Add support for using service tokens

This patch configures nova-cloud-controller to send a service token along with the received user token on requests sent to other services. This allows those other services to accept the request even if the user token has been invalidated since received by the nova services running in nova-cloud-controller units, the same applies for incoming requests from other services. Service tokens exist since Openstack Queens. Change-Id: I95021600da8af12cb75ef5681fb5af8780ade4f8 Closes-Bug: #1992840 (cherry picked from commit fd810f9afd)
2023-05-18 22:24:12 -04:00 · 2023-05-18 22:24:12 -04:00 · 6dee49e548
parent a4252d86f1
commit 6dee49e548
3 changed files with 6 additions and 0 deletions
--- a/templates/pike/nova.conf
+++ b/templates/pike/nova.conf
@ -154,6 +154,8 @@ api_servers = {{ glance_api_servers }}

 {% include "section-keystone-authtoken-mitaka" %}

+{% include "section-service-user" %}
+
 {% include "parts/section-cinder" %}

 [osapi_v3]
--- a/templates/rocky/nova.conf
+++ b/templates/rocky/nova.conf
@ -154,6 +154,8 @@ api_servers = {{ glance_api_servers }}

 {% include "section-keystone-authtoken-mitaka" %}

+{% include "section-service-user" %}
+
 {% include "parts/section-cinder" %}

 [osapi_v3]
--- a/templates/train/nova.conf
+++ b/templates/train/nova.conf
@ -158,6 +158,8 @@ api_servers = {{ glance_api_servers }}

 {% include "section-keystone-authtoken-mitaka" %}

+{% include "section-service-user" %}
+
 {% include "parts/section-cinder" %}

 [osapi_v3]