Bug 1652558

Summary: [RFE] Add memcached_servers option under keystone_authtoken into all services except keystone by T-H-T
Product: Red Hat OpenStack Reporter: Keigo Noha <knoha>
Component: puppet-tripleoAssignee: Moises Guimaraes <moguimar>
Status: CLOSED CURRENTRELEASE QA Contact: Jeremy Agee <jagee>
Severity: medium Docs Contact:
Priority: medium    
Version: 13.0 (Queens)CC: alee, dcadzow, emacchi, fiezzi, hrybacki, jagee, jjoyce, jschluet, mburns, moguimar, nwolf, scohen, slinaber, spower, tkajinam, tvignaud
Target Milestone: z4Keywords: FutureFeature, TestOnly, Triaged, ZStream
Target Release: 16.1 (Train on RHEL 8.2)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: puppet-tripleo-11.5.0-1.20200914161840.f716ef5.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-10 11:58:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Keigo Noha 2018-11-22 11:22:14 UTC 
Description of problem:
RHOSP13 T-H-T configures keystone_authtoken/memecached_servers parameter.
The option has a benefit to reduce the keystone API call and improve the performance.

Configuring the parameter into all services except keystone has a benefit to all users.
Comment 1 Keigo Noha 2019-01-29 05:26:07 UTC 
Hi Team,

Do you have any updates on this bugzilla?

Regards,
Keigo Noha
Comment 2 Keigo Noha 2019-02-26 00:51:45 UTC 
Hi Emilien,

Do you have any updates on this bugzilla?

Regards,
Keigo Noha
Comment 3 Keigo Noha 2019-04-09 00:58:54 UTC 
Hi Emilien,

Do you have any updates on this topic?
Comment 4 Takashi Kajinami 2019-09-11 03:57:41 UTC 
Currently we have patch to implement this, proposed for master.

Nova     : already implemented
Cinder   : https://review.opendev.org/#/c/680845/
Neutron  : https://review.opendev.org/#/c/680852/
Glance   : https://review.opendev.org/#/c/680851/
Swift    : (Not yet implemented)
Heat     : https://review.opendev.org/#/c/680853/
Telemetry: https://review.opendev.org/#/c/681245/
Ironic   : https://review.opendev.org/#/c/680856/
Octavia  : https://review.opendev.org/#/c/680898/
Barbican : https://review.opendev.org/#/c/681371/

I believe the list includes all we need based on component supportability in RHOSP,
but let me know if I miss anything else required.

Also, I'm not sure whether we need it for swift as we already have cache middleware configured.
I guess we still need to configure memcache_servers in authtoken, but need confirmation.
Comment 5 Takashi Kajinami 2019-09-11 10:17:05 UTC 
> Also, I'm not sure whether we need it for swift as we already have cache middleware configured.
> I guess we still need to configure memcache_servers in authtoken, but need confirmation.

Currently we have the following options configured in proxy-server.conf by default.
~~~
[filter:authtoken]
...
cache=swift.cache
~~~

This maes authtoken use the same cache backend as swift, which means that we already use memcache for token caching.
Comment 6 Takashi Kajinami 2019-09-26 10:12:11 UTC 
Nova     : already implemented
Cinder   : https://review.opendev.org/#/c/680845/
Neutron  : https://review.opendev.org/#/c/680852/
Glance   : https://review.opendev.org/#/c/680851/
Swift    : N/A
Heat     : https://review.opendev.org/#/c/680853/
Telemetry: https://review.opendev.org/#/c/681245/
Ironic   : https://review.opendev.org/#/c/680856/
Octavia  : https://review.opendev.org/#/c/680898/
Barbican : https://review.opendev.org/#/c/681371/
Manila   : https://review.opendev.org/#/c/683784/

https://review.opendev.org/#/q/project:%22%255Eopenstack/.*tripleo.*%22+intopic:authtoken-memcache

Now the implementation for the all components in full-support status has been merged into master.
Comment 7 Keigo Noha 2019-10-10 01:13:27 UTC 
Hi Emilien,

Would you look at c#6 and proceed the backport into RHOSP13?

Kind Regards,
Keigo Noha
Comment 8 Keigo Noha 2019-11-06 01:45:02 UTC 
Hi Emilien,

Would you be able to consider the backport of the series of patches into RHOSP13?

Thanks,
Keigo Noha
Comment 9 Emilien Macchi 2019-11-06 09:13:12 UTC 
Keigo, I'll delegate that decision to the security team who own these components.
Comment 10 Keigo Noha 2020-01-10 01:49:29 UTC 
Hi Moises,

According to Emilien's update, this bugzilla should be handled by DFG:Security.
Would you look through the bugzilla and move it forward?

Best Regards,
Keigo Noha
Comment 11 Moises Guimaraes 2020-01-15 12:57:54 UTC 
Hi Keigo,

Sure, I'll include it to our bug triage session this week.
Comment 12 Raildo Mascena de Sousa Filho 2020-09-04 16:51:18 UTC 
Hi, 

I'm triaging this BZ for OSP16.1.3 as a TestOnly, since the code is there for a while, we just want to confirm that everything works just fine and we have support for it.

I'm not sure if we'll be able to backport it for OSP13, it sounds like a good amount of work/risk to backport all of those patches, we're going to need to make a deeper investigation regarding the backport possibility for this BZ.
Comment 17 Lon Hohberger 2020-10-29 10:51:24 UTC 
According to our records, this should be resolved by puppet-tripleo-11.5.0-1.20200914161840.f716ef5.el8ost.  This build is available now.
Comment 18 spower 2021-01-06 15:04:30 UTC 
Exception + flag given