Browse code
Always cache tokens in a shared memcache
Instead of using in-process caching for tokens per service per
worker (disabled by default now), use a shared memcache to cache
token validation(s). This should both offload/speedup validations
and avoid the issues surrounding inconsistent validation responses
when using in-process caching [since each worker caches separately].
Change-Id: Ifc17c27744dac5ad55e84752ca6f68169c2f5a86
Morgan Fainberg authored on 2016/01/21 05:43:22Showing 4 changed files
| ... | ... |
@@ -430,6 +430,7 @@ function configure_auth_token_middleware {
|
| 430 | 430 |
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI |
| 431 | 431 |
iniset $conf_file $section cafile $SSL_BUNDLE_FILE |
| 432 | 432 |
iniset $conf_file $section signing_dir $signing_dir |
| 433 |
+ iniset $conf_file $section memcache_servers $SERVICE_HOST:11211 |
|
| 433 | 434 |
} |
| 434 | 435 |
|
| 435 | 436 |
# init_keystone() - Initialize databases, etc. |
| ... | ... |
@@ -483,6 +484,9 @@ function install_keystonemiddleware {
|
| 483 | 483 |
# When not installing from repo, keystonemiddleware is still needed... |
| 484 | 484 |
pip_install_gr keystonemiddleware |
| 485 | 485 |
fi |
| 486 |
+ # Install the memcache library so keystonemiddleware can cache tokens in a |
|
| 487 |
+ # shared location. |
|
| 488 |
+ pip_install_gr python-memcached |
|
| 486 | 489 |
} |
| 487 | 490 |
|
| 488 | 491 |
# install_keystone() - Collect source and prepare |
| ... | ... |
@@ -491,17 +495,7 @@ function install_keystone {
|
| 491 | 491 |
if is_service_enabled ldap; then |
| 492 | 492 |
install_ldap |
| 493 | 493 |
fi |
| 494 |
- if [[ "$KEYSTONE_TOKEN_BACKEND" = "memcache" ]]; then |
|
| 495 |
- # Install memcached and the memcache Python library that keystone uses. |
|
| 496 |
- # Unfortunately the Python library goes by different names in the .deb |
|
| 497 |
- # and .rpm circles. |
|
| 498 |
- install_package memcached |
|
| 499 |
- if is_ubuntu; then |
|
| 500 |
- install_package python-memcache |
|
| 501 |
- else |
|
| 502 |
- install_package python-memcached |
|
| 503 |
- fi |
|
| 504 |
- fi |
|
| 494 |
+ |
|
| 505 | 495 |
git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH |
| 506 | 496 |
setup_develop $KEYSTONE_DIR |
| 507 | 497 |
|
| ... | ... |
@@ -550,6 +544,9 @@ function start_keystone {
|
| 550 | 550 |
start_tls_proxy '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT & |
| 551 | 551 |
start_tls_proxy '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT & |
| 552 | 552 |
fi |
| 553 |
+ |
|
| 554 |
+ # (re)start memcached to make sure we have a clean memcache. |
|
| 555 |
+ restart_service memcached |
|
| 553 | 556 |
} |
| 554 | 557 |
|
| 555 | 558 |
# stop_keystone() - Stop running processes |