Configure cinder service token
Glance is implementing new location APIs, for which, cinder needs
to pass service token to register a location in glance.
This is required in the case when glance is using cinder as a backend
and cinder tries to upload a volume in the optimized path.
We are adding a new option, ``CINDER_USE_SERVICE_TOKEN`` that will
configure the service user section in cinder.conf. By default, it
is set to False.
Change-Id: I0045539f1e31a6d26c4f31935c5ddfaaa7607a48
diff --git a/lib/cinder b/lib/cinder
index f80542a..0adca4f 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -88,6 +88,10 @@
# thin provisioning.
CINDER_LVM_TYPE=${CINDER_LVM_TYPE:-auto}
+# ``CINDER_USE_SERVICE_TOKEN`` is a mode where service token is passed along with
+# user token while communicating to external REST APIs like Glance.
+CINDER_USE_SERVICE_TOKEN=$(trueorfalse True CINDER_USE_SERVICE_TOKEN)
+
# Default backends
# The backend format is type:name where type is one of the supported backend
# types (lvm, nfs, etc) and name is the identifier used in the Cinder
@@ -445,6 +449,10 @@
iniset $CINDER_CONF oslo_policy enforce_scope false
iniset $CINDER_CONF oslo_policy enforce_new_defaults false
fi
+
+ if [ "$CINDER_USE_SERVICE_TOKEN" == "True" ]; then
+ init_cinder_service_user_conf
+ fi
}
# create_cinder_accounts() - Set up common required cinder accounts
@@ -761,6 +769,12 @@
done
}
+function init_cinder_service_user_conf {
+ configure_keystone_authtoken_middleware $CINDER_CONF cinder service_user
+ iniset $CINDER_CONF service_user send_service_user_token True
+ iniset $CINDER_CONF service_user auth_strategy keystone
+}
+
# Restore xtrace
$_XTRACE_CINDER