From 9dfdc9ef692d891550dfd4101cca9522a29e340e Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Fri, 21 Jun 2019 09:48:28 +0900
Subject: [PATCH] Enable service token in nova and cinder

This patch enables service token feature in nova and cinder, which
can be used to avoid problems in inter-component request caused by
token expiration for long running tasks.

Depends-on: https://review.opendev.org/#/c/666467/
Depends-on: https://review.opendev.org/#/c/666471/
Depends-on: https://review.opendev.org/#/c/666746/
Depends-on: https://review.opendev.org/#/c/670424/
Change-Id: I0ada9fc8e7e919a763ef4f524449265963264fc0
---
 deployment/cinder/cinder-base.yaml    | 5 +++++
 deployment/nova/nova-base-puppet.yaml | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/deployment/cinder/cinder-base.yaml b/deployment/cinder/cinder-base.yaml
index 689e65e956..57c4f953a6 100644
--- a/deployment/cinder/cinder-base.yaml
+++ b/deployment/cinder/cinder-base.yaml
@@ -136,6 +136,11 @@ outputs:
         cinder::cron::db_purge::destination: {get_param: CinderCronDbPurgeDestination}
         cinder::cron::db_purge::max_delay: {get_param: CinderCronDbPurgeMaxDelay}
         cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+        cinder::keystone::service_user::send_service_user_token: true
+        cinder::keystone::service_user::project_name: service
+        cinder::keystone::service_user::auth_type: password
+        cinder::keystone::service_user::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+        cinder::keystone::service_user::password: {get_param: CinderPassword}
         cinder::nova::interface: admin
         cinder::nova::project_name: service
         cinder::nova::auth_type: password
diff --git a/deployment/nova/nova-base-puppet.yaml b/deployment/nova/nova-base-puppet.yaml
index e4867b5c39..cac9ee52ae 100644
--- a/deployment/nova/nova-base-puppet.yaml
+++ b/deployment/nova/nova-base-puppet.yaml
@@ -256,6 +256,11 @@ outputs:
               params:
                 $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
           nova::rabbit_use_ssl: {get_param: RpcUseSSL}
+          nova::keystone::service_user::send_service_user_token: true
+          nova::keystone::service_user::project_name: 'service'
+          nova::keystone::service_user::password: {get_param: NovaPassword}
+          nova::keystone::service_user::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+          nova::keystone::service_user::region_name: {get_param: KeystoneRegion}
           nova::placement::project_name: 'service'
           nova::placement::password: {get_param: PlacementPassword}
           nova::placement::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}