Hello, Just to clarify that this is already possible when using puppet-nova, it's up to the deployment to make sure the database parameters for the classes is set. We've been running without database credentials in nova.conf on our compute nodes for years. Best regards Tobias ________________________________ From: Thomas Goirand <zigo@debian.org> Sent: Saturday, November 21, 2020 2:47:23 AM To: openstack maillist Subject: Re: [nova][tripleo][rpm-packaging][kolla][puppet][debian][osa] Nova enforces that no DB credentials are allowed for the nova-compute service On 11/18/20 8:24 PM, Dan Smith wrote:
which things are _not_allowed_ to be set for a service (such as db credentials on the compute).
I still don't understand why this is forbidden. Sure, I understand what people wrote: that it is a security problem. Can't nova-compute just *ignore* the db credentials, and then everyone is done with it, and moves on? That's a much more easy way to handle this problem, IMO. Cheers, Thomas Goirand (zigo)