From 98b637d8e9d9df19cd001e582f846e2046fba1bd Mon Sep 17 00:00:00 2001 From: Felipe Reyes Date: Thu, 18 May 2023 22:24:12 -0400 Subject: [PATCH] Add support for using service tokens This patch configures nova-cloud-controller to send a service token along with the received user token on requests sent to other services. This allows those other services to accept the request even if the user token has been invalidated since received by the nova services running in nova-cloud-controller units, the same applies for incoming requests from other services. Service tokens exist since Openstack Queens. Change-Id: I95021600da8af12cb75ef5681fb5af8780ade4f8 Closes-Bug: #1992840 (cherry picked from commit fd810f9afd92904cd66544c00610f830fd337299) --- templates/pike/nova.conf | 2 ++ templates/rocky/nova.conf | 2 ++ templates/train/nova.conf | 2 ++ 3 files changed, 6 insertions(+) diff --git a/templates/pike/nova.conf b/templates/pike/nova.conf index 9beadd1f..24ae24ee 100644 --- a/templates/pike/nova.conf +++ b/templates/pike/nova.conf @@ -154,6 +154,8 @@ api_servers = {{ glance_api_servers }} {% include "section-keystone-authtoken-mitaka" %} +{% include "section-service-user" %} + {% include "parts/section-cinder" %} [osapi_v3] diff --git a/templates/rocky/nova.conf b/templates/rocky/nova.conf index a5feb1a8..8c330f24 100644 --- a/templates/rocky/nova.conf +++ b/templates/rocky/nova.conf @@ -154,6 +154,8 @@ api_servers = {{ glance_api_servers }} {% include "section-keystone-authtoken-mitaka" %} +{% include "section-service-user" %} + {% include "parts/section-cinder" %} [osapi_v3] diff --git a/templates/train/nova.conf b/templates/train/nova.conf index 1d7a1996..b7b344d6 100644 --- a/templates/train/nova.conf +++ b/templates/train/nova.conf @@ -158,6 +158,8 @@ api_servers = {{ glance_api_servers }} {% include "section-keystone-authtoken-mitaka" %} +{% include "section-service-user" %} + {% include "parts/section-cinder" %} [osapi_v3]