Add support for using service tokens

This patch configures nova-cloud-controller to send a service token along with the received user token on requests sent to other services. This allows those other services to accept the request even if the user token has been invalidated since received by the nova services running in nova-cloud-controller units, the same applies for incoming requests from other services. Service tokens exist since Openstack Queens. Change-Id: I95021600da8af12cb75ef5681fb5af8780ade4f8 Closes-Bug: #1992840 (cherry picked from commit fd810f9afd) (cherry picked from commit 98b637d8e9)
2023-05-18 22:24:12 -04:00
parent b81ab8a900
commit fdfb8331d2
3 changed files with 6 additions and 0 deletions
--- a/templates/pike/nova.conf
+++ b/templates/pike/nova.conf
@@ -150,6 +150,8 @@ api_servers = {{ glance_api_servers }}

 {% include "section-keystone-authtoken-mitaka" %}

+{% include "section-service-user" %}
+
 {% include "parts/section-cinder" %}

 [osapi_v3]
--- a/templates/rocky/nova.conf
+++ b/templates/rocky/nova.conf
@@ -150,6 +150,8 @@ api_servers = {{ glance_api_servers }}

 {% include "section-keystone-authtoken-mitaka" %}

+{% include "section-service-user" %}
+
 {% include "parts/section-cinder" %}

 [osapi_v3]
--- a/templates/train/nova.conf
+++ b/templates/train/nova.conf
@@ -154,6 +154,8 @@ api_servers = {{ glance_api_servers }}

 {% include "section-keystone-authtoken-mitaka" %}

+{% include "section-service-user" %}
+
 {% include "parts/section-cinder" %}

 [osapi_v3]