1. devstack
  2. Commit 7adc401bba47fb6226f4a5827392f0c5d6de6cf4
Browse code

Merge "Restrict database access to nova-compute in singleconductor mode"

Zuul authored on 2019/01/22 01:50:07
Showing 1 changed files
lib/nova
History View file @ 7adc401
... ... 
@@ -897,25 +897,26 @@ function start_nova_compute {
897 897 
         local compute_cell_conf=$NOVA_CONF
898 898 
     fi
899 899
900 
+    cp $compute_cell_conf $NOVA_CPU_CONF
901 
+
900 902 
     if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
901 903 
         # NOTE(danms): Grenade doesn't setup multi-cell rabbit, so
902 904 
         # skip these bits and use the normal config.
903 
-        NOVA_CPU_CONF=$compute_cell_conf
904 905 
         echo "Skipping multi-cell conductor fleet setup"
905 906 
     else
906 907 
         # "${CELLSV2_SETUP}" is "superconductor"
907 
-        cp $compute_cell_conf $NOVA_CPU_CONF
908 908 
         # FIXME(danms): Should this be configurable?
909 909 
         iniset $NOVA_CPU_CONF workarounds disable_group_policy_check_upcall True
910 910 
         # Since the nova-compute service cannot reach nova-scheduler over
911 911 
         # RPC, we also disable track_instance_changes.
912 912 
         iniset $NOVA_CPU_CONF filter_scheduler track_instance_changes False
913 913 
         iniset_rpc_backend nova $NOVA_CPU_CONF DEFAULT "nova_cell${NOVA_CPU_CELL}"
914 
-        # Make sure we nuke any database config
915 
-        inidelete $NOVA_CPU_CONF database connection
916 
-        inidelete $NOVA_CPU_CONF api_database connection
917 914 
     fi
918 915
916 
+    # Make sure we nuke any database config
917 
+    inidelete $NOVA_CPU_CONF database connection
918 
+    inidelete $NOVA_CPU_CONF api_database connection
919 
+
919 920 
     # Console proxies were configured earlier in create_nova_conf. Now that the
920 921 
     # nova-cpu.conf has been created, configure the console settings required
921 922 
     # by the compute process.