From bef9856ab1fcc7bf6e358f03c775a86705b3b985 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 7 Jun 2021 10:31:32 +0900 Subject: [PATCH] Add support for keystone_authtoken/memcache_use_advanced_pool This change introduces a single parameter, MemcacheUseAdvancedPool, to enable usage of advanced connection pool in keystone middleware. This is useful to avoid bursting connection to memcached. Note that the default value of memcached_use_advanced_pool was changed from false to true during Xena cycle[1], so this parameter is no longer required in master. However the change in keystonemiddleware will never be backported. This change is created so that we can switch to advanced pool even in older releases. [1] https://review.opendev.org/c/openstack/keystonemiddleware/+/773939 (To Victoria) Conflicts: deployment/aodh/aodh-api-container-puppet.yaml deployment/glance/glance-api-container-puppet.yaml deployment/gnocchi/gnocchi-api-container-puppet.yaml deployment/manila/manila-api-container-puppet.yaml deployment/nova/nova-api-container-puppet.yaml Closes-Bug: #1931047 Change-Id: I2887249af44ccfdae1592dd9120d3366fa059876 (cherry picked from commit 09bcacd25a7217ce66eec10ccfda4847e6d3d87a) (cherry picked from commit 9a89b9add62d1d6251285a091e96e98f8157d1bd) (cherry picked from commit 89fde273eaf69bc32d79221883c7abf657ebbda9) --- deployment/aodh/aodh-base.yaml | 6 ++++++ deployment/barbican/barbican-api-container-puppet.yaml | 6 ++++++ deployment/cinder/cinder-api-container-puppet.yaml | 6 ++++++ .../designate/designate-api-container-puppet.yaml | 6 ++++++ deployment/glance/glance-api-container-puppet.yaml | 6 ++++++ deployment/gnocchi/gnocchi-api-container-puppet.yaml | 6 ++++++ deployment/heat/heat-base-puppet.yaml | 6 ++++++ deployment/ironic/ironic-api-container-puppet.yaml | 6 ++++++ deployment/manila/manila-api-container-puppet.yaml | 6 ++++++ deployment/mistral/mistral-base.yaml | 6 ++++++ deployment/neutron/neutron-api-container-puppet.yaml | 6 ++++++ deployment/nova/nova-api-container-puppet.yaml | 6 ++++++ deployment/nova/nova-metadata-container-puppet.yaml | 6 ++++++ deployment/nova/novajoin-container-puppet.yaml | 6 ++++++ deployment/octavia/octavia-api-container-puppet.yaml | 6 ++++++ deployment/placement/placement-api-container-puppet.yaml | 6 ++++++ deployment/zaqar/zaqar-container-puppet.yaml | 6 ++++++ .../notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml | 7 +++++++ 18 files changed, 109 insertions(+) create mode 100644 releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml diff --git a/deployment/aodh/aodh-base.yaml b/deployment/aodh/aodh-base.yaml index 2e7a87345c..58e81a8e9a 100644 --- a/deployment/aodh/aodh-base.yaml +++ b/deployment/aodh/aodh-base.yaml @@ -61,6 +61,11 @@ parameters: type: string default: 'noop' description: Driver or drivers to handle sending notifications. + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: service_debug_unset: {equals : [{get_param: AodhDebug}, '']} @@ -108,6 +113,7 @@ outputs: aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::keystone::authtoken::region_name: {get_param: KeystoneRegion} aodh::keystone::authtoken::interface: 'internal' + aodh::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} aodh::auth::auth_password: {get_param: AodhPassword} aodh::auth::auth_region: {get_param: KeystoneRegion} aodh::auth::auth_project_name: 'service' diff --git a/deployment/barbican/barbican-api-container-puppet.yaml b/deployment/barbican/barbican-api-container-puppet.yaml index dcd51bb589..0bf1438daf 100644 --- a/deployment/barbican/barbican-api-container-puppet.yaml +++ b/deployment/barbican/barbican-api-container-puppet.yaml @@ -176,6 +176,11 @@ parameters: description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: service_debug_unset: {equals : [{get_param: BarbicanDebug}, '']} @@ -254,6 +259,7 @@ outputs: barbican::keystone::authtoken::project_name: 'service' barbican::keystone::authtoken::region_name: {get_param: KeystoneRegion} barbican::keystone::authtoken::interface: 'internal' + barbican::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} barbican::keystone::notification::enable_keystone_notification: True barbican::keystone::notification::keystone_notification_topic: 'barbican_notifications' barbican::policy::policies: {get_param: BarbicanPolicies} diff --git