No database access by nova-compute
Make all of the necessary changes so that nova-compute no longer has direct access to the database.
Blueprint information
- Status:
- Complete
- Approver:
- Vish Ishaya
- Priority:
- High
- Drafter:
- Russell Bryant
- Direction:
- Approved
- Assignee:
- Russell Bryant
- Definition:
- Approved
- Series goal:
- Accepted for grizzly
- Implementation:
-
Implemented
- Milestone target:
-
2013.1
- Started by
- Russell Bryant
- Completed by
- Russell Bryant
Related branches
Related bugs
| Bug #823000: nova-compute should not address DB directly (a.k.a. root SQL password in conf) | Fix Released |
Sprints
Whiteboard
-------
Status (as of 2013-01-25):
The following review identifies db accesses that still exist in nova-compute. Look for tracebacks in the nova-compute log for test runs against this patch:
https:/
This log file is from the latest run (patch set 8)
http://
There are 28 exceptions logged from db accesses. They are:
1) network api updates of the network info cache, addressed by: https:/
2) instance_type_get from compute_utils. This can be solved pretty easily once instance_type details are stored in the instance system_metadata table, so this depends on: https:/
3) bw_usage_
Other known db issues to address:
a) set_password() in nova.api.metadata, called from: https:/
b) need to review the smokestack log for additional things it caught
-------
blog post on nova-conductor, a part of this project: http://
Wishlist bug on this here: https:/
Gerrit topic: https:/
Addressed by: https:/
Remove db access for block devices on terminate_instance
Addressed by: https:/
Remove db access for block devices and network info on reboot
Addressed by: https:/
Remove database usage from libvirt imagecache module
Addressed by: https:/
Send full migration to resize_instance.
Addressed by: https:/
Send full migration to confirm_resize.
Addressed by: https:/
Send full migration data to finish_resize.
Addressed by: https:/
Remove database usage from libvirt check_can_
Addressed by: https:/
Remove redundant code from PowerVM driver
Addressed by: https:/
Prepare libvirt for db'ectomy
Addressed by: https:/
Prepare xenapi for partial db'ectomy
Addressed by: https:/
Remove all db.instance_
Addressed by: https:/
Remove db.instance_get* from nova/virt
Addressed by: https:/
Removes unnecessary db query for instance type
Addressed by: https:/
Remove unnecessary db call from xenapi/vmops
Addressed by: https:/
Send all migration data to revert_resize.
Addressed by: https:/
Send all migration data to finish_
Addressed by: https:/
Send all aggregate data to add_aggregate_host.
Addressed by: https:/
Look up stuck-in-rebooting instances in manager
Addressed by: https:/
Move host aggregate operations to VirtAPI
Addressed by: https:/
Send all aggregate data to remove_
Addressed by: https:/
Remove instance_type db lookup in prep_resize.
Addressed by: https:/
Send instance_type to resize_instance.
Addressed by: https:/
Move security groups and firewall ops to VirtAPI
Addressed by: https:/
Add some xenapi Bittorrent tests
Addressed by: https:/
Avoid unnecessary system_metadata db lookup
Addressed by: https:/
Make instance_
Addressed by: https:/
Ban db import from nova/virt
Addressed by: https:/
Fix a bug in XenAPISession's use of virtapi
Addressed by: https:/
Pass around instance instead of just uuid.
Addressed by: https:/
Move db lookup for block device mappings.
Addressed by: https:/
Send block device mappings to rebuild_instance.
Addressed by: https:/
Send block device mappings to run_instance.
Addressed by: https:/
Remove database usage from libvirt imagecache module
Addressed by: https:/
Remove unnecessary topic argument.
Addressed by: https:/
Add migration_update to conductor.
Addressed by: https:/
Add version to conductor migration_update message.
Addressed by: https:/
Make compute manager use conductor for instance_gets
Addressed by: https:/
Include 'hosts' and 'metadetails' in aggregate.
Addressed by: https:/
Add aggregate_host_add to conductor.
Addressed by: https:/
Split out part of compute's init_host.
Addressed by: https:/
Use conductor for resourcetracker instance_update.
Addressed by: https:/
Use conductor for migration_get()
Addressed by: https:/
Use conductor for bw_usage operations
Addressed by: https:/
Make nova/virt use aggregate[
Addressed by: https:/
Fix bw_usage_update issue with conductor
Addressed by: https:/
Move remaining aggregate operations to conductor
Addressed by: https:/
Add VirtAPI tests
Gerrit topic: https:/
Addressed by: https:/
Move aggregate_get() to conductor
Addressed by: https:/
Add expected exception to aggregate_
Addressed by: https:/
Remove system_metadata db calls from compute manager
Addressed by: https:/
Add ping to conductor
Addressed by: https:/
Move service_get_all operations to conductor
Addressed by: https:/
Move vol_usage methods to conductor
Addressed by: https:/
Move migration_
Addressed by: https:/
Get instances from conductor in init_host.
Addressed by: https:/
Move migration_create() to conductor
Addressed by: https:/
Fix some conductor manager return values.
Addressed by: https:/
Make pinging conductor a part of conductor API.
Addressed by: https:/
Allow forcing local conductor.
Addressed by: https:/
Handle waiting for conductor in nova.service.
Addressed by: https:/
Add service_create to conductor.
Addressed by: https:/
Make nova.service get service through conductor.
Addressed by: https:/
Add service_destroy to conductor.
Addressed by: https:/
Make resource tracker use conductor for migration updates
Addressed by: https:/
Move migration_
Addressed by: https:/
Make resource tracker use conductor for listing compute nodes
Addressed by: https:/
Make resource tracker use conductor for listing instances
Addressed by: https:/
Move compute node operations to conductor
Addressed by: https:/
Remove unused import.
Addressed by: https:/
Remove some db calls from db servicegroup driver.
Addressed by: https:/
Add service_update to conductor.
Addressed by: https:/
Use conductor in the servicegroup db driver.
Addressed by: https:/
Refactor compute_utils to avoid db lookup
Addressed by: https:/
Add instance_
Addressed by: https:/
Move task_log functions to conductor
Addressed by: https:/
Ensure service's servicegroup API is created first.
Addressed by: https:/
Avoid db lookup in info_from_
Addressed by: https:/
Use conductor for instance_
Addressed by: https:/
Make system_metadata update in place
Addressed by: https:/
Fix up instance types in sys meta for resizes
Addressed by: https:/
Teach resource tracker about stashed instance types
Addressed by: https:/
Make cells_api fetch stashed instance_type info
Addressed by: https:/
Remove remaining instance_types query from compute/manager
Addressed by: https:/
Make get_device_
Addressed by: https:/
Remove remaining instance_type db fetches from compute/api
Addressed by: https:/
Use conductor for notifications when necessary
Addressed by: https:/
Refactor server password metadata to avoid direct db usage
Addressed by: https:/
Ban database access in nova-compute
Addressed by: https:/
Move security_groups refreshes to conductor
Work Items
Dependency tree
* Blueprints in grey have been implemented.
