3.3. Enabling service tokens between the Compute service and the Block Storage service
As an administrator, if you want to prevent user request token timeouts when attaching or detaching volumes, you must enable service tokens on all overcloud nodes that run the Compute (nova) service or the Block Storage (cinder) service.
Procedure
-
Create an environment file to configure the service tokens, such as
service_tokens.yaml
. Add the following configuration parameters to the service token environment file:
parameter_defaults: ComputeExtraConfig: nova::config::nova_config: service_user/send_service_user_token: value: true service_user/username: value: nova service_user/auth_strategy: value: keystone service_user/auth_type: value: password service_user/password: value: "%{hiera('nova::placement::password')}" service_user/auth_url: value: "%{hiera('nova::placement::auth_url')}" service_user/user_domain_name: value: "Default" service_user/project_name: value: "%{hiera('nova::placement::project_name')}" service_user/project_default_name: value: "Default" ControllerExtraConfig: nova::config::nova_config: keystone_authtoken/service_token_roles_required: value: true keystone_authtoken/service_token_roles: value: admin service_user/send_service_user_token: value: true service_user/username: value: nova service_user/auth_strategy: value: keystone service_user/auth_type: value: password service_user/password: value: "%{hiera('nova::keystone::authtoken::password')}" service_user/auth_url: value: "%{hiera('nova::keystone::authtoken::auth_url')}" service_user/user_domain_name: value: "%{hiera('nova::keystone::authtoken::user_domain_name')}" service_user/project_name: value: "%{hiera('nova::keystone::authtoken::project_name')}" service_user/project_domain_name: value: "%{hiera('nova::keystone::authtoken::project_domain_name')}" cinder::config::cinder_config: keystone_authtoken/service_token_roles_required: value: true keystone_authtoken/service_token_roles: value: admin service_user/send_service_user_token: value: true service_user/username: value: cinder service_user/auth_strategy: value: keystone service_user/auth_type: value: password service_user/password: value: "%{hiera('cinder::keystone::authtoken::password')}" service_user/auth_url: value: "%{hiera('cinder::keystone::authtoken::auth_url')}" service_user/user_domain_name: value: "%{hiera('cinder::keystone::authtoken::user_domain_name')}" service_user/project_name: value: "%{hiera('cinder::keystone::authtoken::project_name')}" service_user/project_domain_name: value: "%{hiera('cinder::keystone::authtoken::project_domain_name')}" BlockStorageExtraConfig: cinder::config::cinder_config: keystone_authtoken/service_token_roles_required: value: true keystone_authtoken/service_token_roles: value: admin service_user/send_service_user_token: value: true service_user/username: value: cinder service_user/auth_strategy: value: keystone service_user/auth_type: value: password service_user/password: value: "%{hiera('cinder::keystone::authtoken::password')}" service_user/auth_url: value: "%{hiera('cinder::keystone::authtoken::auth_url')}" service_user/user_domain_name: value: "%{hiera('cinder::keystone::authtoken::user_domain_name')}" service_user/project_name: value: "%{hiera('cinder::keystone::authtoken::project_name')}" service_user/project_domain_name: value: "%{hiera('cinder::keystone::authtoken::project_domain_name')}"
Add the service token environment file to the stack with your other environment files and deploy the overcloud:
(undercloud)$ openstack overcloud deploy --templates \ -e [your environment files] \ -e /home/stack/templates/service_tokens.yaml \