a/deployment/cinder/cinder-api-container-puppet.yaml b/deployment/cinder/cinder-api-container-puppet.yaml index 77e340e2df..ee6f1c254e 100644 --- a/deployment/cinder/cinder-api-container-puppet.yaml +++ b/deployment/cinder/cinder-api-container-puppet.yaml @@ -91,6 +91,11 @@ parameters: RootStackName: description: The name of the stack/plan. type: string + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: @@ -187,6 +192,7 @@ outputs: cinder::keystone::authtoken::project_domain_name: 'Default' cinder::keystone::authtoken::region_name: {get_param: KeystoneRegion} cinder::keystone::authtoken::interface: 'internal' + cinder::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} cinder::policy::policies: {get_param: CinderApiPolicies} cinder::notification_driver: {get_param: NotificationDriver} cinder::api::default_volume_type: {get_param: CinderDefaultVolumeType} diff --git a/deployment/experimental/designate/designate-api-container-puppet.yaml b/deployment/experimental/designate/designate-api-container-puppet.yaml index 184e97acf3..6d61581cc3 100644 --- a/deployment/experimental/designate/designate-api-container-puppet.yaml +++ b/deployment/experimental/designate/designate-api-container-puppet.yaml @@ -55,6 +55,11 @@ parameters: description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]} @@ -105,6 +110,7 @@ outputs: designate::keystone::authtoken::password: {get_param: DesignatePassword} designate::keystone::authtoken::region_name: {get_param: KeystoneRegion} designate::keystone::authtoken::interface: 'internal' + designate::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} tripleo::profile::base::designate::api::listen_ip: str_replace: template: diff --git a/deployment/glance/glance-api-container-puppet.yaml b/deployment/glance/glance-api-container-puppet.yaml index 9b6b51aec0..fcaeef3ee7 100644 --- a/deployment/glance/glance-api-container-puppet.yaml +++ b/deployment/glance/glance-api-container-puppet.yaml @@ -285,6 +285,11 @@ parameters: ContainerGlanceApiConfigImage: description: The container image to use for the glance_api config_volume type: string + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: @@ -423,6 +428,7 @@ outputs: glance::api::authtoken::user_domain_name: 'Default' glance::api::authtoken::project_domain_name: 'Default' glance::api::authtoken::interface: 'internal' + glance::api::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} glance::api::pipeline: if: - glance_cache_enabled diff --git a/deployment/gnocchi/gnocchi-api-container-puppet.yaml b/deployment/gnocchi/gnocchi-api-container-puppet.yaml index 22fc1f11e9..0ca6d0b907 100644 --- a/deployment/gnocchi/gnocchi-api-container-puppet.yaml +++ b/deployment/gnocchi/gnocchi-api-container-puppet.yaml @@ -122,6 +122,11 @@ parameters: default: '' description: Indicate whether this resource may be shared with the domain received in the request "origin" header. + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: cors_allowed_origin_unset: {equals : [{get_param: GnocchiCorsAllowedOrigin}, '']} @@ -206,6 +211,7 @@ outputs: gnocchi::keystone::authtoken::project_domain_name: 'Default' gnocchi::keystone::authtoken::region_name: {get_param: KeystoneRegion} gnocchi::keystone::authtoken::interface: 'internal' + gnocchi::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS} gnocchi::wsgi::apache::servername: str_replace: diff --git a/deployment/heat/heat-base-puppet.yaml b/deployment/heat/heat-base-puppet.yaml index dc95e530b4..5f754a8764 100644 --- a/deployment/heat/heat-base-puppet.yaml +++ b/deployment/heat/heat-base-puppet.yaml @@ -140,6 +140,11 @@ parameters: port set with MemcachedPort parameter (above) and on 11211, without TLS. type: boolean + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: service_debug_unset: {equals : [{get_param: HeatDebug}, '']} @@ -179,6 +184,7 @@ outputs: heat::keystone::authtoken::password: {get_param: HeatPassword} heat::keystone::authtoken::region_name: {get_param: KeystoneRegion} heat::keystone::authtoken::interface: 'internal' + heat::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' diff --git a/deployment/ironic/ironic-api-container-puppet.yaml b/deployment/ironic/ironic-api-container-puppet.yaml index 3ae92222cf..127cf31859 100644 --- a/deployment/ironic/ironic-api-container-puppet.yaml +++ b/deployment/ironic/ironic-api-container-puppet.yaml @@ -67,6 +67,11 @@ parameters: EnableInternalTLS: type: boolean default: false + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} @@ -144,6 +149,7 @@ outputs: ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} ironic::api::authtoken::region_name: {get_param: KeystoneRegion } ironic::api::authtoken::interface: 'internal' + ironic::api::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/deployment/manila/manila-api-container-puppet.yaml b/deployment/manila/manila-api-container-puppet.yaml index e4b4a1874c..a37bf67b35 100644 --- a/deployment/manila/manila-api-container-puppet.yaml +++ b/deployment/manila/manila-api-container-puppet.yaml @@ -60,6 +60,11 @@ parameters: When not set, the list is inferred via the storage back end/s enabled. type: comma_delimited_list + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: @@ -139,6 +144,7 @@ outputs: manila::keystone::authtoken::project_domain_name: 'Default' manila::keystone::authtoken::region_name: {get_param: KeystoneRegion} manila::keystone::authtoken::interface: 'internal' + manila::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/deployment/mistral/mistral-base.yaml b/deployment/mistral/mistral-base.yaml index 213b2b95be..fe19502390 100644 --- a/deployment/mistral/mistral-base.yaml +++ b/deployment/mistral/mistral-base.yaml @@ -62,6 +62,11 @@ parameters: type: number default: 120 description: Mistral RPC timeout + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: service_debug_unset: {equals : [{get_param: MistralDebug}, '']} @@ -108,6 +113,7 @@ outputs: mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} mistral::keystone::authtoken::region_name: {get_param: KeystoneRegion} mistral::keystone::authtoken::interface: 'internal' + mistral::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} mistral::keystone_ec2_uri: list_join: - '' diff --git a/deployment/neutron/neutron-api-container-puppet.yaml b/deployment/neutron/neutron-api-container-puppet.yaml index 2b6142deb2..df665863b5 100644 --- a/deployment/neutron/neutron-api-container-puppet.yaml +++ b/deployment/neutron/neutron-api-container-puppet.yaml @@ -173,6 +173,11 @@ parameters: default: '' description: Override the private key size used when creating the certificate for this service + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Ocata cycle. NeutronL3HA: @@ -309,6 +314,7 @@ outputs: neutron::keystone::authtoken::project_domain_name: 'Default' neutron::keystone::authtoken::region_name: {get_param: KeystoneRegion} neutron::keystone::authtoken::interface: 'internal' + neutron::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} neutron::quota::quota_port: {get_param: NeutronPortQuota} neutron::quota::quota_security_group: {get_param: NeutronSecurityGroupQuota} neutron::server::sync_db: true diff --git a/deployment/nova/nova-api-container-puppet.yaml b/deployment/nova/nova-api-container-puppet.yaml index 31e3087a36..b1e302d685 100644 --- a/deployment/nova/nova-api-container-puppet.yaml +++ b/deployment/nova/nova-api-container-puppet.yaml @@ -109,6 +109,11 @@ parameters: default: 1000 description: Max number of objects returned per API query type: number + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true parameter_groups: - label: deprecated @@ -226,6 +231,7 @@ outputs: nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} nova::keystone::authtoken::region_name: {get_param: KeystoneRegion} nova::keystone::authtoken::interface: 'internal' + nova::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} nova::api::max_limit: {get_param: NovaApiMaxLimit} nova::api::enabled: true nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool} diff --git a/deployment/nova/nova-metadata-container-puppet.yaml b/deployment/nova/nova-metadata-container-puppet.yaml index bee6a46873..6f2b46e1a7 100644 --- a/deployment/nova/nova-metadata-container-puppet.yaml +++ b/deployment/nova/nova-metadata-container-puppet.yaml @@ -76,6 +76,11 @@ parameters: each Neutron metadata-agent to point to the corresponding nova-metadata API service. type: boolean + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} @@ -164,6 +169,7 @@ outputs: nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::keystone::authtoken::region_name: {get_param: KeystoneRegion} nova::keystone::authtoken::interface: 