From b277ccf6bbe27d9502a289848731d77f33477776 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sat, 2 May 2020 00:32:24 +0900 Subject: [PATCH] Add EnableCache option to enable/disable usage of memcache Change-Id: Id92c13a591f64b1084cbe4c48f2879d791f66cfe --- deployment/heat/heat-base-puppet.yaml | 12 ++++ .../keystone/keystone-container-puppet.yaml | 63 ++++++++++++------- deployment/nova/nova-base-puppet.yaml | 11 ++++ .../notes/enable-cache-293c39b3b6f55c80.yaml | 6 ++ 4 files changed, 69 insertions(+), 23 deletions(-) create mode 100644 releasenotes/notes/enable-cache-293c39b3b6f55c80.yaml diff --git a/deployment/heat/heat-base-puppet.yaml b/deployment/heat/heat-base-puppet.yaml index a8fac479d0..e01ef86dee 100644 --- a/deployment/heat/heat-base-puppet.yaml +++ b/deployment/heat/heat-base-puppet.yaml @@ -48,6 +48,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableCache: + description: Enable caching with memcached + type: boolean + default: true HeatCronPurgeDeletedEnsure: type: string description: > @@ -131,6 +135,7 @@ parameters: conditions: service_debug_unset: {equals : [{get_param: HeatDebug}, '']} + cache_enabled: {equals : [{get_param: EnableCache}, true]} cors_allowed_origin_unset: {equals : [{get_param: HeatCorsAllowedOrigin}, '']} outputs: @@ -186,3 +191,10 @@ outputs: heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType} heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination} heat::max_json_body_size: {get_param: HeatMaxJsonBodySize} + - + if: + - cache_enabled + - heat::cache::enabled: true + heat::cache::backend: 'dogpile.cache.memcached' + heat::cache::resource_finder_caching: false + - {} diff --git a/deployment/keystone/keystone-container-puppet.yaml b/deployment/keystone/keystone-container-puppet.yaml index 6d7eb21b70..e88d85e9ab 100644 --- a/deployment/keystone/keystone-container-puppet.yaml +++ b/deployment/keystone/keystone-container-puppet.yaml @@ -112,6 +112,10 @@ parameters: type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] + EnableCache: + description: Enable caching with memcached + type: boolean + default: true AdminEmail: default: 'admin@example.com' description: The email for the keystone admin account. @@ -351,6 +355,7 @@ conditions: keystone_federation_enabled: {equals: [{get_param: KeystoneFederationEnable}, True]} keystone_openidc_enabled: {equals: [{get_param: KeystoneOpenIdcEnable}, True]} service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']} + cache_enabled: {equals: [{get_param: EnableCache}, true]} # Security compliance change_password_upon_first_use_set: {not: {equals: [{get_param: KeystoneChangePasswordUponFirstUse}, '']}} @@ -478,6 +483,12 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + - + if: + - cache_enabled + - keystone::cache_enabled: true + keystone::cache_backend: 'dogpile.cache.memcached' + - {} - if: - keystone_federation_enabled @@ -490,29 +501,35 @@ outputs: if: - keystone_openidc_enabled - - keystone_openidc_enabled: True - keystone::federation::openidc::methods: - get_param: KeystoneAuthMethods - keystone::federation::openidc::keystone_url: - get_param: [EndpointMap, KeystonePublic, uri_no_suffix] - keystone::federation::openidc::idp_name: - get_param: KeystoneOpenIdcIdpName - keystone::federation::openidc::openidc_provider_metadata_url: - get_param: KeystoneOpenIdcProviderMetadataUrl - keystone::federation::openidc::openidc_client_id: - get_param: KeystoneOpenIdcClientId - keystone::federation::openidc::openidc_client_secret: - get_param: KeystoneOpenIdcClientSecret - keystone::federation::openidc::openidc_crypto_passphrase: - get_param: KeystoneOpenIdcCryptoPassphrase - keystone::federation::openidc::openidc_response_type: - get_param: KeystoneOpenIdcResponseType - keystone::federation::openidc::remote_id_attribute: - get_param: KeystoneOpenIdcRemoteIdAttribute - keystone::federation::openidc::openidc_enable_oauth: - get_param: KeystoneOpenIdcEnableOAuth - keystone::federation::openidc::openidc_introspection_endpoint: - get_param: KeystoneOpenIdcIntrospectionEndpoint + map_merge: + - keystone_openidc_enabled: True + keystone::federation::openidc::methods: + get_param: KeystoneAuthMethods + keystone::federation::openidc::keystone_url: + get_param: [EndpointMap, KeystonePublic, uri_no_suffix] + keystone::federation::openidc::idp_name: + get_param: KeystoneOpenIdcIdpName + keystone::federation::openidc::openidc_provider_metadata_url: + get_param: KeystoneOpenIdcProviderMetadataUrl + keystone::federation::openidc::openidc_client_id: + get_param: KeystoneOpenIdcClientId + keystone::federation::openidc::openidc_client_secret: + get_param: KeystoneOpenIdcClientSecret + keystone::federation::openidc::openidc_crypto_passphrase: + get_param: KeystoneOpenIdcCryptoPassphrase + keystone::federation::openidc::openidc_response_type: + get_param: KeystoneOpenIdcResponseType + keystone::federation::openidc::remote_id_attribute: + get_param: KeystoneOpenIdcRemoteIdAttribute + keystone::federation::openidc::openidc_enable_oauth: + get_param: KeystoneOpenIdcEnableOAuth + keystone::federation::openidc::openidc_introspection_endpoint: + get_param: KeystoneOpenIdcIntrospectionEndpoint + - + if: + - cache_enabled + - keystone::federation::openidc::openidc_cache_type: 'memcache' + - {} - {} - if: diff --git a/deployment/nova/nova-base-puppet.yaml b/deployment/nova/nova-base-puppet.yaml index 6e6e534595..349e572f41 100644 --- a/deployment/nova/nova-base-puppet.yaml +++ b/deployment/nova/nova-base-puppet.yaml @@ -77,6 +77,10 @@ parameters: type: string constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] + EnableCache: + description: Enable caching with memcached + type: boolean + default: true EnableConfigPurge: type: boolean default: false @@ -247,6 +251,7 @@ conditions: compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} service_debug_unset: {equals : [{get_param: NovaDebug}, '']} + cache_enabled: {equals: [{get_param: EnableCache}, true]} resources: @@ -370,6 +375,12 @@ outputs: nova_is_additional_cell: {get_param: NovaAdditionalCell} nova::cross_az_attach: {get_param: NovaCrossAZAttach} - get_attr: [RoleParametersValue, value] + - + if: + - cache_enabled + - nova::cache::enabled: true + nova::cache::backend: 'dogpile.cache.memcached' + - {} - if: - compute_upgrade_level_empty diff --git a/releasenotes/notes/enable-cache-293c39b3b6f55c80.yaml b/releasenotes/notes/enable-cache-293c39b3b6f55c80.yaml new file mode 100644 index 0000000000..916ba9effd --- /dev/null +++ b/releasenotes/notes/enable-cache-293c39b3b6f55c80.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + The new ``EnableCache`` parameter is added to enable/disable chacing using + memcached services. The parameter is true by default, but should be false + when memcached service is disabled in the deployment.