Merge "Keystone Authtoken Cache: allow universal secret key to be set"

2018-03-05 19:26:37 +00:00 · 2018-03-05 19:26:37 +00:00 · 4884dd228c
commit 4884dd228c
parent f725275e5a 1c85fdc390
28 changed files with 177 additions and 88 deletions
--- a/barbican/templates/configmap-etc.yaml
+++ b/barbican/templates/configmap-etc.yaml
@ -25,11 +25,6 @@ limitations under the License.
 {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end -}}

-# Set a random string as secret key.
-{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
-
 {{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}}
 {{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}}
 {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
 {{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
 {{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@ -389,6 +389,7 @@ conf:
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
+      memcache_secret_key: null
    database:
      max_retries: -1
    barbican_api:
@ -494,6 +495,13 @@ endpoints:
      http:
        default: 15672
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/ceilometer/templates/configmap-etc.yaml
+++ b/ceilometer/templates/configmap-etc.yaml
@ -28,6 +28,9 @@ limitations under the License.
 {{- if empty .Values.conf.ceilometer.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.ceilometer.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.ceilometer.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.ceilometer.database.connection -}}
 {{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}}
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@ -1752,6 +1752,13 @@ endpoints:
      mongodb:
        default: 27017
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcache
    host_fqdn_override:
--- a/cinder/templates/configmap-etc.yaml
+++ b/cinder/templates/configmap-etc.yaml
@ -25,11 +25,6 @@ limitations under the License.
 {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end -}}

-# Set a random string as secret key.
-{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
-
 {{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}}
 {{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}}
 {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
 {{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.cinder.database.connection -}}
 {{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}}
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@ -797,6 +797,13 @@ endpoints:
      http:
        default: 15672
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/congress/templates/configmap-etc.yaml
+++ b/congress/templates/configmap-etc.yaml
@ -28,6 +28,9 @@ limitations under the License.
 {{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.congress.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.congress.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}}
 {{- tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" | quote | trunc 0 -}}
--- a/congress/values.yaml
+++ b/congress/values.yaml
@ -241,6 +241,13 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@ -31,14 +31,6 @@ limitations under the License.
 {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end -}}

-# Set a random string as secret key.
-{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.glance.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
-{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
-
 {{- if empty .Values.conf.glance.keystone_authtoken.region_name -}}
 {{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
 {{- end -}}
@ -83,6 +75,12 @@ limitations under the License.
 {{- if empty .Values.conf.glance_registry.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}
+{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.glance.database.connection -}}
 {{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}}
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -493,6 +493,13 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/gnocchi/templates/configmap-etc.yaml
+++ b/gnocchi/templates/configmap-etc.yaml
@ -27,9 +27,8 @@ limitations under the License.
 {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.gnocchi.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
-# Set a random string as secret key.
 {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
+{{- set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
 {{- end -}}

 {{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}}
--- a/gnocchi/values.yaml
+++ b/gnocchi/values.yaml
@ -479,6 +479,13 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcache
    host_fqdn_override:
--- a/heat/templates/configmap-etc.yaml
+++ b/heat/templates/configmap-etc.yaml
@ -25,10 +25,6 @@ limitations under the License.
 {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end -}}

-# Set a random string as secret key.
-{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
 {{- if empty .Values.conf.heat.keystone_authtoken.region_name -}}
 {{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}}
 {{- end -}}
@ -80,6 +76,9 @@ limitations under the License.
 {{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.heat.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.heat.database.connection -}}
 {{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}}
--- a/heat/values.yaml
+++ b/heat/values.yaml
@ -515,6 +515,13 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/ironic/templates/configmap-etc.yaml
+++ b/ironic/templates/configmap-etc.yaml
@ -45,6 +45,9 @@ limitations under the License.
 {{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.ironic.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.ironic.database.connection -}}
 {{- tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" | quote | trunc 0 -}}
--- a/ironic/values.yaml
+++ b/ironic/values.yaml
@ -335,6 +335,13 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/magnum/templates/configmap-etc.yaml
+++ b/magnum/templates/configmap-etc.yaml
@ -25,11 +25,6 @@ limitations under the License.
 {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end -}}

-# Set a random string as secret key.
-{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
-
 {{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}}
 {{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}}
 {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
 {{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.magnum.database.connection -}}
 {{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}}
--- a/magnum/values.yaml
+++ b/magnum/values.yaml
@ -273,6 +273,13 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/mistral/templates/configmap-etc.yaml
+++ b/mistral/templates/configmap-etc.yaml
@ -25,11 +25,6 @@ limitations under the License.
 {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end -}}

