From dfec68afbe99d7bba43b62304b220d8a238a8730 Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Tue, 25 Nov 2014 15:02:00 -0500
Subject: [PATCH] Don't store Nova DB credentials on compute nodes

Remove NovaDSN from overcloud compute.

When using the Conductor the Nova compute service
does not need access to the database. This patch
removes all references to the Nova DSN in the overcloud
compute templates.

Change-Id: If75f480489b84002dd061c183dbee3572a8b63f1
---
 compute-config.yaml            | 1 -
 compute.yaml                   | 3 ---
 nova-compute-config.yaml       | 1 -
 nova-compute-instance.yaml     | 3 ---
 overcloud-source.yaml          | 8 +-------
 overcloud-without-mergepy.yaml | 8 +-------
 6 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/compute-config.yaml b/compute-config.yaml
index a5bfab34..45bb8e1e 100644
--- a/compute-config.yaml
+++ b/compute-config.yaml
@@ -12,7 +12,6 @@ resources:
         nova:
           compute_driver: { get_input: nova_compute_driver }
           compute_libvirt_type: { get_input: nova_compute_libvirt_type }
-          db: {get_input: nova_dsn}
           debug: {get_input: debug}
           host: {get_input: nova_api_host}
           public_ip: {get_input: nova_public_ip}
diff --git a/compute.yaml b/compute.yaml
index 45e1c87f..e3f44700 100644
--- a/compute.yaml
+++ b/compute.yaml
@@ -196,8 +196,6 @@ parameters:
   NovaComputeLibvirtType:
     type: string
     default: ''
-  NovaDSN:
-    type: string
   NovaPassword:
     default: unset
     description: The password for the nova service account, used by nova-api.
@@ -260,7 +258,6 @@ resources:
         debug: {get_param: Debug}
         nova_compute_driver: {get_param: NovaComputeDriver}
         nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType}
-        nova_dsn: {get_param: NovaDSN}
         nova_public_ip: {get_param: NovaPublicIP}
         nova_api_host: {get_param: NovaApiHost}
         nova_password: {get_param: NovaPassword}
diff --git a/nova-compute-config.yaml b/nova-compute-config.yaml
index a7708a2e..b3ef6000 100644
--- a/nova-compute-config.yaml
+++ b/nova-compute-config.yaml
@@ -7,7 +7,6 @@ resources:
         nova:
           compute_driver: { get_input: nova_compute_driver }
           compute_libvirt_type: { get_input: nova_compute_libvirt_type }
-          db: {get_input: nova_dsn}
           debug: {get_param: Debug}
           host: {get_input: nova_api_host}
           public_ip: {get_input: nova_public_ip}
diff --git a/nova-compute-instance.yaml b/nova-compute-instance.yaml
index 1b73e812..55f3a04b 100644
--- a/nova-compute-instance.yaml
+++ b/nova-compute-instance.yaml
@@ -153,8 +153,6 @@ parameters:
   NovaComputeLibvirtType:
     type: string
     default: ''
-  NovaDSN:
-    type: string
   NovaImage:
     type: string
     default: overcloud-compute
@@ -210,7 +208,6 @@ resources:
       input_values:
         nova_compute_driver: {get_param: NovaComputeDriver}
         nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType}
-        nova_dsn: {get_param: NovaDSN}
         nova_public_ip: {get_param: NovaPublicIP}
         nova_api_host: {get_param: NovaApiHost}
         nova_password: {get_param: NovaPassword}
diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index 914f1872..30896598 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -420,18 +420,12 @@ resources:
         NeutronHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
         GlanceHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
         RabbitHost: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
-        NovaDSN:
-          Fn::Join:
-            - ''
-            - - mysql://nova:unset@
-              - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
-              - /nova
         NovaPublicIP: {get_attr: [PublicVirtualIP, fixed_ips, 0, ip_address]}
         CeilometerDSN:
           Fn::Join:
             - ''
             - - mysql://ceilometer:unset@
-              - *compute_database_host
+              - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
               - /ceilometer
         NeutronDSN:
           Fn::Join:
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index c2891204..dd7c2639 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -577,17 +577,11 @@ resources:
           RabbitUserName: {get_param: RabbitUserName}
           SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
           SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
-          NovaDSN:
-            list_join:
-              - ''
-              - - mysql://nova:unset@
-                - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
-                - /nova
           CeilometerDSN:
             list_join:
               - ''
               - - mysql://ceilometer:unset@
-                - *compute_database_host
+                - &compute_database_host {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
                 - /ceilometer
           NeutronDSN:
             list_join:
-- 
2.16.6