Do not support toggling key_manglers in cache layer
Due to needing to pass the PKI token (complete id) to the backend, the cache layer needs to ensure that the cache-key is always shortened down to a reasonable length. Disabling the key_mangler should only have ever been done in limited debug configurations. Real deployments would be unable to reliably run without the key mangler (due to cache-key length on most systems being exceeded by the Token calls). This change of ID being passed around is for supporting non-persistent tokens. DocImpact: configuration.rst updated to reflect the change in configuration options for keystone cache layer. bp: non-persistent-tokens Change-Id: Ia4eb3df7ccffa58ee867120f698e24d926f0ec9e
This commit is contained in:
parent
50be156554
commit
19e1db785d
@ -296,10 +296,6 @@ behavior is that subsystem caching is enabled, but the global toggle is set to d
|
||||
back end and in the format of ``<argument name>:<argument value>``.
|
||||
e.g.: ``backend_argument = host:localhost``
|
||||
* ``proxies`` - comma delimited list of `ProxyBackends`_ e.g. ``my.example.Proxy, my.example.Proxy2``
|
||||
* ``use_key_mangler`` - Use a key-mangling function (sha1) to ensure fixed length cache-keys.
|
||||
This is toggle-able for debugging purposes, it is highly recommended to always
|
||||
leave this set to True. If the cache backend provides a key-mangler, this
|
||||
option has no effect.
|
||||
|
||||
Current keystone systems that have caching capabilities:
|
||||
* ``token``
|
||||
|
@ -143,7 +143,7 @@
|
||||
#allowed_rpc_exception_modules=oslo.messaging.exceptions,nova.exception,cinder.exception,exceptions
|
||||
|
||||
# Qpid broker hostname. (string value)
|
||||
#qpid_hostname=keystone
|
||||
#qpid_hostname=localhost
|
||||
|
||||
# Qpid broker port. (integer value)
|
||||
#qpid_port=5672
|
||||
@ -200,7 +200,7 @@
|
||||
|
||||
# The RabbitMQ broker address where a single node is used.
|
||||
# (string value)
|
||||
#rabbit_host=keystone
|
||||
#rabbit_host=localhost
|
||||
|
||||
# The RabbitMQ broker port where a single node is used.
|
||||
# (integer value)
|
||||
@ -550,12 +550,6 @@
|
||||
# dogpile.cache.memory backend. (string value)
|
||||
#backend=keystone.common.cache.noop
|
||||
|
||||
# Use a key-mangling function (sha1) to ensure fixed length
|
||||
# cache-keys. This is toggle-able for debugging purposes, it
|
||||
# is highly recommended to always leave this set to true.
|
||||
# (boolean value)
|
||||
#use_key_mangler=true
|
||||
|
||||
# Arguments supplied to the backend module. Specify this
|
||||
# option once per argument to be passed to the dogpile.cache
|
||||
# backend. Example format: "<argname>:<value>". (multi valued)
|
||||
@ -826,7 +820,7 @@
|
||||
#
|
||||
|
||||
# URL for connecting to the LDAP server. (string value)
|
||||
#url=ldap://keystone
|
||||
#url=ldap://localhost
|
||||
|
||||
# User BindDN to query the LDAP server. (string value)
|
||||
#user=<None>
|
||||
@ -1294,7 +1288,7 @@
|
||||
|
||||
# SSL certificate subject (auto generated certificate).
|
||||
# (string value)
|
||||
#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=keystone
|
||||
#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost
|
||||
|
||||
|
||||
[stats]
|
||||
|
7
keystone/common/cache/core.py
vendored
7
keystone/common/cache/core.py
vendored
@ -134,12 +134,9 @@ def configure_cache_region(region):
|
||||
# key_mangler, we should respect that key_mangler function. If a
|
||||
# key_mangler is not defined by the backend, use the sha1_mangle_key
|
||||
# mangler provided by dogpile.cache. This ensures we always use a fixed
|
||||
# size cache-key. This is toggle-able for debug purposes; if disabled
|
||||
# this could cause issues with certain backends (such as memcached) and
|
||||
# its limited key-size.
|
||||
# size cache-key.
|
||||
if region.key_mangler is None:
|
||||
if CONF.cache.use_key_mangler:
|
||||
region.key_mangler = util.sha1_mangle_key
|
||||
region.key_mangler = util.sha1_mangle_key
|
||||
|
||||
for class_path in CONF.cache.proxies:
|
||||
# NOTE(morganfainberg): if we have any proxy wrappers, we should
|
||||
|
@ -268,11 +268,6 @@ FILE_OPTIONS = {
|
||||
'deployments. Small workloads (single process) '
|
||||
'like devstack can use the dogpile.cache.memory '
|
||||
'backend.'),
|
||||
cfg.BoolOpt('use_key_mangler', default=True,
|
||||
help='Use a key-mangling function (sha1) to ensure '
|
||||
'fixed length cache-keys. This is toggle-able for '
|
||||
'debugging purposes, it is highly recommended to '
|
||||
'always leave this set to true.'),
|
||||
cfg.MultiStrOpt('backend_argument', default=[],
|
||||
help='Arguments supplied to the backend module. '
|
||||
'Specify this option once per argument to be '
|
||||
|
Loading…
x
Reference in New Issue
Block a user