On 18/4/23 20:56, Slawek Kaplonski wrote:
Dnia wtorek, 18 kwietnia 2023 13:37:12 CEST Eugen Block pisze:
Hi, I'm glad you worked that out. But one thing I'm wondering since I'm not familiar with kolla (as I'm stating repeatedly), why does the compute node have the capabilities to manipulate the neutron database? Is that by design? It shouldn't. Only neutron-server should have access to the DB.
A question for kolla devs then I guess. Thank you for identifying this concern.
We have our own deployment mechanism on baremetal and there's no "connection =..." string available on compute nodes. Maybe I misunderstood something, but I find it strange that such a thing could happen that easily.
The following files have the setting on our compute nodes. We haven't customised this setting, so its presence wasn't caused by us per se. # ack -l "^connection =" /etc/kolla /etc/kolla/neutron-openvswitch-agent/neutron.conf /etc/kolla/neutron-metadata-agent/neutron.conf /etc/kolla/neutron-l3-agent/neutron.conf