[nova][tripleo][rpm-packaging][kolla][puppet][debian][osa] Nova enforces that no DB credentials are allowed for the nova-compute service
Tobias Urdin
tobias.urdin at binero.com
Mon Nov 23 08:30:12 UTC 2020
Hello,
Just to clarify that this is already possible when using puppet-nova, it's up to the deployment to
make sure the database parameters for the classes is set.
We've been running without database credentials in nova.conf on our compute nodes for years.
Best regards
Tobias
________________________________
From: Thomas Goirand <zigo at debian.org>
Sent: Saturday, November 21, 2020 2:47:23 AM
To: openstack maillist
Subject: Re: [nova][tripleo][rpm-packaging][kolla][puppet][debian][osa] Nova enforces that no DB credentials are allowed for the nova-compute service
On 11/18/20 8:24 PM, Dan Smith wrote:
> which things are
> _not_allowed_ to be set for a service (such as db credentials on the
> compute).
I still don't understand why this is forbidden.
Sure, I understand what people wrote: that it is a security problem.
Can't nova-compute just *ignore* the db credentials, and then everyone
is done with it, and moves on? That's a much more easy way to handle
this problem, IMO.
Cheers,
Thomas Goirand (zigo)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20201123/a6437a43/attachment.html>
More information about the openstack-discuss
mailing list