Add a nova section to cinder configuration

Cinder needs to send notifications to nova when attached volumes
are being extended. By default, cinder uses the client context
for this, but nova requires admin privileges for this. So we
configure cinder to use the nova service user instead. See
also [0].

[0] https://bugs.launchpad.net/openstack-ansible/+bug/1902914

Change-Id: Ib4c6820dd15ecfa3e3763c188e0a2cc322ecea55

attributes/cinder_conf.rb

@@ -15,6 +15,12 @@ default['openstack']['block-storage']['conf'].tap do |conf|
   conf['keystone_authtoken']['project_name'] = 'service'
   conf['keystone_authtoken']['user_domain_name'] = 'Default'
   conf['keystone_authtoken']['project_domain_name'] = 'Default'
+  conf['nova']['auth_type'] = 'password'
+  conf['nova']['region_name'] = node['openstack']['region']
+  conf['nova']['username'] = 'nova'
+  conf['nova']['project_name'] = 'service'
+  conf['nova']['user_domain_name'] = 'Default'
+  conf['nova']['project_domain_name'] = 'Default'
 
   conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp'
 end

recipes/cinder-common.rb

@@ -56,6 +56,12 @@ node.default['openstack']['block-storage']['conf_secrets']
   .[]('keystone_authtoken')['password'] =
   get_password 'service', 'openstack-block-storage'
 
+if node['openstack']['block-storage']['conf']['nova']['auth_type'] == 'password'
+  node.default['openstack']['block-storage']['conf_secrets']
+  .[]('nova')['password'] =
+    get_password 'service', 'openstack-compute'
+end
+
 auth_url = identity_endpoint.to_s
 
 directory '/etc/cinder' do
@@ -71,6 +77,7 @@ node.default['openstack']['block-storage']['conf'].tap do |conf|
   conf['DEFAULT']['osapi_volume_listen'] = cinder_api_bind_address
   conf['DEFAULT']['osapi_volume_listen_port'] = cinder_api_bind['port']
   conf['keystone_authtoken']['auth_url'] = auth_url
+  conf['nova']['auth_url'] = auth_url
 end
 
 # Todo(jr): Make this configurable depending on backend to be used