From a581a52dd68d903af7562b825b7041e16fdc2212 Mon Sep 17 00:00:00 2001
From: Jens Harbott <j.harbott@x-ion.de>
Date: Mon, 3 May 2021 12:49:24 +0200
Subject: [PATCH] Add a service_user section to nova.conf

This is needed in order to prevent long-running actions like
live-migration from failing if the user provided token expires
in the meantime. [0],[1]

[0] https://docs.openstack.org/nova/train/admin/live-migration-usage.html#addressing-migration-timeouts
[1] https://docs.openstack.org/nova/train/admin/support-compute.html#user-token-timeout

Change-Id: I00e3a6ac974b73b56b49fadc7751f1c0aaf292ac
---
 attributes/nova_conf.rb | 8 ++++++++
 recipes/nova-common.rb  | 7 +++++++
 2 files changed, 15 insertions(+)

diff --git a/attributes/nova_conf.rb b/attributes/nova_conf.rb
index ed9aa67e..cbc8444a 100644
--- a/attributes/nova_conf.rb
+++ b/attributes/nova_conf.rb
@@ -22,6 +22,14 @@ default['openstack']['compute']['conf'].tap do |conf|
   conf['keystone_authtoken']['auth_version'] = 'v3'
   conf['keystone_authtoken']['service_token_roles_required'] = true
 
+  # [service_user]
+  conf['service_user']['auth_type'] = 'password'
+  conf['service_user']['username'] = 'nova'
+  conf['service_user']['user_domain_name'] = 'Default'
+  conf['service_user']['project_name'] = 'service'
+  conf['service_user']['project_domain_name'] = 'Default'
+  conf['service_user']['send_service_user_token'] = true
+
   # [libvirt]
   conf['libvirt']['virt_type'] = 'kvm'
   conf['libvirt']['images_type'] = 'default'
diff --git a/recipes/nova-common.rb b/recipes/nova-common.rb
index 8fb5eaef..2f2bad2e 100644
--- a/recipes/nova-common.rb
+++ b/recipes/nova-common.rb
@@ -135,6 +135,10 @@ node.default['openstack']['compute']['conf_secrets']
   .[]('keystone_authtoken')['password'] =
   get_password 'service', 'openstack-compute'
 
+node.default['openstack']['compute']['conf_secrets']
+  .[]('service_user')['password'] =
+  get_password 'service', 'openstack-compute'
+
 node.default['openstack']['compute']['conf_secrets']
   .[]('placement')['password'] =
   get_password 'service', 'openstack-placement'
@@ -160,6 +164,9 @@ node.default['openstack']['compute']['conf'].tap do |conf|
   conf['keystone_authtoken']['auth_url'] = auth_url
   conf['keystone_authtoken']['www_authenticate_uri'] = auth_url
 
+  # [service_user] section
+  conf['service_user']['auth_url'] = auth_url
+
   # [placement] section
   conf['placement']['auth_url'] = auth_url