-# Set a random string as secret key.
-{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
-
 {{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}}
 {{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}}
 {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
 {{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.mistral.database.connection -}}
 {{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}}
--- a/mistral/values.yaml
+++ b/mistral/values.yaml
@ -246,6 +246,13 @@ endpoints:
      http:
        default: 15672
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@ -25,11 +25,6 @@ limitations under the License.
 {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end }}

-# Set a random string as secret key.
-{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
-
 {{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}}
 {{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}}
 {{- end -}}
@ -52,6 +47,9 @@ limitations under the License.
 {{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end }}
+{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.neutron.database.connection -}}
 {{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}}
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -1075,49 +1075,56 @@ secrets:
 endpoints:
  cluster_domain_suffix: cluster.local
  oslo_db:
-     auth:
-       admin:
-         username: root
-         password: password
-       neutron:
-         username: neutron
-         password: password
-     hosts:
-       default: mariadb
-     host_fqdn_override:
-       default: null
-     path: /neutron
-     scheme: mysql+pymysql
-     port:
-       mysql:
-         default: 3306
+    auth:
+      admin:
+        username: root
+        password: password
+      neutron:
+        username: neutron
+        password: password
+    hosts:
+      default: mariadb
+    host_fqdn_override:
+      default: null
+    path: /neutron
+    scheme: mysql+pymysql
+    port:
+      mysql:
+        default: 3306
  oslo_messaging:
-     auth:
-       admin:
+    auth:
+      admin:
        username: rabbitmq
        password: password
-       neutron:
-         username: neutron
-         password: password
-     hosts:
-       default: rabbitmq
-     host_fqdn_override:
-       default: null
-     path: /
-     scheme: rabbit
-     port:
-       amqp:
-         default: 5672
-       http:
-         default: 15672
+      neutron:
+        username: neutron
+        password: password
+    hosts:
+      default: rabbitmq
+    host_fqdn_override:
+      default: null
+    path: /
+    scheme: rabbit
+    port:
+      amqp:
+        default: 5672
+      http:
+        default: 15672
  oslo_cache:
-     hosts:
-       default: memcached
-     host_fqdn_override:
-       default: null
-     port:
-       memcache:
-         default: 11211
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
+    hosts:
+      default: memcached
+    host_fqdn_override:
+      default: null
+    port:
+      memcache:
+        default: 11211
  compute:
    name: nova
    hosts:
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@ -26,11 +26,6 @@ limitations under the License.
 {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end -}}

-# Set a random string as secret key.
-{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.nova.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
-
 {{- if empty .Values.conf.nova.keystone_authtoken.region_name -}}
 {{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}}
 {{- end -}}
@ -53,6 +48,9 @@ limitations under the License.
 {{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.nova.database.connection -}}
 {{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}}
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -1138,6 +1138,13 @@ endpoints:
      http:
        default: 15672
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/rally/templates/configmap-etc.yaml
+++ b/rally/templates/configmap-etc.yaml
@ -44,6 +44,9 @@ limitations under the License.
 {{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.rally.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.rally.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.rally.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.rally.database.connection -}}
 {{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}}
--- a/rally/values.yaml
+++ b/rally/values.yaml
@ -251,6 +251,9 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
+    auth:
+      keystone_authtoken:
+        secret_key: null
    hosts:
      default: memcached
    host_fqdn_override:
--- a/senlin/templates/configmap-etc.yaml
+++ b/senlin/templates/configmap-etc.yaml
@ -26,11 +26,6 @@ limitations under the License.
 {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.senlin.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end -}}

-# Set a random string as secret key.
-{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
-{{- end -}}
-
 {{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}}
 {{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}}
 {{- end -}}
@ -53,6 +48,9 @@ limitations under the License.
 {{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}}
 {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}
+{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}}
+{{- set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}}
+{{- end -}}

 {{- if empty .Values.conf.senlin.database.connection -}}
 {{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}}
--- a/senlin/values.yaml
+++ b/senlin/values.yaml
@ -288,6 +288,13 @@ endpoints:
      mysql:
        default: 3306
  oslo_cache:
+    auth:
+      # NOTE(portdirect): this is used to define the value for keystone
+      # authtoken cache encryption key, if not set it will be populated
+      # automatically with a random value, but to take advantage of
+      # this feature all services should be set to use the same key,
+      # and memcache service.
+      memcache_secret_key: null
    hosts:
      default: memcached
    host_fqdn_override: