Adding the following to my nova.conf appears to stop Nova from failing when it gets a 401:
[keystone_authtoken] ... check_revocations_for_cached = True
So, since Nova appears to by-design not automatically check and handle revoked tokens, I think we have the following options to solve the problem:
1. set the above config in the nova-compute charm
2. stop the keystone charm from calling update if password has not changed
3. always restart nova-compute service when password update occurs (i.e. whenever nova-cloud-controller identity-service relation is called)
Personally I think that option 1 is least intrusive and simplest to implement.
Adding the following to my nova.conf appears to stop Nova from failing when it gets a 401:
[keystone_ authtoken] ns_for_ cached = True
...
check_revocatio
So, since Nova appears to by-design not automatically check and handle revoked tokens, I think we have the following options to solve the problem:
1. set the above config in the nova-compute charm
2. stop the keystone charm from calling update if password has not changed
3. always restart nova-compute service when password update occurs (i.e. whenever nova-cloud- controller identity-service relation is called)
Personally I think that option 1 is least intrusive and simplest to implement.