In-process token caching is deprecated, use memcached instead

Change-Id: Ia92ca1e56118e8fd625d20848c2554c446ad3dda Closes-Bug: #1556164
2016-07-14 16:24:48 -04:00 · 2016-07-14 16:24:48 -04:00 · 7aa1cca7d7
parent 927f0a0a74
commit 7aa1cca7d7
15 changed files with 44 additions and 17 deletions
--- a/fixtures/scenario001.pp
+++ b/fixtures/scenario001.pp
@ -47,6 +47,7 @@ class { '::openstack_integration::config':
  ipv6 => $ipv6,
 }
 include ::openstack_integration::cacert
+include ::openstack_integration::memcached
 include ::openstack_integration::rabbitmq
 include ::openstack_integration::mysql
 include ::openstack_integration::keystone
--- a/fixtures/scenario002.pp
+++ b/fixtures/scenario002.pp
@ -46,6 +46,7 @@ class { '::openstack_integration::config':
  ipv6 => $ipv6,
 }
 include ::openstack_integration::cacert
+include ::openstack_integration::memcached
 include ::openstack_integration::rabbitmq
 include ::openstack_integration::mysql
 include ::openstack_integration::keystone
--- a/fixtures/scenario003.pp
+++ b/fixtures/scenario003.pp
@ -48,6 +48,7 @@ class { '::openstack_integration::config':
  ssl  => $ssl_enabled,
 }
 include ::openstack_integration::cacert
+include ::openstack_integration::memcached
 include ::openstack_integration::rabbitmq
 include ::openstack_integration::mysql
 class { '::openstack_integration::keystone':
--- a/manifests/aodh.pp
+++ b/manifests/aodh.pp
@ -59,6 +59,7 @@ class openstack_integration::aodh {
    keystone_password => 'a_big_secret',
    keystone_auth_url => $::openstack_integration::config::keystone_admin_uri,
    keystone_auth_uri => $::openstack_integration::config::keystone_admin_uri,
+    memcached_servers => $::openstack_integration::config::memcached_servers,
    service_name      => 'httpd',
  }
  include ::apache
--- a/manifests/ceilometer.pp
+++ b/manifests/ceilometer.pp
@ -26,13 +26,14 @@ class openstack_integration::ceilometer {
  }

  class { '::ceilometer':
-    telemetry_secret => 'secrete',
-    rabbit_userid    => 'ceilometer',
-    rabbit_password  => 'an_even_bigger_secret',
-    rabbit_host      => $::openstack_integration::config::ip_for_url,
-    rabbit_port      => $::openstack_integration::config::rabbit_port,
-    rabbit_use_ssl   => $::openstack_integration::config::ssl,
-    debug            => true,
+    telemetry_secret  => 'secrete',
+    rabbit_userid     => 'ceilometer',
+    rabbit_password   => 'an_even_bigger_secret',
+    rabbit_host       => $::openstack_integration::config::ip_for_url,
+    rabbit_port       => $::openstack_integration::config::rabbit_port,
+    rabbit_use_ssl    => $::openstack_integration::config::ssl,
+    memcached_servers => $::openstack_integration::config::memcached_servers,
+    debug             => true,
  }
  class { '::ceilometer::db::mysql':
    password => 'ceilometer',
@ -51,6 +52,7 @@ class openstack_integration::ceilometer {
    keystone_password => 'a_big_secret',
    identity_uri      => $::openstack_integration::config::keystone_admin_uri,
    auth_uri          => $::openstack_integration::config::keystone_auth_uri,
+    memcached_servers => $::openstack_integration::config::memcached_servers,
    service_name      => 'httpd',
  }
  include ::apache
--- a/manifests/cinder.pp
+++ b/manifests/cinder.pp
@ -77,6 +77,7 @@ class openstack_integration::cinder (
    project_domain_name => 'Default',
    auth_url            => $::openstack_integration::config::keystone_admin_uri,
    auth_uri            => $::openstack_integration::config::keystone_auth_uri,
+    memcached_servers   => $::openstack_integration::config::memcached_servers,
  }
  class { '::cinder::api':
    default_volume_type        => 'BACKEND_1',
--- a/manifests/config.pp
+++ b/manifests/config.pp
@ -28,10 +28,16 @@ class openstack_integration::config (
      'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"',
    }
    $ip_version  = '6'
+    # Note (dmsimard): ipv6 parsing in Swift and keystone_authtoken are
+    # different: https://bugs.launchpad.net/swift/+bug/1610064
+    $memcached_servers  = ["inet6:[${host}]:11211"]
+    $swift_memcached_servers = ["[${host}]:11211"]
  } else {
    $host        = '127.0.0.1'
    $rabbit_env  = {}
    $ip_version  = '4'
+    $memcached_servers  = ["${host}:11211"]
+    $swift_memcached_servers = $memcached_servers
  }

