From 5997ce3ab657293bda11c69b6078e9290676e54b Mon Sep 17 00:00:00 2001
From: Morgan Fainberg <morgan.fainberg@gmail.com>
Date: Wed, 20 Jan 2016 12:43:22 -0800
Subject: [PATCH] Always cache tokens in a shared memcache

Instead of using in-process caching for tokens per service per
worker (disabled by default now), use a shared memcache to cache
token validation(s). This should both offload/speedup validations
and avoid the issues surrounding inconsistent validation responses
when using in-process caching [since each worker caches separately].

Change-Id: Ifc17c27744dac5ad55e84752ca6f68169c2f5a86
---
 files/debs/keystone      |  1 +
 files/rpms-suse/keystone |  1 +
 files/rpms/keystone      |  1 +
 lib/keystone             | 19 ++++++++-----------
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/files/debs/keystone b/files/debs/keystone
index 370e4aac51..fd0317b9b6 100644
--- a/files/debs/keystone
+++ b/files/debs/keystone
@@ -1,5 +1,6 @@
 libkrb5-dev
 libldap2-dev
 libsasl2-dev
+memcached
 python-mysqldb
 sqlite3
diff --git a/files/rpms-suse/keystone b/files/rpms-suse/keystone
index 46832c786d..66cfc23423 100644
--- a/files/rpms-suse/keystone
+++ b/files/rpms-suse/keystone
@@ -1,3 +1,4 @@
 cyrus-sasl-devel
+memcached
 openldap2-devel
 sqlite3
diff --git a/files/rpms/keystone b/files/rpms/keystone
index c01c261e19..170308373a 100644
--- a/files/rpms/keystone
+++ b/files/rpms/keystone
@@ -1,3 +1,4 @@
+memcached
 mod_ssl
 MySQL-python
 sqlite
diff --git a/lib/keystone b/lib/keystone
index 78904de5ab..7592804efa 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -430,6 +430,7 @@ function configure_auth_token_middleware {
     iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
     iniset $conf_file $section cafile $SSL_BUNDLE_FILE
     iniset $conf_file $section signing_dir $signing_dir
+    iniset $conf_file $section memcache_servers $SERVICE_HOST:11211
 }
 
 # init_keystone() - Initialize databases, etc.
@@ -483,6 +484,9 @@ function install_keystonemiddleware {
         # When not installing from repo, keystonemiddleware is still needed...
         pip_install_gr keystonemiddleware
     fi
+    # Install the memcache library so keystonemiddleware can cache tokens in a
+    # shared location.
+    pip_install_gr python-memcached
 }
 
 # install_keystone() - Collect source and prepare
@@ -491,17 +495,7 @@ function install_keystone {
     if is_service_enabled ldap; then
         install_ldap
     fi
-    if [[ "$KEYSTONE_TOKEN_BACKEND" = "memcache" ]]; then
-        # Install memcached and the memcache Python library that keystone uses.
-        # Unfortunately the Python library goes by different names in the .deb
-        # and .rpm circles.
-        install_package memcached
-        if is_ubuntu; then
-            install_package python-memcache
-        else
-            install_package python-memcached
-        fi
-    fi
+
     git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
     setup_develop $KEYSTONE_DIR
 
@@ -550,6 +544,9 @@ function start_keystone {
         start_tls_proxy '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT &
         start_tls_proxy '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT &
     fi
+
+    # (re)start memcached to make sure we have a clean memcache.
+    restart_service memcached
 }
 
 # stop_keystone() - Stop running processes