From 3ca805041b0fd0847874a479a5bb4fb79b053570 Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Thu, 3 Jun 2021 15:49:57 +0100 Subject: [PATCH] Enable memcached backend for mod_auth_openidc Change-Id: Ie87a7488dad369464793b47c3d2db67d7dc1694e --- ansible/roles/keystone/defaults/main.yml | 3 +++ ansible/roles/keystone/templates/wsgi-keystone.conf.j2 | 4 ++++ .../notes/oidc-memcache-backend-198e27c5168a3d4e.yaml | 6 ++++++ 3 files changed, 13 insertions(+) create mode 100644 releasenotes/notes/oidc-memcache-backend-198e27c5168a3d4e.yaml diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml index 1c75f5790f..e3939b213a 100644 --- a/ansible/roles/keystone/defaults/main.yml +++ b/ansible/roles/keystone/defaults/main.yml @@ -201,3 +201,6 @@ keystone_enable_federation_openid: "{{ enable_keystone_federation | bool and key keystone_should_remove_attribute_mappings: False keystone_should_remove_identity_providers: False keystone_federation_oidc_scopes: "openid email profile" + +# OIDC caching +keystone_oidc_enable_memcached: "{{ enable_memcached }}" diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 index 124ea2ce69..fc0ee9fb26 100644 --- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 +++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -64,6 +64,10 @@ LogLevel info {% endif %} OIDCCryptoPassphrase {{ keystone_federation_openid_crypto_password }} OIDCRedirectURI {{ keystone_public_url }}/redirect_uri +{% if enable_memcached | bool and keystone_oidc_enable_memcached | bool %} + OIDCCacheType memcache + OIDCMemCacheServers "{% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}" +{% endif %} Require valid-user diff --git a/releasenotes/notes/oidc-memcache-backend-198e27c5168a3d4e.yaml b/releasenotes/notes/oidc-memcache-backend-198e27c5168a3d4e.yaml new file mode 100644 index 0000000000..cbb32882d7 --- /dev/null +++ b/releasenotes/notes/oidc-memcache-backend-198e27c5168a3d4e.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Keystone OIDC integration now uses memcached for the caching backend if + ``enable_memcached`` is ``True``. This can be disabled by setting + ``keystone_oidc_enable_memcached`` to ``False``.