Configure nova to use service user tokens
Long-running operations such as live migration or snapshot can
sometimes overrun the expiry of the user token.
In such cases, post operations such as cleaning up after a live
migration can fail when the nova-compute service needs to cleanup
resources in other services, such as in the block-storage (cinder)
or networking (neutron) services.
This patch enables nova to use service user tokens to supplement
the regular user token used to initiate the operation.
The identity service (keystone) will then authenticate a request
using the service user token if the user token has already expired.
Change-Id: I203f2dfc97bdc65dd424e1085ce2e20a5e9dbf40
Related-Prod: PROD-27591
(cherry picked from commit 6d821f5893a02b40b5bc0477b568b6de03590ad7)
Fix typo in nova service user configuration
Change-Id: I2f16217d3c3ba8abf0313527b813fc1592de4088
Related-Prod: https://mirantis.jira.com/browse/PROD-27864
Related-Prod: https://mirantis.jira.com/browse/PROD-27591
(cherry picked from commit f7c76187fb1cfbc81f23ae82dcfe58bfc3582739)
Rework nova service_user section
This patch overrides the service user data taken from identity
pillar by the data from service user pillar if specified.
Change-Id: Iaec201ae949c3dae44b1efc6b91a21623407b711
Related-Prod: PROD-27591
(cherry picked from commit f4f91a1c23fb75714d23e3df200f4297fb218b9e)
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index e3bf663..97e8e43 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -32,6 +32,14 @@
user: nova
password: password
tenant: service
+ service_user:
+ enabled: True
+ user_domain_id: default
+ project_domain_id: default
+ project_name: service
+ username: nova
+ password: pswd
+
logging:
log_appender: false
log_handlers: