openstack/openstack-ansible-os_keystone
Code Issues Proposed changes

Add memcached caching

Browse Source 
Piggybacking on to the memcached containers that keystone uses for
its token caching we are able to share state between the apache_mod_openidc
instances so that authentications succeed in cases where auth requests
are being routed to more than one keystone container.

Change-Id: Ia978b46f6a6dfc5da8f8ebecb1a3c9fe44948add
This commit is contained in:
Georgina Shippey 2020-04-28 18:11:01 +01:00 committed by Jonathan Rosser
parent 3b283edf8a
commit beebf1196e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
templates/keystone-httpd.conf.j2
View File

@ -49,6 +49,10 @@ Listen {{ keystone_service_port }}
{% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%} {% if keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy is defined -%}
OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }} OIDCOutgoingProxy {{ keystone_sp.trusted_idp_list.0.oidc_outgoing_proxy }}
{% endif -%} {% endif -%}
{% if keystone_cache_servers | length > 0 -%}
OIDCCacheType memcache
OIDCMemCacheServers "{{ keystone_cache_servers | join(' ') }}"
{% endif %}
<Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth> <Location /v3/OS-FEDERATION/identity_providers/{{ keystone_sp.trusted_idp_list.0.name }}/protocols/openid/auth>
Require valid-user Require valid-user