openstack
/
cookbook-openstack-compute
Code Issues Proposed changes

Add a service_user section to nova.conf 

This is needed in order to prevent long-running actions like
live-migration from failing if the user provided token expires
in the meantime. [0],[1]

[0] https://docs.openstack.org/nova/train/admin/live-migration-usage.html#addressing-migration-timeouts
[1] https://docs.openstack.org/nova/train/admin/support-compute.html#user-token-timeout

Change-Id: I00e3a6ac974b73b56b49fadc7751f1c0aaf292ac
This commit is contained in:
Jens Harbott 2021-05-03 12:49:24 +02:00
parent 5afbf620ad
commit a581a52dd6
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
attributes/nova_conf.rb
View File

@ -22,6 +22,14 @@ default['openstack']['compute']['conf'].tap do |conf|
conf['keystone_authtoken']['auth_version'] = 'v3'
conf['keystone_authtoken']['service_token_roles_required'] = true
# [service_user]
conf['service_user']['auth_type'] = 'password'
conf['service_user']['username'] = 'nova'
conf['service_user']['user_domain_name'] = 'Default'
conf['service_user']['project_name'] = 'service'
conf['service_user']['project_domain_name'] = 'Default'
conf['service_user']['send_service_user_token'] = true
# [libvirt]
conf['libvirt']['virt_type'] = 'kvm'
conf['libvirt']['images_type'] = 'default'

7
recipes/nova-common.rb
View File

@ -135,6 +135,10 @@ node.default['openstack']['compute']['conf_secrets']
.[]('keystone_authtoken')['password'] =
get_password 'service', 'openstack-compute'
node.default['openstack']['compute']['conf_secrets']
.[]('service_user')['password'] =
get_password 'service', 'openstack-compute'
node.default['openstack']['compute']['conf_secrets']
.[]('placement')['password'] =
get_password 'service', 'openstack-placement'
@ -160,6 +164,9 @@ node.default['openstack']['compute']['conf'].tap do |conf|
conf['keystone_authtoken']['auth_url'] = auth_url
conf['keystone_authtoken']['www_authenticate_uri'] = auth_url
# [service_user] section
conf['service_user']['auth_url'] = auth_url
# [placement] section
conf['placement']['auth_url'] = auth_url