OpenStack Compute (nova)

Can nova-compute connect database directly?

Bug #2008039 reported by shews on 2023-02-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Won't Fix	Undecided	Unassigned

Bug Description

Hello all.

Now nova-compute get or update database via rabbitmq rpc message to nova-conductor. If a region has a lot of nova-computes, this will increase the load of rabbitmq and nova-conductor.
Can nova-compute connect to database directly? not via rabbitmq and nova-conductor.

Thank you.

Revision history for this message

shews (shews) wrote on 2023-02-22:

Why nova-compute not connect to database directly by default?

Revision history for this message

sean mooney (sean-k-mooney) wrote on 2023-02-22:

it is explcitly not supproted.

we intoduced the condocutor to make sure that nova compute agents do not have db access directly.

Changed in nova:
status:	New → Won't Fix

Revision history for this message

sean mooney (sean-k-mooney) wrote on 2023-02-22:

we deprecated supprot for direct db acces in mitaka/ 2016 mitaka
https://github.com/openstack/nova/commit/a067a4c9be524c90677f511c96764ab327a4da4c
and it was removed in ocata in 2017 https://github.com/openstack/nova/commit/c36dbe1f721ea6ca6b083932c8f27022a03ddf53

direct db access is considered a potential security issue if the db credentials are available on the compute node and it is not something we plan to support again in the future.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.