Revert "Keystone Authtoken Cache: allow universal secret key to be set"

This reverts commit 1c85fdc390. Do not use randomly generated strings in configmaps as this leads to whole helm release redeployment even no values are changed. The random items have to be generated outside of helm chart and provided via values. Also previous behaviour didn't allow to use cache during rolling upgrade as new pods were spawned with new key. Change-Id: I423611b18fca0d65e2e721a9c6a0c3d8df0813d2
2019-10-22 14:40:35 +00:00 · 2019-10-22 14:40:35 +00:00 · 90d070390d
commit 90d070390d
parent 400b686f52
34 changed files with 0 additions and 168 deletions
--- a/aodh/templates/configmap-etc.yaml
+++ b/aodh/templates/configmap-etc.yaml
@ -53,10 +53,6 @@ limitations under the License.
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.aodh.keystone_authtoken "memcached_servers" -}}
 {{- end -}}

-{{- if empty .Values.conf.aodh.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.aodh.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}
-
 {{- if empty .Values.conf.aodh.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "aodh" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.aodh.database "connection" -}}
 {{- end -}}
--- a/aodh/values.yaml
+++ b/aodh/values.yaml
@ -468,7 +468,6 @@ conf:
    keystone_authtoken:
      auth_version: v3
      auth_type: password
-      memcache_security_strategy: ENCRYPT
    service_credentials:
      auth_type: password
      interface: internal
--- a/barbican/templates/configmap-etc.yaml
+++ b/barbican/templates/configmap-etc.yaml
@ -47,9 +47,6 @@ limitations under the License.
 {{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
 {{- $_ := tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" -}}
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@ -448,8 +448,6 @@ conf:
    keystone_authtoken:
      auth_type: password
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
-      memcache_secret_key: null
    database:
      max_retries: -1
    barbican_api:
@ -633,13 +631,6 @@ endpoints:
      http:
        default: 15672
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/ceilometer/templates/configmap-etc.yaml
+++ b/ceilometer/templates/configmap-etc.yaml
@ -28,10 +28,6 @@ limitations under the License.
 {{- if empty .Values.conf.ceilometer.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.ceilometer.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.ceilometer.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}
-
 {{- if empty .Values.conf.ceilometer.cache.memcache_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.cache "memcache_servers" -}}
 {{- end -}}
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@ -1877,13 +1877,6 @@ endpoints:
      mongodb:
        default: 27017
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/cinder/templates/configmap-etc.yaml
+++ b/cinder/templates/configmap-etc.yaml
@ -47,9 +47,6 @@ limitations under the License.
 {{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.cinder.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" -}}
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@ -856,7 +856,6 @@ conf:
    keystone_authtoken:
      auth_version: v3
      auth_type: password
-      memcache_security_strategy: ENCRYPT
    oslo_concurrency:
      lock_path: "/var/lib/cinder/tmp"
    oslo_messaging_notifications:
@ -1384,13 +1383,6 @@ endpoints:
      http:
        default: 15672
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/congress/templates/configmap-etc.yaml
+++ b/congress/templates/configmap-etc.yaml
@ -28,9 +28,6 @@ limitations under the License.
 {{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.congress.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.congress.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}}
 {{- $_ := tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" -}}
--- a/congress/values.yaml
+++ b/congress/values.yaml
@ -284,13 +284,6 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/designate/templates/configmap-etc.yaml
+++ b/designate/templates/configmap-etc.yaml
@ -51,10 +51,6 @@
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.designate.keystone_authtoken "memcached_servers" -}}
 {{- end -}}

-{{- if empty .Values.conf.designate.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.designate.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}
-
 {{- if empty (index .Values.conf.designate "storage:sqlalchemy").connection -}}
 {{- $_ := tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set (index .Values.conf.designate "storage:sqlalchemy") "connection" -}}
 {{- $_ := tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.designate.database "connection" -}}
--- a/designate/values.yaml
+++ b/designate/values.yaml
@ -570,7 +570,6 @@ conf:
    keystone_authtoken:
      auth_version: v3
      auth_type: password
-      memcache_security_strategy: ENCRYPT
  logging:
    loggers:
      keys:
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@ -75,12 +75,6 @@ limitations under the License.
 {{- if empty .Values.conf.glance_registry.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}
-{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.glance.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" -}}
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -253,7 +253,6 @@ conf:
    keystone_authtoken:
      auth_type: password
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
    glance_store:
      rbd_store_chunk_size: 8
      rbd_store_replication: 3
@ -382,7 +381,6 @@ conf:
    keystone_authtoken:
      auth_type: password
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
    paste_deploy:
      flavor: keystone
    database:
@ -683,13 +681,6 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/heat/templates/configmap-etc.yaml
+++ b/heat/templates/configmap-etc.yaml
@ -70,9 +70,6 @@ limitations under the License.
 {{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.heat.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.heat.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" -}}
--- a/heat/values.yaml
+++ b/heat/values.yaml
@ -439,7 +439,6 @@ conf:
    keystone_authtoken:
      auth_type: password
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
    database:
      max_retries: -1
    trustee:
@ -951,13 +950,6 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/ironic/templates/configmap-etc.yaml
+++ b/ironic/templates/configmap-etc.yaml
@ -45,9 +45,6 @@ limitations under the License.
 {{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.ironic.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.ironic.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}}
--- a/ironic/values.yaml
+++ b/ironic/values.yaml
@ -457,13 +457,6 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/magnum/templates/configmap-etc.yaml
+++ b/magnum/templates/configmap-etc.yaml
@ -47,9 +47,6 @@ limitations under the License.
 {{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.magnum.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" -}}
--- a/magnum/values.yaml
+++ b/magnum/values.yaml
@ -129,7 +129,6 @@ conf:
    keystone_authtoken:
      auth_type: password
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
    api:
      # NOTE(portdirect): the bind port should not be defined, and is manipulated
      # via the endpoints section.
@ -429,13 +428,6 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/mistral/templates/configmap-etc.yaml
+++ b/mistral/templates/configmap-etc.yaml
@ -47,9 +47,6 @@ limitations under the License.
 {{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.mistral.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" -}}
--- a/mistral/values.yaml
+++ b/mistral/values.yaml
@ -303,13 +303,6 @@ endpoints:
      http:
        default: 15672
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
@ -468,7 +461,6 @@ conf:
    keystone_authtoken:
      auth_type: password
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
  logging:
    loggers:
      keys:
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@ -49,9 +49,6 @@ limitations under the License.
 {{- if empty $envAll.Values.conf.neutron.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.neutron.keystone_authtoken "memcached_servers" -}}
 {{- end }}
-{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty $envAll.Values.conf.neutron.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.database "connection" -}}
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -1813,7 +1813,6 @@ conf:
    ironic:
      endpoint_type: internal
    keystone_authtoken:
-      memcache_security_strategy: ENCRYPT
      auth_type: password
      auth_version: v3
    octavia:
@ -2136,13 +2135,6 @@ endpoints:
      http:
        default: 15672
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@ -48,9 +48,6 @@ limitations under the License.
 {{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if .Values.conf.nova.service_user.send_service_user_token -}}

