From ef18f2515852b17064d8fdd4d9ad65fc42492135 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 7 Jun 2021 10:31:32 +0900 Subject: [PATCH] Add support for keystone_authtoken/memcache_use_advanced_pool This change introduces a single parameter, MemcacheUseAdvancedPool, to enable usage of advanced connection pool in keystone middleware. This is useful to avoid bursting connection to memcached. Note that the default value of memcached_use_advanced_pool was changed from false to true during Xena cycle[1], so this parameter is no longer required in master. However the change in keystonemiddleware will never be backported. This change is created so that we can switch to advanced pool even in older releases. [1] https://review.opendev.org/c/openstack/keystonemiddleware/+/773939 Closes-Bug: #1931047 Change-Id: I2887249af44ccfdae1592dd9120d3366fa059876 (cherry picked from commit 09bcacd25a7217ce66eec10ccfda4847e6d3d87a) --- deployment/aodh/aodh-api-container-puppet.yaml | 6 ++++++ deployment/barbican/barbican-api-container-puppet.yaml | 6 ++++++ deployment/cinder/cinder-api-container-puppet.yaml | 6 ++++++ deployment/deprecated/mistral/mistral-base.yaml | 6 ++++++ .../deprecated/novajoin/novajoin-container-puppet.yaml | 6 ++++++ deployment/deprecated/zaqar/zaqar-container-puppet.yaml | 6 ++++++ .../designate/designate-api-container-puppet.yaml | 6 ++++++ deployment/glance/glance-api-container-puppet.yaml | 6 ++++++ deployment/gnocchi/gnocchi-api-container-puppet.yaml | 6 ++++++ deployment/heat/heat-base-puppet.yaml | 6 ++++++ deployment/ironic/ironic-api-container-puppet.yaml | 6 ++++++ deployment/manila/manila-api-container-puppet.yaml | 6 ++++++ deployment/neutron/neutron-api-container-puppet.yaml | 6 ++++++ deployment/nova/nova-api-container-puppet.yaml | 6 ++++++ deployment/nova/nova-metadata-container-puppet.yaml | 6 ++++++ deployment/octavia/octavia-api-container-puppet.yaml | 6 ++++++ deployment/placement/placement-api-container-puppet.yaml | 6 ++++++ .../notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml | 7 +++++++ 18 files changed, 109 insertions(+) create mode 100644 releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml diff --git a/deployment/aodh/aodh-api-container-puppet.yaml b/deployment/aodh/aodh-api-container-puppet.yaml index 8b05844a29..9a868d8e65 100644 --- a/deployment/aodh/aodh-api-container-puppet.yaml +++ b/deployment/aodh/aodh-api-container-puppet.yaml @@ -101,6 +101,11 @@ parameters: description: > Cron to delete alarms from db - Max Delay default: '3600' + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true resources: ContainersCommon: @@ -174,6 +179,7 @@ outputs: aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::keystone::authtoken::region_name: {get_param: KeystoneRegion} aodh::keystone::authtoken::interface: 'internal' + aodh::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} aodh::policy::policies: {get_param: AodhApiPolicies} # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples diff --git a/deployment/barbican/barbican-api-container-puppet.yaml b/deployment/barbican/barbican-api-container-puppet.yaml index 0543c37c85..97d794b6b5 100644 --- a/deployment/barbican/barbican-api-container-puppet.yaml +++ b/deployment/barbican/barbican-api-container-puppet.yaml @@ -168,6 +168,11 @@ parameters: description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: hsm_enabled: @@ -245,6 +250,7 @@ outputs: barbican::keystone::authtoken::project_name: 'service' barbican::keystone::authtoken::region_name: {get_param: KeystoneRegion} barbican::keystone::authtoken::interface: 'internal' + barbican::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} barbican::keystone::notification::enable_keystone_notification: True barbican::keystone::notification::keystone_notification_topic: 'barbican_notifications' barbican::policy::policies: {get_param: BarbicanPolicies} diff --git a/deployment/cinder/cinder-api-container-puppet.yaml b/deployment/cinder/cinder-api-container-puppet.yaml index 694191f73f..b4b41e1d78 100644 --- a/deployment/cinder/cinder-api-container-puppet.yaml +++ b/deployment/cinder/cinder-api-container-puppet.yaml @@ -88,6 +88,11 @@ parameters: RootStackName: description: The name of the stack/plan. type: string + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true resources: ContainersCommon: @@ -163,6 +168,7 @@ outputs: cinder::keystone::authtoken::project_domain_name: 'Default' cinder::keystone::authtoken::region_name: {get_param: KeystoneRegion} cinder::keystone::authtoken::interface: 'internal' + cinder::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} cinder::policy::policies: {get_param: CinderApiPolicies} cinder::notification_driver: {get_param: NotificationDriver} cinder::api::default_volume_type: {get_param: CinderDefaultVolumeType} diff --git a/deployment/deprecated/mistral/mistral-base.yaml b/deployment/deprecated/mistral/mistral-base.yaml index a96152939b..892680efd6 100644 --- a/deployment/deprecated/mistral/mistral-base.yaml +++ b/deployment/deprecated/mistral/mistral-base.yaml @@ -57,6 +57,11 @@ parameters: type: number default: 120 description: Mistral RPC timeout + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]} @@ -102,6 +107,7 @@ outputs: mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} mistral::keystone::authtoken::region_name: {get_param: KeystoneRegion} mistral::keystone::authtoken::interface: 'internal' + mistral::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} mistral::keystone_ec2_uri: list_join: - '' diff --git a/deployment/deprecated/novajoin/novajoin-container-puppet.yaml b/deployment/deprecated/novajoin/novajoin-container-puppet.yaml index 12f6e62d74..e2302aea3e 100644 --- a/deployment/deprecated/novajoin/novajoin-container-puppet.yaml +++ b/deployment/deprecated/novajoin/novajoin-container-puppet.yaml @@ -80,6 +80,11 @@ parameters: A hash of policies to configure for Novajoin. default: {} type: json + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true resources: @@ -132,6 +137,7 @@ outputs: nova::metadata::novajoin::authtoken::project_name: 'service' nova::metadata::novajoin::authtoken::region_name: {get_param: KeystoneRegion} nova::metadata::novajoin::authtoken::interface: 'internal' + nova::metadata::novajoin::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} nova::metadata::novajoin::policy::policies: {get_param: NovajoinPolicies} service_config_settings: nova_metadata: &nova_vendordata diff --git a/deployment/deprecated/zaqar/zaqar-container-puppet.yaml b/deployment/deprecated/zaqar/zaqar-container-puppet.yaml index a208598feb..335bc0028e 100644 --- a/deployment/deprecated/zaqar/zaqar-container-puppet.yaml +++ b/deployment/deprecated/zaqar/zaqar-container-puppet.yaml @@ -85,6 +85,11 @@ parameters: description: The password for the redis service account. type: string hidden: true + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: internal_tls_enabled: {get_param: EnableInternalTLS} @@ -153,6 +158,7 @@ outputs: zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} zaqar::keystone::authtoken::region_name: {get_param: KeystoneRegion} zaqar::keystone::authtoken::interface: 'internal' + zaqar::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::logging::debug: if: diff --git a/deployment/experimental/designate/designate-api-container-puppet.yaml b/deployment/experimental/designate/designate-api-container-puppet.yaml index 86fb6daa13..75d310c5e8 100644 --- a/deployment/experimental/designate/designate-api-container-puppet.yaml +++ b/deployment/experimental/designate/designate-api-container-puppet.yaml @@ -52,6 +52,11 @@ parameters: description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]} @@ -101,6 +106,7 @@ outputs: designate::keystone::authtoken::password: {get_param: DesignatePassword} designate::keystone::authtoken::region_name: {get_param: KeystoneRegion} designate::keystone::authtoken::interface: 'internal' + designate::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} tripleo::profile::base::designate::api::listen_ip: str_replace: template: diff --git a/deployment/glance/glance-api-container-puppet.yaml b/deployment/glance/glance-api-container-puppet.yaml index 71eb1d6b80..b2374c4823 100644 --- a/deployment/glance/glance-api-container-puppet.yaml +++ b/deployment/glance/glance-api-container-puppet.yaml @@ -359,6 +359,11 @@ parameters: description: > Cron to purge db entries marked as deleted and older than $age - Max Delay default: '3600' + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: cinder_backend_enabled: @@ -480,6 +485,7 @@ outputs: glance::api::authtoken::user_domain_name: 'Default' glance::api::authtoken::project_domain_name: 'Default' glance::api::authtoken::interface: 'internal' + glance::api::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} glance::api::pipeline: if: - {get_param: GlanceCacheEnabled} diff --git a/deployment/gnocchi/gnocchi-api-container-puppet.yaml b/deployment/gnocchi/gnocchi-api-container-puppet.yaml index 4e7d5c3091..00c874bffa 100644 --- a/deployment/gnocchi/gnocchi-api-container-puppet.yaml +++ b/deployment/gnocchi/gnocchi-api-container-puppet.yaml @@ -121,6 +121,11 @@ parameters: default: "/var/lib/tripleo-config/ceph" description: | The path where the Ceph Cluster config files are stored on the host. + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: cors_allowed_origin_unset: {equals : [{get_param: GnocchiCorsAllowedOrigin}, '']} @@ -203,6 +208,7 @@ outputs: gnocchi::keystone::authtoken::project_domain_name: 'Default' gnocchi::keystone::authtoken::region_name: {get_param: KeystoneRegion} gnocchi::keystone::authtoken::interface: 'internal' + gnocchi::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS} gnocchi::wsgi::apache::servername: str_replace: diff --git a/deployment/heat/heat-base-puppet.yaml b/deployment/heat/heat-base-puppet.yaml index 68324c9188..0224f0ffd4 100644 --- a/deployment/heat/heat-base-puppet.yaml +++ b/deployment/heat/heat-base-puppet.yaml @@ -135,6 +135,11 @@ parameters: port set with MemcachedPort parameter (above) and on 11211, without