From 97f1d208b95cf1ba45552455683ea5f573d6d738 Mon Sep 17 00:00:00 2001 From: Alexey Stupnikov Date: Thu, 16 Apr 2020 12:18:48 +0200 Subject: [PATCH] Hardcode openidc_cache_type parameter for keystone federation with OpenIdc By default OpenIdc uses shared memory caching mode, which will not work for multiple controller nodes. puppet-tripleo already configured to calculate memcached servers for OpenIdc, but for some reason doesn't set "openidc_cache_type" to "memcache", so shm is used. There are a number of options available for "openidc_cache_type", but memcache is the only one that will currently work for multiple controllers: - shm and file are stored locally on every node; - redis requires mod_auth_openidc to be compiled with redis support, but it is not generally the case. To avoid providing illusion of freedom of choice, it would be right to hardcode this in puppet-tripleo. Closes-Bug: #1873239 rhbz: #1824506 Change-Id: I7cbc462b2ff99b7b0d3ff58fda1b52ccf85fc86d (cherry picked from commit da9b1a3ecb43c95b86c24c04e64f1167ca14441b) --- manifests/profile/base/keystone.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index eb40e06fe..72fd8f8cd 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -289,7 +289,8 @@ class tripleo::profile::base::keystone ( $memcached_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211') class { '::keystone::federation::openidc': - memcached_servers => $memcached_servers, + openidc_cache_type => 'memcache', + memcached_servers => $memcached_servers, } } }