Use service tokens
Some operations in Nova could take a long time to complete. During this
time user token associated with this request could expire. When Nova tries
to communicate with other services using the same user token, Keystone fails
to validate the request due to expired token.
Service token will be passed along with user token to communicate with
services when dealing with long running tasks like live migration.
Keystone middlewere trusts that the service got the user token when
it was valid, don't check the expiry date of cert.
Previously-
Blueprint information
- Status:
- Complete
- Approver:
- Matt Riedemann
- Priority:
- Medium
- Drafter:
- Pushkar Umaranikar
- Direction:
- Approved
- Assignee:
- Eric Fried
- Definition:
- Approved
- Series goal:
- Accepted for pike
- Implementation:
-
Implemented
- Milestone target:
-
pike-3
- Started by
- Matt Riedemann
- Completed by
- Matt Riedemann
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Adopts keystoneauth with glance client.
Addressed by: https:/
Add service_token for nova-glance interaction
Addressed by: https:/
DNM: Test service token in Glance
Gerrit topic: https:/
Work Items
Dependency tree
* Blueprints in grey have been implemented.
