Add support for using service tokens

This patch configures nova-cloud-controller to send a service token along with the received user token on requests sent to other services. This allows those other services to accept the request even if the user token has been invalidated since received by the nova services running in nova-cloud-controller units, the same applies for incoming requests from other services. Service tokens exist since Openstack Queens. Change-Id: I95021600da8af12cb75ef5681fb5af8780ade4f8 Closes-Bug: #1992840 (cherry picked from commit fd810f9afd)
2023-05-18 22:24:12 -04:00 · 2023-05-18 22:24:12 -04:00 · 98b637d8e9
parent ef45a47655
commit 98b637d8e9
3 changed files with 6 additions and 0 deletions
--- a/templates/pike/nova.conf
+++ b/templates/pike/nova.conf
@ -154,6 +154,8 @@ api_servers = {{ glance_api_servers }}

 {% include "section-keystone-authtoken-mitaka" %}

+{% include "section-service-user" %}
+
 {% include "parts/section-cinder" %}

 [osapi_v3]
--- a/templates/rocky/nova.conf
+++ b/templates/rocky/nova.conf
@ -154,6 +154,8 @@ api_servers = {{ glance_api_servers }}

 {% include "section-keystone-authtoken-mitaka" %}

+{% include "section-service-user" %}
+
 {% include "parts/section-cinder" %}

 [osapi_v3]
--- a/templates/train/nova.conf
+++ b/templates/train/nova.conf
@ -158,6 +158,8 @@ api_servers = {{ glance_api_servers }}

 {% include "section-keystone-authtoken-mitaka" %}

+{% include "section-service-user" %}
+
 {% include "parts/section-cinder" %}

 [osapi_v3]