openstack/devstack
Code Issues Proposed changes

Always cache tokens in a shared memcache

Browse Source 
Instead of using in-process caching for tokens per service per
worker (disabled by default now), use a shared memcache to cache
token validation(s). This should both offload/speedup validations
and avoid the issues surrounding inconsistent validation responses
when using in-process caching [since each worker caches separately].

Change-Id: Ifc17c27744dac5ad55e84752ca6f68169c2f5a86
This commit is contained in:
Morgan Fainberg 2016-01-20 12:43:22 -08:00
parent 1d27155f65
commit 5997ce3ab6
4 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
files/debs/keystone
View File

@ -1,5 +1,6 @@
libkrb5-dev libkrb5-dev
libldap2-dev libldap2-dev
libsasl2-dev libsasl2-dev
memcached
python-mysqldb python-mysqldb
sqlite3 sqlite3

1
files/rpms-suse/keystone
View File

@ -1,3 +1,4 @@
cyrus-sasl-devel cyrus-sasl-devel
memcached
openldap2-devel openldap2-devel
sqlite3 sqlite3

1
files/rpms/keystone
View File

@ -1,3 +1,4 @@
memcached
mod_ssl mod_ssl
MySQL-python MySQL-python
sqlite sqlite

19
lib/keystone
View File

@ -430,6 +430,7 @@ function configure_auth_token_middleware {
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
iniset $conf_file $section cafile $SSL_BUNDLE_FILE iniset $conf_file $section cafile $SSL_BUNDLE_FILE
iniset $conf_file $section signing_dir $signing_dir iniset $conf_file $section signing_dir $signing_dir
iniset $conf_file $section memcache_servers $SERVICE_HOST:11211
} }
# init_keystone() - Initialize databases, etc. # init_keystone() - Initialize databases, etc.
@ -483,6 +484,9 @@ function install_keystonemiddleware {
# When not installing from repo, keystonemiddleware is still needed... # When not installing from repo, keystonemiddleware is still needed...
pip_install_gr keystonemiddleware pip_install_gr keystonemiddleware
fi fi
# Install the memcache library so keystonemiddleware can cache tokens in a
# shared location.
pip_install_gr python-memcached
} }
# install_keystone() - Collect source and prepare # install_keystone() - Collect source and prepare
@ -491,17 +495,7 @@ function install_keystone {
if is_service_enabled ldap; then if is_service_enabled ldap; then
install_ldap install_ldap
fi fi
if [[ "$KEYSTONE_TOKEN_BACKEND" = "memcache" ]]; then
# Install memcached and the memcache Python library that keystone uses.
# Unfortunately the Python library goes by different names in the .deb
# and .rpm circles.
install_package memcached
if is_ubuntu; then
install_package python-memcache
else
install_package python-memcached
fi
fi
git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
setup_develop $KEYSTONE_DIR setup_develop $KEYSTONE_DIR
@ -550,6 +544,9 @@ function start_keystone {
start_tls_proxy '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT & start_tls_proxy '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT &
start_tls_proxy '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT & start_tls_proxy '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT &
fi fi
# (re)start memcached to make sure we have a clean memcache.
restart_service memcached
} }
# stop_keystone() - Stop running processes # stop_keystone() - Stop running processes