
CONF.import_opt('compute_topic', 'nova.compute.rpcapi')
|
CONF.import_opt('compute_topic', 'nova.compute.rpcapi')
|
||||||
|
CONF.import_opt('use_local', 'nova.conductor.api', group='conductor')
|
||||||
|
LOG = logging.getLogger('nova.compute')
|
||||||
|
|
||||||
|
|
||||||
|
def block_db_access():
|
||||||
|
class NoDB(object):
|
||||||
|
def __getattr__(self, attr):
|
||||||
|
return self
|
||||||
|
|
||||||
|
def __call__(self, *args, **kwargs):
|
||||||
|
stacktrace = "".join(traceback.format_stack())
|
||||||
|
LOG.error('No db access allowed in nova-compute: %s' % stacktrace)
|
||||||
|
raise exception.DBError('No db access allowed in nova-compute')
|
||||||
|
|
||||||
|
nova.db.api.IMPL = NoDB()
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
config.parse_args(sys.argv)
|
config.parse_args(sys.argv)
|
||||||
logging.setup('nova')
|
logging.setup('nova')
|
||||||
utils.monkey_patch()
|
utils.monkey_patch()
|
||||||
|
|
||||||
|
if not CONF.conductor.use_local:
|
||||||
|
block_db_access()
|
||||||
|
|
||||||
server = service.Service.create(binary='nova-compute',
|
server = service.Service.create(binary='nova-compute',
|
||||||
topic=CONF.compute_topic,
|
topic=CONF.compute_topic,
|
||||||
db_allowed=False)
|
db_allowed=False)
|
||||||
|
|
Loading…
Reference in New Issue