openstack/devstack
Code Issues Proposed changes

Merge "Centralize and configure nova with cinder service user access"

Browse Source
This commit is contained in:
Zuul 2019-12-05 06:26:54 +00:00 committed by Gerrit Code Review
commit edc239d1ea
1 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
lib/nova
View File

@ -468,11 +468,7 @@ function create_nova_conf {
fi fi
if is_service_enabled cinder; then if is_service_enabled cinder; then
if is_service_enabled tls-proxy; then configure_cinder_access
CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
iniset $NOVA_CONF cinder cafile $SSL_BUNDLE_FILE
fi
fi fi
if [ -n "$NOVA_STATE_PATH" ]; then if [ -n "$NOVA_STATE_PATH" ]; then
@ -520,8 +516,6 @@ function create_nova_conf {
# don't let the conductor get out of control now that we're using a pure python db driver # don't let the conductor get out of control now that we're using a pure python db driver
iniset $NOVA_CONF conductor workers "$API_WORKERS" iniset $NOVA_CONF conductor workers "$API_WORKERS"
iniset $NOVA_CONF cinder os_region_name "$REGION_NAME"
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
iniset $NOVA_CONF DEFAULT glance_protocol https iniset $NOVA_CONF DEFAULT glance_protocol https
iniset $NOVA_CONF oslo_middleware enable_proxy_headers_parsing True iniset $NOVA_CONF oslo_middleware enable_proxy_headers_parsing True
@ -593,6 +587,29 @@ function configure_placement_nova_compute {
iniset $conf placement region_name "$REGION_NAME" iniset $conf placement region_name "$REGION_NAME"
} }
# Configure access to cinder.
function configure_cinder_access {
iniset $NOVA_CONF cinder os_region_name "$REGION_NAME"
iniset $NOVA_CONF cinder auth_type "password"
iniset $NOVA_CONF cinder auth_url "$KEYSTONE_SERVICE_URI"
# NOTE(mriedem): This looks a bit weird but we use the nova user here
# since it has the admin role and the cinder user does not. This is
# similar to using the nova user in init_nova_service_user_conf. We need
# to use a user with the admin role for background tasks in nova to
# be able to GET block-storage API resources owned by another project
# since cinder has low-level "is_admin" checks in its DB API.
iniset $NOVA_CONF cinder username nova
iniset $NOVA_CONF cinder password "$SERVICE_PASSWORD"
iniset $NOVA_CONF cinder user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NOVA_CONF cinder project_name "$SERVICE_TENANT_NAME"
iniset $NOVA_CONF cinder project_domain_name "$SERVICE_DOMAIN_NAME"
if is_service_enabled tls-proxy; then
CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
iniset $NOVA_CONF cinder cafile $SSL_BUNDLE_FILE
fi
}
function configure_console_compute { function configure_console_compute {
# If we are running multiple cells (and thus multiple console proxies) on a # If we are running multiple cells (and thus multiple console proxies) on a
# single host, we offset the ports to avoid collisions. We need to # single host, we offset the ports to avoid collisions. We need to