@ -214,10 +211,6 @@ limitations under the License.
 {{- $_ := set .Values.conf.nova.ironic "auth_version" .Values.endpoints.identity.auth.ironic.auth_version -}}
 {{- end -}}

-{{- if empty .Values.conf.nova.ironic.memcache_secret_key -}}
-{{- $_ := (default (randAlphaNum 64) .Values.endpoints.oslo_cache.auth.memcache_secret_key) | set .Values.conf.nova.ironic "memcache_secret_key" -}}
-{{- end -}}
-
 {{- if empty .Values.conf.nova.ironic.memcache_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.ironic "memcache_servers" -}}
 {{- end -}}
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -1727,7 +1727,6 @@ conf:
    keystone_authtoken:
      auth_type: password
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
    service_user:
      auth_type: password
      send_service_user_token: false
@ -1950,13 +1949,6 @@ endpoints:
      http:
        default: 15672
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/octavia/templates/configmap-etc.yaml
+++ b/octavia/templates/configmap-etc.yaml
@ -49,9 +49,6 @@ limitations under the License.
 {{- if empty .Values.conf.octavia.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.octavia.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.octavia.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.octavia.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.octavia.service_auth.auth_url -}}
 {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.octavia.service_auth "auth_url" -}}
@ -76,9 +73,6 @@ limitations under the License.
 {{- if empty .Values.conf.octavia.service_auth.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.octavia.service_auth "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.octavia.service_auth.memcache_secret_key -}}
-{{- $_ := set .Values.conf.octavia.service_auth "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.octavia.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.database "connection" -}}
--- a/octavia/values.yaml
+++ b/octavia/values.yaml
@ -220,7 +220,6 @@ conf:
    keystone_authtoken:
      auth_type: password
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
    certificates:
      ca_private_key_passphrase: foobar
      ca_private_key: /etc/octavia/certs/private/cakey.pem
@ -260,7 +259,6 @@ conf:
      auth_type: password
      cafile: ""
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
  logging:
    loggers:
      keys:
--- a/panko/templates/configmap-etc.yaml
+++ b/panko/templates/configmap-etc.yaml
@ -53,10 +53,6 @@ limitations under the License.
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "memcached_servers" -}}
 {{- end -}}

-{{- if empty .Values.conf.panko.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.panko.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}
-
 {{- if empty .Values.conf.panko.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "panko" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.panko.database "connection" -}}
 {{- end -}}
--- a/panko/values.yaml
+++ b/panko/values.yaml
@ -258,7 +258,6 @@ conf:
    keystone_authtoken:
      auth_version: v3
      auth_type: password
-      memcache_security_strategy: ENCRYPT
  logging:
    loggers:
      keys:
--- a/rally/templates/configmap-etc.yaml
+++ b/rally/templates/configmap-etc.yaml
@ -44,9 +44,6 @@ limitations under the License.
 {{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.rally.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.rally.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.rally.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.rally.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" -}}
--- a/rally/values.yaml
+++ b/rally/values.yaml
@ -280,9 +280,6 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
-    auth:
-      keystone_authtoken:
-        secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/senlin/templates/configmap-etc.yaml
+++ b/senlin/templates/configmap-etc.yaml
@ -48,9 +48,6 @@ limitations under the License.
 {{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken "memcached_servers" -}}
 {{- end -}}
-{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}}
-{{- $_ := set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
-{{- end -}}

 {{- if empty .Values.conf.senlin.database.connection -}}
 {{- $_ := tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" -}}
--- a/senlin/values.yaml
+++ b/senlin/values.yaml
@ -175,7 +175,6 @@ conf:
    keystone_authtoken:
      auth_type: password
      auth_version: v3
-      memcache_security_strategy: ENCRYPT
    senlin_api:
      # NOTE(portdirect): the bind port should not be defined, and is manipulated
      # via the endpoints section.
@ -448,13 +447,6 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
-    auth:
-      # NOTE(portdirect): this is used to define the value for keystone
-      # authtoken cache encryption key, if not set it will be populated
-      # automatically with a random value, but to take advantage of
-      # this feature all services should be set to use the same key,
-      # and memcache service.
-      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override: