This is a specless blueprint for adding service token to be used to solve the user token expiration issue for long running tasks.
Some operations in Cinder could take a long time to complete. During this
time user token associated with this request could expire. When Cinder tries
to communicate with other services using the same user token, Keystone fails
to validate the request due to expired token.
Service token will be passed along with user token to communicate with
cross projects services when dealing with long running tasks like:
Glance service:
Create image by volume
Create volume by image
Nova service:
update_
create_
delete_
Keystone middleware trusts that the service got the user token when
it was valid, don't check the expiry date of cert.
P.S: Service token is already used by nova for interacting with glance which is implemented by this BP: https:/
The below long pending blueprint also solves the same problem, but their design is totally different from ours.https:/
Blueprint information
- Status:
- Complete
- Approver:
- Jay Bryant
- Priority:
- Medium
- Drafter:
- Niraj Singh
- Direction:
- Approved
- Assignee:
- Niraj Singh
- Definition:
- New
- Series goal:
- Accepted for queens
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Eric Harney
- Completed by
- Eric Harney
Related branches
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add service_token for cinder-nova interaction
Addressed by: https:/
Add service_token for cinder-glance interaction