openstack/nova
Code Issues Proposed changes

Update docs: User token times out during long-running operations

Browse Source 
Keystonemiddleware compares the roles of the service_user with
[Keystone_authtoken]/service_token_roles, we need to explain this so
that users don't get confused.

For example:
Nova send request to neutron with both service_user_token and
user_token, neutron first sends them to Keystonemiddleware for
authenrication, Keystonemiddleware will compare service_user's role
with [Keystone_authtoken]/service_token_roles which configured in
neutron, then decide whether to fetch user_token based on the result.

Change-Id: I024885adad2d14bc2568382c677198132dc88a13
This commit is contained in:
ya.wang
2019-03-11 17:56:22 +08:00
parent f853e04cd2
commit fa07df1e99
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
doc/source/admin/support-compute.rst
View File

@@ -526,3 +526,11 @@ configuration file, for example:
And configure the other identity options as necessary for the service user, And configure the other identity options as necessary for the service user,
much like you would configure nova to work with the image service (glance) much like you would configure nova to work with the image service (glance)
or networking service. or networking service.
.. note::
Please note that the role of the :oslo.config:group:`service_user` you
configure needs to be a superset of
:oslo.config:option:`keystone_authtoken.service_token_roles` (The option
:oslo.config:option:`keystone_authtoken.service_token_roles` is configured
in cinder, glance and neutron).