'internal' + nova::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} nova::wsgi::apache_metadata::api_port: '8775' nova::wsgi::apache_metadata::ssl: {get_param: EnableInternalTLS} nova::metadata::local_metadata_per_cell: {get_param: NovaLocalMetadataPerCell} diff --git a/deployment/nova/novajoin-container-puppet.yaml b/deployment/nova/novajoin-container-puppet.yaml index ce703c8692..6748d536d5 100644 --- a/deployment/nova/novajoin-container-puppet.yaml +++ b/deployment/nova/novajoin-container-puppet.yaml @@ -83,6 +83,11 @@ parameters: A hash of policies to configure for Novajoin. default: {} type: json + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true resources: @@ -135,6 +140,7 @@ outputs: nova::metadata::novajoin::authtoken::project_name: 'service' nova::metadata::novajoin::authtoken::region_name: {get_param: KeystoneRegion} nova::metadata::novajoin::authtoken::interface: 'internal' + nova::metadata::novajoin::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} nova::metadata::novajoin::policy::policies: {get_param: NovajoinPolicies} service_config_settings: nova_metadata: &nova_vendordata diff --git a/deployment/octavia/octavia-api-container-puppet.yaml b/deployment/octavia/octavia-api-container-puppet.yaml index 3d9fb44e06..0c3444234c 100644 --- a/deployment/octavia/octavia-api-container-puppet.yaml +++ b/deployment/octavia/octavia-api-container-puppet.yaml @@ -90,6 +90,11 @@ parameters: default: true description: Set to false if the driver agent needs to be disabled for some reason. type: boolean + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: @@ -172,6 +177,7 @@ outputs: octavia::keystone::authtoken::project_domain_name: 'Default' octavia::keystone::authtoken::region_name: {get_param: KeystoneRegion} octavia::keystone::authtoken::interface: 'internal' + octavia::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} octavia::policy::policies: {get_param: OctaviaApiPolicies} octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor} octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties} diff --git a/deployment/placement/placement-api-container-puppet.yaml b/deployment/placement/placement-api-container-puppet.yaml index ac0dec621a..cf7cdf7977 100644 --- a/deployment/placement/placement-api-container-puppet.yaml +++ b/deployment/placement/placement-api-container-puppet.yaml @@ -83,6 +83,11 @@ parameters: type: boolean default: false description: Set to True to enable debugging on all services. + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: placement_workers_zero: {equals : [{get_param: PlacementWorkers}, 0]} @@ -142,6 +147,7 @@ outputs: placement::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} placement::keystone::authtoken::region_name: {get_param: KeystoneRegion} placement::keystone::authtoken::interface: 'internal' + placement::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} placement::wsgi::apache::api_port: '8778' placement::wsgi::apache::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in hiera replacing the network name with the local node IP diff --git a/deployment/zaqar/zaqar-container-puppet.yaml b/deployment/zaqar/zaqar-container-puppet.yaml index a103563835..45269ae499 100644 --- a/deployment/zaqar/zaqar-container-puppet.yaml +++ b/deployment/zaqar/zaqar-container-puppet.yaml @@ -90,6 +90,11 @@ parameters: description: The password for the redis service account. type: string hidden: true + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: internal_tls_enabled: {get_param: EnableInternalTLS} @@ -160,6 +165,7 @@ outputs: zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} zaqar::keystone::authtoken::region_name: {get_param: KeystoneRegion} zaqar::keystone::authtoken::interface: 'internal' + zaqar::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::logging::debug: if: diff --git a/releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml b/releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml new file mode 100644 index 0000000000..3468e97fd0 --- /dev/null +++ b/releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + The new ``MemcacheUseAdvancedPool`` parameter is added which enables usage + of advanced poll for memcached connections in keystone middleware. This + parameter is set to ``true`` by default to avoind bursting connections + in some services like neutron.