Bug 1652558 - [RFE] Add memcached_servers option under keystone_authtoken into all services except keystone by T-H-T
Summary: [RFE] Add memcached_servers option under keystone_authtoken into all services...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: puppet-tripleo
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: z4
: 16.1 (Train on RHEL 8.2)
Assignee: Moises Guimaraes
QA Contact: Jeremy Agee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-22 11:22 UTC by Keigo Noha
Modified: 2021-02-10 11:58 UTC (History)
16 users (show)

Fixed In Version: puppet-tripleo-11.5.0-1.20200914161840.f716ef5.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-10 11:58:38 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Keigo Noha 2018-11-22 11:22:14 UTC
Description of problem:
RHOSP13 T-H-T configures keystone_authtoken/memecached_servers parameter.
The option has a benefit to reduce the keystone API call and improve the performance.

Configuring the parameter into all services except keystone has a benefit to all users.

Comment 1 Keigo Noha 2019-01-29 05:26:07 UTC
Hi Team,

Do you have any updates on this bugzilla?

Regards,
Keigo Noha

Comment 2 Keigo Noha 2019-02-26 00:51:45 UTC
Hi Emilien,

Do you have any updates on this bugzilla?

Regards,
Keigo Noha

Comment 3 Keigo Noha 2019-04-09 00:58:54 UTC
Hi Emilien,

Do you have any updates on this topic?

Comment 4 Takashi Kajinami 2019-09-11 03:57:41 UTC
Currently we have patch to implement this, proposed for master.

Nova     : already implemented
Cinder   : https://review.opendev.org/#/c/680845/
Neutron  : https://review.opendev.org/#/c/680852/
Glance   : https://review.opendev.org/#/c/680851/
Swift    : (Not yet implemented)
Heat     : https://review.opendev.org/#/c/680853/
Telemetry: https://review.opendev.org/#/c/681245/
Ironic   : https://review.opendev.org/#/c/680856/
Octavia  : https://review.opendev.org/#/c/680898/
Barbican : https://review.opendev.org/#/c/681371/

I believe the list includes all we need based on component supportability in RHOSP,
but let me know if I miss anything else required.

Also, I'm not sure whether we need it for swift as we already have cache middleware configured.
I guess we still need to configure memcache_servers in authtoken, but need confirmation.

Comment 5 Takashi Kajinami 2019-09-11 10:17:05 UTC
> Also, I'm not sure whether we need it for swift as we already have cache middleware configured.
> I guess we still need to configure memcache_servers in authtoken, but need confirmation.

Currently we have the following options configured in proxy-server.conf by default.
~~~
[filter:authtoken]
...
cache=swift.cache
~~~

This maes authtoken use the same cache backend as swift, which means that we already use memcache for token caching.

Comment 7 Keigo Noha 2019-10-10 01:13:27 UTC
Hi Emilien,

Would you look at c#6 and proceed the backport into RHOSP13?

Kind Regards,
Keigo Noha

Comment 8 Keigo Noha 2019-11-06 01:45:02 UTC
Hi Emilien,

Would you be able to consider the backport of the series of patches into RHOSP13?

Thanks,
Keigo Noha

Comment 9 Emilien Macchi 2019-11-06 09:13:12 UTC
Keigo, I'll delegate that decision to the security team who own these components.

Comment 10 Keigo Noha 2020-01-10 01:49:29 UTC
Hi Moises,

According to Emilien's update, this bugzilla should be handled by DFG:Security.
Would you look through the bugzilla and move it forward?

Best Regards,
Keigo Noha

Comment 11 Moises Guimaraes 2020-01-15 12:57:54 UTC
Hi Keigo,

Sure, I'll include it to our bug triage session this week.

Comment 12 Raildo Mascena de Sousa Filho 2020-09-04 16:51:18 UTC
Hi, 

I'm triaging this BZ for OSP16.1.3 as a TestOnly, since the code is there for a while, we just want to confirm that everything works just fine and we have support for it.

I'm not sure if we'll be able to backport it for OSP13, it sounds like a good amount of work/risk to backport all of those patches, we're going to need to make a deeper investigation regarding the backport possibility for this BZ.

Comment 17 Lon Hohberger 2020-10-29 10:51:24 UTC
According to our records, this should be resolved by puppet-tripleo-11.5.0-1.20200914161840.f716ef5.el8ost.  This build is available now.

Comment 18 spower 2021-01-06 15:04:30 UTC
Exception + flag given


Note You need to log in before you can comment on or make changes to this bug.