Add cinder credentials to nova conf

Added user/project CONF with admin role at cinder group, and when determine context is_admin and without token, do authenticaion with user/project info to call cinder api. When set reclaim_instance_interval > 0, and then delete an instance which booted from volume with `delete_on_termination` set as true. After reclaim_instance_interval time pass, all volumes boot instance with state: attached and in-use, even when attached instances was deleted. This happens because as admin context from `nova.compute.manager._reclaim_queued_deletes` did not have any token info, then call cinder api would be failed. The corresponding nova changes merged in change https://review.opendev.org/#/c/522112/ Also rephrased CinderPassword parameter description in cinder service templates to make it generic. Conflicts: deployment/nova/nova-compute-container-puppet.yaml docker/services/cinder-api.yaml Depends-On: https://review.opendev.org/#/c/660383 Related-Bug: #1734025 Change-Id: If0f9e442e5ed3b2d94bc51e65c145519c51cbc86 (cherry picked from commit 8f8b750e4f)
2019-04-30 12:32:34 +05:30 · 2019-04-30 12:32:34 +05:30 · 8da661b1c8
parent dd46170b74
commit 8da661b1c8
3 changed files with 16 additions and 2 deletions
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@ -14,7 +14,7 @@ parameters:
      Whether to create cron job for purging soft deleted rows in Cinder database.
    type: boolean
  CinderPassword:
-    description: The password for the cinder service account, used by cinder-api.
+    description: The password for the cinder service and db account.
    type: string
    hidden: true
  ServiceData:
--- a/puppet/services/cinder-base.yaml
+++ b/puppet/services/cinder-base.yaml
@ -5,7 +5,7 @@ description: >

 parameters:
  CinderPassword:
-    description: The password for the cinder service account, used by cinder-api.
+    description: The password for the cinder service and db account.
    type: string
    hidden: true
  Debug:
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@ -220,6 +220,14 @@ parameters:
    type: boolean
    tags:
      - role_specific
+  CinderPassword:
+    description: The password for the cinder service and db account.
+    type: string
+    hidden: true
+  KeystoneRegion:
+    type: string
+    default: 'regionOne'
+    description: Keystone region for endpoint

 conditions:
  enable_live_migration_tunnelled:
@ -321,6 +329,12 @@ outputs:
                - {get_param: CephClientUserName}
            tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
            rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
+            nova::cinder::username: 'cinder'
+            nova::cinder::auth_type: 'v3password'
+            nova::cinder::project_name: 'service'
+            nova::cinder::password: {get_param: CinderPassword}
+            nova::cinder::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
+            nova::cinder::region_name: {get_param: KeystoneRegion}
            nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
            nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
            nova::compute::instance_usage_audit: true