commit 3beb08586177c08b2b2a8fd5fc7999d38b793970
author Oleksandr Bryndzii <obryndzii@mirantis.com> Wed Feb 27 16:44:01 2019 +0200
committer Oleksandr Bryndzii <obryndzii@mirantis.com> Sat Mar 02 20:46:16 2019 +0200
tree feaafc013c57881bf3342c27e400a2d153457924
parent 27e7764209e05c115d53d332aebac636f90ab993

Configure cinder to use service user tokens

Long-running operations such as snapshot can sometimes overrun the
expiry of the user token. In such cases, post operations such as
cleaning up after a snapshot can fail when the cinder service needs
to cleanup resources.
This patch enables cinder to use service user tokens to supplement
the regular user token used to initiate the operation.
The identity service (keystone) will then authenticate a request
using the service user token if the user token has already expired.

Change-Id: I3c794ae27b543e1a5df60696bb4a351e9d11a387
Related-Prod: PROD-25985

README.rst

diff --git a/README.rst b/README.rst
index a3a507c..6c97682 100644
--- a/README.rst
+++ b/README.rst
@@ -895,6 +895,30 @@
           max_retries: '-1'
           max_overflow: 40
 
+Configure cinder to use service user tokens:
+========
+Long-running operations such as snapshot can sometimes overrun the expiry of the user token.
+In such cases, post operations such as cleaning up after a snapshot can fail when the
+cinder service needs to cleanup resources.
+
+This pillar enables cinder to use service user tokens to supplement the regular user token
+used to initiate the operation. The identity service (keystone) will then authenticate
+a request using the service user token if the user token has already expired.
+
+.. code-block:: yaml
+
+   cinder:
+     controller:
+     enabled: True
+     ...
+       service_user:
+         enabled: True
+         auth_type: password
+         user_domain_id: default
+         project_domain_id: default
+         project_name: service
+         username: cinder
+         password: pswd
 
 Upgrades
 ========