From 3bf121591a62686fd6a407c7c02e8c790658f641 Mon Sep 17 00:00:00 2001
From: Morgan Fainberg <morgan.fainberg@gmail.com>
Date: Wed, 20 Jan 2016 12:43:22 -0800
Subject: [PATCH] Always cache tokens in a shared memcache

Instead of using in-process caching for tokens per service per
worker (disabled by default now), use a shared memcache to cache
token validation(s). This should both offload/speedup validations
and avoid the issues surrounding inconsistent validation responses
when using in-process caching [since each worker caches separately].

Conflicts:
    files/debs/keystone
    files/rpms/keystone

Change-Id: Ifc17c27744dac5ad55e84752ca6f68169c2f5a86
(cherry picked from commit afd84acd0313ff6edde0cc7a6bc7c3e0bab7ac8c)
---
 files/debs/keystone      |  1 +
 files/rpms-suse/keystone |  1 +
 files/rpms/keystone      |  1 +
 lib/keystone             | 20 +++++++++-----------
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/files/debs/keystone b/files/debs/keystone
index f5816b59de..dd533d0e9b 100644
--- a/files/debs/keystone
+++ b/files/debs/keystone
@@ -4,3 +4,4 @@ python-mysql.connector
 libldap2-dev
 libsasl2-dev
 libkrb5-dev
+memcached
diff --git a/files/rpms-suse/keystone b/files/rpms-suse/keystone
index c838b413c3..bd5367c10d 100644
--- a/files/rpms-suse/keystone
+++ b/files/rpms-suse/keystone
@@ -1,4 +1,5 @@
 cyrus-sasl-devel
+memcached
 openldap2-devel
 python-devel
 sqlite3
diff --git a/files/rpms/keystone b/files/rpms/keystone
index 8074119fdb..141408a4d4 100644
--- a/files/rpms/keystone
+++ b/files/rpms/keystone
@@ -1,4 +1,5 @@
 MySQL-python
 libxslt-devel
 sqlite
+memcached
 mod_ssl
diff --git a/lib/keystone b/lib/keystone
index ec28b46341..63a1398660 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -443,6 +443,7 @@ function configure_auth_token_middleware {
     iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
     iniset $conf_file $section cafile $SSL_BUNDLE_FILE
     iniset $conf_file $section signing_dir $signing_dir
+    iniset $conf_file $section memcache_servers 127.0.0.1:11211
 }
 
 # init_keystone() - Initialize databases, etc.
@@ -512,17 +513,11 @@ function install_keystone {
     if is_service_enabled ldap; then
         install_ldap
     fi
-    if [[ "$KEYSTONE_TOKEN_BACKEND" = "memcache" ]]; then
-        # Install memcached and the memcache Python library that keystone uses.
-        # Unfortunately the Python library goes by different names in the .deb
-        # and .rpm circles.
-        install_package memcached
-        if is_ubuntu; then
-            install_package python-memcache
-        else
-            install_package python-memcached
-        fi
-    fi
+
+    # Install the memcache library so keystonemiddleware can cache tokens in a
+    # shared location.
+    pip_install python-memcached
+
     git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
     setup_develop $KEYSTONE_DIR
     if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
@@ -566,6 +561,9 @@ function start_keystone {
         start_tls_proxy '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT &
         start_tls_proxy '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT &
     fi
+
+    # (re)start memcached to make sure we have a clean memcache.
+    restart_service memcached
 }
 
 # stop_keystone() - Stop running processes