diff options
| -rw-r--r-- | openstack/usr/share/openstack/openstack-nova-setup | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/openstack/usr/share/openstack/openstack-nova-setup b/openstack/usr/share/openstack/openstack-nova-setup index a5ce7364..51ba5022 100644 --- a/openstack/usr/share/openstack/openstack-nova-setup +++ b/openstack/usr/share/openstack/openstack-nova-setup @@ -72,7 +72,10 @@ chmod 766 /var/run/libvirt/libvirt-sock #modprobe nbd systemctl start openstack-nova-compute -systemctl start openstack-nova-conductor +# [1] Never enable openstack-nova-conductor service in a node with +# openstack-nova-compute or the security benefits of removing +# database access from nova-compute will be negated +#systemctl start openstack-nova-conductor #systemctl start openstack-nova-api #systemctl start openstack-nova-cert #systemctl start openstack-nova-consoleauth @@ -83,9 +86,9 @@ systemctl start openstack-nova-conductor ln -s "/etc/systemd/system/openstack-nova-compute.service" \ "/etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service" - -ln -s "/etc/systemd/system/openstack-nova-conductor.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service" +# See description of why this shouldn't run in a openstack in one node in [1] +#ln -s "/etc/systemd/system/openstack-nova-conductor.service" \ +# "/etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service" #ln -s "/etc/systemd/system/openstack-nova-api.service" \ # "/etc/systemd/system/multi-user.target.wants/openstack-nova-api.service" |