From 80c1605a1df9687c7d1d842b258a3d99ec2eda35 Mon Sep 17 00:00:00 2001 From: Rajat Dhasmana Date: Wed, 28 Feb 2024 13:08:12 +0530 Subject: [PATCH] Configure cinder service token Glance is implementing new location APIs, for which, cinder needs to pass service token to register a location in glance. This is required in the case when glance is using cinder as a backend and cinder tries to upload a volume in the optimized path. We are adding a new option, ``CINDER_USE_SERVICE_TOKEN`` that will configure the service user section in cinder.conf. By default, it is set to False. Change-Id: I0045539f1e31a6d26c4f31935c5ddfaaa7607a48 --- lib/cinder | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/cinder b/lib/cinder index f80542a35f..0adca4f4ec 100644 --- a/lib/cinder +++ b/lib/cinder @@ -88,6 +88,10 @@ CINDER_SERVICE_REPORT_INTERVAL=${CINDER_SERVICE_REPORT_INTERVAL:-120} # thin provisioning. CINDER_LVM_TYPE=${CINDER_LVM_TYPE:-auto} +# ``CINDER_USE_SERVICE_TOKEN`` is a mode where service token is passed along with +# user token while communicating to external REST APIs like Glance. +CINDER_USE_SERVICE_TOKEN=$(trueorfalse True CINDER_USE_SERVICE_TOKEN) + # Default backends # The backend format is type:name where type is one of the supported backend # types (lvm, nfs, etc) and name is the identifier used in the Cinder @@ -445,6 +449,10 @@ function configure_cinder { iniset $CINDER_CONF oslo_policy enforce_scope false iniset $CINDER_CONF oslo_policy enforce_new_defaults false fi + + if [ "$CINDER_USE_SERVICE_TOKEN" == "True" ]; then + init_cinder_service_user_conf + fi } # create_cinder_accounts() - Set up common required cinder accounts @@ -761,6 +769,12 @@ function configure_cinder_volume_upload { done } +function init_cinder_service_user_conf { + configure_keystone_authtoken_middleware $CINDER_CONF cinder service_user + iniset $CINDER_CONF service_user send_service_user_token True + iniset $CINDER_CONF service_user auth_strategy keystone +} + # Restore xtrace $_XTRACE_CINDER