Manage token TTL for Nova VNC console service
Manage token TTL for noVNC console in Nova configuration file
Change-Id: I30c55c717d342976917783de90f2cafc38a6901c
Related-Prod: PROD-21128 (PROD:21128)
diff --git a/README.rst b/README.rst
index 4d698c4..f3c22f6 100644
--- a/README.rst
+++ b/README.rst
@@ -30,7 +30,8 @@
workers: 8
report_interval: 60
dhcp_domain: novalocal
- consoleauth_token_ttl: 600
+ consoleauth:
+ token_ttl: 600
bind:
public_address: 10.0.0.122
public_name: openstack.domain.com
diff --git a/nova/files/ocata/nova-compute.conf.Debian b/nova/files/ocata/nova-compute.conf.Debian
index 6632ffc..7578c00 100644
--- a/nova/files/ocata/nova-compute.conf.Debian
+++ b/nova/files/ocata/nova-compute.conf.Debian
@@ -4306,6 +4306,12 @@
# Minimum value: 0
# Deprecated group/name - [DEFAULT]/console_token_ttl
#token_ttl=600
+{% if compute.consoleauth_token_ttl is defined %}
+{%- set token_ttl = compute.consoleauth_token_ttl %}
+token_ttl = {{ token_ttl }}
+{%- elif compute.get('consoleauth', {}).token_ttl is defined %}
+token_ttl = {{ compute.consoleauth.token_ttl }}
+{% endif %}
[cors]
diff --git a/nova/files/ocata/nova-controller.conf.Debian b/nova/files/ocata/nova-controller.conf.Debian
index 06164f4..d1ce170 100644
--- a/nova/files/ocata/nova-controller.conf.Debian
+++ b/nova/files/ocata/nova-controller.conf.Debian
@@ -4300,6 +4300,12 @@
# Minimum value: 0
# Deprecated group/name - [DEFAULT]/console_token_ttl
#token_ttl=600
+{% if controller.consoleauth_token_ttl is defined %}
+{%- set token_ttl = controller.consoleauth_token_ttl %}
+token_ttl = {{ token_ttl }}
+{%- elif controller.get('consoleauth', {}).token_ttl is defined %}
+token_ttl = {{ controller.consoleauth.token_ttl }}
+{% endif %}
[cors]
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index d3757e7..6c006aa 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -4341,6 +4341,12 @@
# Minimum value: 0
# Deprecated group/name - [DEFAULT]/console_token_ttl
#token_ttl=600
+{% if compute.consoleauth_token_ttl is defined %}
+{%- set token_ttl = compute.consoleauth_token_ttl %}
+token_ttl = {{ token_ttl }}
+{%- elif compute.get('consoleauth', {}).token_ttl is defined %}
+token_ttl = {{ compute.consoleauth.token_ttl }}
+{% endif %}
[cors]
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index 3a434db..80d7f85 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -4315,7 +4315,10 @@
# Deprecated group/name - [DEFAULT]/console_token_ttl
#token_ttl=600
{% if controller.consoleauth_token_ttl is defined %}
-token_ttl = {{ controller.consoleauth_token_ttl }}
+{%- set token_ttl = controller.consoleauth_token_ttl %}
+token_ttl = {{ token_ttl }}
+{%- elif controller.get('consoleauth', {}).token_ttl is defined %}
+token_ttl = {{ controller.consoleauth.token_ttl }}
{% endif %}
[cors]
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
index 9f5155e..bbe09c4 100644
--- a/nova/files/queens/nova-compute.conf.Debian
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -4649,6 +4649,12 @@
# Minimum value: 0
# Deprecated group/name - [DEFAULT]/console_token_ttl
#token_ttl = 600
+{% if compute.consoleauth_token_ttl is defined %}
+{%- set token_ttl = compute.consoleauth_token_ttl %}
+token_ttl = {{ token_ttl }}
+{%- elif compute.get('consoleauth', {}).token_ttl is defined %}
+token_ttl = {{ compute.consoleauth.token_ttl }}
+{% endif %}
[crypto]
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
index 12d1b58..7b42973 100644
--- a/nova/files/queens/nova-controller.conf.Debian
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -4534,7 +4534,10 @@
# Deprecated group/name - [DEFAULT]/console_token_ttl
#token_ttl = 600
{% if controller.consoleauth_token_ttl is defined %}
-token_ttl = {{ controller.consoleauth_token_ttl }}
+{%- set token_ttl = controller.consoleauth_token_ttl %}
+token_ttl = {{ token_ttl }}
+{%- elif controller.get('consoleauth', {}).token_ttl is defined %}
+token_ttl = {{ controller.consoleauth.token_ttl }}
{% endif %}
[cors]
diff --git a/tests/pillar/compute_cluster.sls b/tests/pillar/compute_cluster.sls
index c3a55e2..9534c83 100644
--- a/tests/pillar/compute_cluster.sls
+++ b/tests/pillar/compute_cluster.sls
@@ -95,3 +95,5 @@
user: nova
group: cinder
dynamic_ownership: 1
+ consoleauth:
+ token_ttl: 600
diff --git a/tests/pillar/compute_cluster_vmware.sls b/tests/pillar/compute_cluster_vmware.sls
index 8cf5646..8953178 100644
--- a/tests/pillar/compute_cluster_vmware.sls
+++ b/tests/pillar/compute_cluster_vmware.sls
@@ -80,3 +80,5 @@
images_volume_group: nova_vg
volume_clear: zero
volume_clear_size: 0
+ consoleauth:
+ token_ttl: 600
diff --git a/tests/pillar/compute_cluster_vmware_queens.sls b/tests/pillar/compute_cluster_vmware_queens.sls
index d508fc1..b704198 100644
--- a/tests/pillar/compute_cluster_vmware_queens.sls
+++ b/tests/pillar/compute_cluster_vmware_queens.sls
@@ -80,3 +80,5 @@
images_volume_group: nova_vg
volume_clear: zero
volume_clear_size: 0
+ consoleauth:
+ token_ttl: 600
diff --git a/tests/pillar/compute_single.sls b/tests/pillar/compute_single.sls
index b000da7..6a15ae1 100644
--- a/tests/pillar/compute_single.sls
+++ b/tests/pillar/compute_single.sls
@@ -68,3 +68,5 @@
user: nova
group: cinder
dynamic_ownership: 1
+ consoleauth:
+ token_ttl: 600
diff --git a/tests/pillar/compute_single_config_drive_options.sls b/tests/pillar/compute_single_config_drive_options.sls
index 78cf088..739f876 100644
--- a/tests/pillar/compute_single_config_drive_options.sls
+++ b/tests/pillar/compute_single_config_drive_options.sls
@@ -66,3 +66,5 @@
cdrom: True
format: iso9660
inject_password: True
+ consoleauth:
+ token_ttl: 600
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 24fc414..558a692 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -11,7 +11,6 @@
cpu_allocation_ratio: 16.0
ram_allocation_ratio: 1.5
disk_allocation_ratio: 1.0
- consoleauth_token_ttl: 600
workers: 8
bind:
private_address: 127.0.0.1
@@ -76,6 +75,8 @@
compute: liberty
barbican:
enabled: true
+ consoleauth:
+ token_ttl: 600
apache:
server:
enabled: true
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index f94743b..3fff016 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -81,6 +81,8 @@
enabled: true
strategy: ENCRYPT
secret_key: secret
+ consoleauth:
+ token_ttl: 600
policy:
'context_is_admin': 'role:admin or role:administrator'
'compute:create': 'rule:admin_or_owner'