From 8f8b750e4f5767665f6e2fe2ae2b3dca17be2b61 Mon Sep 17 00:00:00 2001 From: Rajesh Tailor Date: Tue, 30 Apr 2019 12:32:34 +0530 Subject: [PATCH] Add cinder credentials to nova conf Added user/project CONF with admin role at cinder group, and when determine context is_admin and without token, do authenticaion with user/project info to call cinder api. When set reclaim_instance_interval > 0, and then delete an instance which booted from volume with `delete_on_termination` set as true. After reclaim_instance_interval time pass, all volumes boot instance with state: attached and in-use, even when attached instances was deleted. This happens because as admin context from `nova.compute.manager._reclaim_queued_deletes` did not have any token info, then call cinder api would be failed. The corresponding nova changes merged in change https://review.opendev.org/#/c/522112/ Also rephrased CinderPassword parameter description in cinder service templates to make it generic. Depends-On: https://review.opendev.org/#/c/657918/ Related-Bug: #1734025 Change-Id: If0f9e442e5ed3b2d94bc51e65c145519c51cbc86 --- deployment/cinder/cinder-api-container-puppet.yaml | 2 +- deployment/cinder/cinder-base.yaml | 2 +- deployment/nova/nova-compute-container-puppet.yaml | 14 ++++++++++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/deployment/cinder/cinder-api-container-puppet.yaml b/deployment/cinder/cinder-api-container-puppet.yaml index 53b9bcfb4c..4d87e54704 100644 --- a/deployment/cinder/cinder-api-container-puppet.yaml +++ b/deployment/cinder/cinder-api-container-puppet.yaml @@ -54,7 +54,7 @@ parameters: Whether to create cron job for purging soft deleted rows in Cinder database. type: boolean CinderPassword: - description: The password for the cinder service account, used by cinder-api. + description: The password for the cinder service and db account. type: string hidden: true KeystoneRegion: diff --git a/deployment/cinder/cinder-base.yaml b/deployment/cinder/cinder-base.yaml index 480d0f1a27..3860b35171 100644 --- a/deployment/cinder/cinder-base.yaml +++ b/deployment/cinder/cinder-base.yaml @@ -9,7 +9,7 @@ parameters: description: The Cinder service's storage availability zone. type: string CinderPassword: - description: The password for the cinder service account, used by cinder-api. + description: The password for the cinder service and db account. type: string hidden: true Debug: diff --git a/deployment/nova/nova-compute-container-puppet.yaml b/deployment/nova/nova-compute-container-puppet.yaml index 8d7bfa80e3..54820fe065 100644 --- a/deployment/nova/nova-compute-container-puppet.yaml +++ b/deployment/nova/nova-compute-container-puppet.yaml @@ -275,6 +275,14 @@ parameters: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true + CinderPassword: + description: The password for the cinder service and db account. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: @@ -418,6 +426,12 @@ outputs: - {get_param: CephClientUserName} tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} rbd_persistent_storage: {get_param: CinderEnableRbdBackend} + nova::cinder::username: 'cinder' + nova::cinder::auth_type: 'v3password' + nova::cinder::project_name: 'service' + nova::cinder::password: {get_param: CinderPassword} + nova::cinder::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]} + nova::cinder::region_name: {get_param: KeystoneRegion} nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} nova::compute::instance_usage_audit: true