  # in URL, brackets are needed
@ -40,5 +46,4 @@ class openstack_integration::config (
  $base_url           = "${proto}://${ip_for_url}"
  $keystone_auth_uri  = "${base_url}:5000"
  $keystone_admin_uri = "${base_url}:35357"
-
 }
--- a/manifests/glance.pp
+++ b/manifests/glance.pp
@ -92,6 +92,7 @@ class openstack_integration::glance (
    bind_host                 => $::openstack_integration::config::host,
    auth_uri                  => $::openstack_integration::config::keystone_auth_uri,
    identity_uri              => $::openstack_integration::config::keystone_admin_uri,
+    memcached_servers         => $::openstack_integration::config::memcached_servers,
    registry_client_protocol  => $::openstack_integration::config::proto,
    registry_client_cert_file => $crt_file,
    registry_client_key_file  => $key_file,
@ -107,6 +108,7 @@ class openstack_integration::glance (
    workers             => 2,
    auth_uri            => $::openstack_integration::config::keystone_auth_uri,
    identity_uri        => $::openstack_integration::config::keystone_admin_uri,
+    memcached_servers   => $::openstack_integration::config::memcached_servers,
    cert_file           => $crt_file,
    key_file            => $key_file,
  }
--- a/manifests/heat.pp
+++ b/manifests/heat.pp
@ -38,6 +38,7 @@ class openstack_integration::heat {
    rabbit_port         => $::openstack_integration::config::rabbit_port,
    database_connection => 'mysql+pymysql://heat:heat@127.0.0.1/heat?charset=utf8',
    identity_uri        => $::openstack_integration::config::keystone_auth_uri,
+    memcached_servers   => $::openstack_integration::config::memcached_servers,
    auth_plugin         => 'password',
    keystone_password   => 'a_big_secret',
    debug               => true,
--- a/manifests/ironic.pp
+++ b/manifests/ironic.pp
@ -49,11 +49,12 @@ class openstack_integration::ironic {
  }
  class { '::ironic::client': }
  class { '::ironic::api':
-    auth_uri       => $::openstack_integration::config::keystone_auth_uri,
-    identity_uri   => $::openstack_integration::config::keystone_admin_uri,
-    neutron_url    => "http://${::openstack_integration::config::ip_for_url}:9696",
-    admin_password => 'a_big_secret',
-    service_name   => 'httpd',
+    auth_uri          => $::openstack_integration::config::keystone_auth_uri,
+    identity_uri      => $::openstack_integration::config::keystone_admin_uri,
+    memcached_servers => $::openstack_integration::config::memcached_servers,
+    neutron_url       => "http://${::openstack_integration::config::ip_for_url}:9696",
+    admin_password    => 'a_big_secret',
+    service_name      => 'httpd',
  }
  include ::apache
  class { '::ironic::wsgi::apache':
--- a/manifests/memcached.pp
+++ b/manifests/memcached.pp
@ -0,0 +1,7 @@
+class openstack_integration::memcached {
+  include ::openstack_integration::config
+
+  class { '::memcached':
+    listen_ip => $::openstack_integration::config::host
+  }
+}
--- a/manifests/neutron.pp
+++ b/manifests/neutron.pp
@ -129,6 +129,7 @@ class openstack_integration::neutron (
    rpc_workers         => 2,
    auth_uri            => $::openstack_integration::config::keystone_auth_uri,
    auth_url            => $::openstack_integration::config::keystone_admin_uri,
+    memcached_servers   => $::openstack_integration::config::memcached_servers,
    service_providers   => ['LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default',
                            'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver'],
  }
--- a/manifests/nova.pp
+++ b/manifests/nova.pp
@ -59,6 +59,7 @@ class openstack_integration::nova (
    rabbit_userid           => 'nova',
    rabbit_password         => 'an_even_bigger_secret',
    rabbit_use_ssl          => $::openstack_integration::config::ssl,
+    memcached_servers       => $::openstack_integration::config::memcached_servers,
    use_ipv6                => $::openstack_integration::config::ipv6,
    glance_api_servers      => "${::openstack_integration::config::base_url}:9292",
    debug                   => true,
--- a/manifests/sahara.pp
+++ b/manifests/sahara.pp
@ -43,6 +43,7 @@ class openstack_integration::sahara {
    debug               => true,
    auth_uri            => "${::openstack_integration::config::keystone_admin_uri}/v2.0",
    identity_uri        => $::openstack_integration::config::keystone_admin_uri,
+    memcached_servers   => $::openstack_integration::config::memcached_servers,
  }
  class { '::sahara::service::api':
    api_workers => 2,
--- a/manifests/swift.pp
+++ b/manifests/swift.pp
@ -32,8 +32,6 @@ class openstack_integration::swift {
    }
  }

-  # TODO(emilien): deploy memcached in IPv6
-  include ::memcached
  class { '::swift':
    swift_hash_path_suffix => 'secrete',
  }
@ -49,8 +47,11 @@ class openstack_integration::swift {
  include ::swift::proxy::catch_errors
  include ::swift::proxy::healthcheck
  include ::swift::proxy::proxy_logging
-  # TODO(emilien): deploy ::swift::proxy::cache in IPv6
-  include ::swift::proxy::cache
+  # Note (dmsimard): ipv6 parsing in Swift and keystone_authtoken are
+  # different: https://bugs.launchpad.net/swift/+bug/1610064
+  class { '::swift::proxy::cache':
+    memcache_servers => $::openstack_integration::config::swift_memcached_servers
+  }
  include ::swift::proxy::tempurl
  include ::swift::proxy::ratelimit
  class { '::swift::proxy::authtoken':