From f6c6e8b180fa6f3422ea04e157b2ce523dc67891 Mon Sep 17 00:00:00 2001
From: Jens Harbott <j.harbott@x-ion.de>
Date: Thu, 4 Mar 2021 14:09:57 +0100
Subject: [PATCH] Add a nova section to cinder configuration

Cinder needs to send notifications to nova when attached volumes
are being extended. By default, cinder uses the client context
for this, but nova requires admin privileges for this. So we
configure cinder to use the nova service user instead. See
also [0].

[0] https://bugs.launchpad.net/openstack-ansible/+bug/1902914

Change-Id: Ib4c6820dd15ecfa3e3763c188e0a2cc322ecea55
---
 attributes/cinder_conf.rb | 6 ++++++
 recipes/cinder-common.rb  | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/attributes/cinder_conf.rb b/attributes/cinder_conf.rb
index 62beabf..69be8e4 100644
--- a/attributes/cinder_conf.rb
+++ b/attributes/cinder_conf.rb
@@ -15,6 +15,12 @@ default['openstack']['block-storage']['conf'].tap do |conf|
   conf['keystone_authtoken']['project_name'] = 'service'
   conf['keystone_authtoken']['user_domain_name'] = 'Default'
   conf['keystone_authtoken']['project_domain_name'] = 'Default'
+  conf['nova']['auth_type'] = 'password'
+  conf['nova']['region_name'] = node['openstack']['region']
+  conf['nova']['username'] = 'nova'
+  conf['nova']['project_name'] = 'service'
+  conf['nova']['user_domain_name'] = 'Default'
+  conf['nova']['project_domain_name'] = 'Default'
 
   conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp'
 end
diff --git a/recipes/cinder-common.rb b/recipes/cinder-common.rb
index 0824df3..194bea9 100644
--- a/recipes/cinder-common.rb
+++ b/recipes/cinder-common.rb
@@ -56,6 +56,12 @@ node.default['openstack']['block-storage']['conf_secrets']
   .[]('keystone_authtoken')['password'] =
   get_password 'service', 'openstack-block-storage'
 
+if node['openstack']['block-storage']['conf']['nova']['auth_type'] == 'password'
+  node.default['openstack']['block-storage']['conf_secrets']
+  .[]('nova')['password'] =
+    get_password 'service', 'openstack-compute'
+end
+
 auth_url = identity_endpoint.to_s
 
 directory '/etc/cinder' do
@@ -71,6 +77,7 @@ node.default['openstack']['block-storage']['conf'].tap do |conf|
   conf['DEFAULT']['osapi_volume_listen'] = cinder_api_bind_address
   conf['DEFAULT']['osapi_volume_listen_port'] = cinder_api_bind['port']
   conf['keystone_authtoken']['auth_url'] = auth_url
+  conf['nova']['auth_url'] = auth_url
 end
 
 # Todo(jr): Make this configurable depending on backend to be used