Comment 14 for bug 1753550

The problem is that the periodic doesn't have a token, and [glance]/api_servers isn't configured, so when the notification code is trying to build a payload, it's trying to get the image API endpoint URL to build a link to the image for the notification. Getting the endpoint URL without a token fails.

This is the code that matters:

https://github.com/openstack/nova/blob/7833ada4fd8e42a773cb6849449708fcb20cbc0c/nova/notifications/base.py#L397

https://github.com/openstack/nova/blob/7833ada4fd8e42a773cb6849449708fcb20cbc0c/nova/image/api.py#L65

https://github.com/openstack/nova/blob/7833ada4fd8e42a773cb6849449708fcb20cbc0c/nova/image/glance.py#L120

If [glance]/api_servers is configured, then we don't go through keystoneauth1 to get the service catalog from keystone.

So options seem to be:

1. Add the ability to specify an admin or service user credentials in nova.conf for the [glance] section which we can use during periodics. This is a bit heavy weight when we've never needed it before.

2. Handle the EndpointNotFound error when building the notification payload and just set image_ref_url to the image id. Yes this is technically a change in the payload, but it's better than breaking everything. Long-term, the versioned notification payload could drop image_ref_url and just pass the image id, which is probably more useful anyway since the consumer might not be able to even reach the URL that's in the payload. We can't change the legacy notification payload, but we can eventually deprecate that in favor of the versioned notifications.