TLS. type: boolean + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: tls_cache_enabled: @@ -172,6 +177,7 @@ outputs: heat::keystone::authtoken::password: {get_param: HeatPassword} heat::keystone::authtoken::region_name: {get_param: KeystoneRegion} heat::keystone::authtoken::interface: 'internal' + heat::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' diff --git a/deployment/ironic/ironic-api-container-puppet.yaml b/deployment/ironic/ironic-api-container-puppet.yaml index 3b56a51efe..f47c77fa04 100644 --- a/deployment/ironic/ironic-api-container-puppet.yaml +++ b/deployment/ironic/ironic-api-container-puppet.yaml @@ -64,6 +64,11 @@ parameters: EnableInternalTLS: type: boolean default: false + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: cors_allowed_origin_set: @@ -137,6 +142,7 @@ outputs: ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} ironic::api::authtoken::region_name: {get_param: KeystoneRegion } ironic::api::authtoken::interface: 'internal' + ironic::api::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/deployment/manila/manila-api-container-puppet.yaml b/deployment/manila/manila-api-container-puppet.yaml index ba8ce647ed..725b3e6247 100644 --- a/deployment/manila/manila-api-container-puppet.yaml +++ b/deployment/manila/manila-api-container-puppet.yaml @@ -102,6 +102,11 @@ parameters: description: > Cron to purge db entries marked as deleted and older than $age - Max Delay default: '3600' + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true resources: ContainersCommon: @@ -173,6 +178,7 @@ outputs: manila::keystone::authtoken::project_domain_name: 'Default' manila::keystone::authtoken::region_name: {get_param: KeystoneRegion} manila::keystone::authtoken::interface: 'internal' + manila::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/deployment/neutron/neutron-api-container-puppet.yaml b/deployment/neutron/neutron-api-container-puppet.yaml index 57f305ac81..80e1830f14 100644 --- a/deployment/neutron/neutron-api-container-puppet.yaml +++ b/deployment/neutron/neutron-api-container-puppet.yaml @@ -167,6 +167,11 @@ parameters: default: '' description: Override the private key size used when creating the certificate for this service + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Ocata cycle. NeutronL3HA: @@ -301,6 +306,7 @@ outputs: neutron::keystone::authtoken::project_domain_name: 'Default' neutron::keystone::authtoken::region_name: {get_param: KeystoneRegion} neutron::keystone::authtoken::interface: 'internal' + neutron::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} neutron::quota::quota_port: {get_param: NeutronPortQuota} neutron::quota::quota_security_group: {get_param: NeutronSecurityGroupQuota} neutron::server::placement::password: {get_param: NovaPassword} diff --git a/deployment/nova/nova-api-container-puppet.yaml b/deployment/nova/nova-api-container-puppet.yaml index 37f2590db4..a4861af5aa 100644 --- a/deployment/nova/nova-api-container-puppet.yaml +++ b/deployment/nova/nova-api-container-puppet.yaml @@ -226,6 +226,11 @@ parameters: 0 means, purge data older than today in shadow tables. default: 90 + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true parameter_groups: - label: deprecated @@ -338,6 +343,7 @@ outputs: nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} nova::keystone::authtoken::region_name: {get_param: KeystoneRegion} nova::keystone::authtoken::interface: 'internal' + nova::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} nova::api::max_limit: {get_param: NovaApiMaxLimit} nova::api::enabled: true nova::network::neutron::default_floating_pool: {get_param: NovaDefaultFloatingPool} diff --git a/deployment/nova/nova-metadata-container-puppet.yaml b/deployment/nova/nova-metadata-container-puppet.yaml index 8347565a51..bdfc847063 100644 --- a/deployment/nova/nova-metadata-container-puppet.yaml +++ b/deployment/nova/nova-metadata-container-puppet.yaml @@ -73,6 +73,11 @@ parameters: each Neutron metadata-agent to point to the corresponding nova-metadata API service. type: boolean + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} @@ -157,6 +162,7 @@ outputs: nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::keystone::authtoken::region_name: {get_param: KeystoneRegion} nova::keystone::authtoken::interface: 'internal' + nova::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} nova::wsgi::apache_metadata::api_port: '8775' nova::wsgi::apache_metadata::ssl: {get_param: EnableInternalTLS} nova::metadata::local_metadata_per_cell: {get_param: NovaLocalMetadataPerCell} diff --git a/deployment/octavia/octavia-api-container-puppet.yaml b/deployment/octavia/octavia-api-container-puppet.yaml index e0b294f4d9..e84d669e62 100644 --- a/deployment/octavia/octavia-api-container-puppet.yaml +++ b/deployment/octavia/octavia-api-container-puppet.yaml @@ -87,6 +87,11 @@ parameters: default: true description: Set to false if the driver agent needs to be disabled for some reason. type: boolean + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: @@ -167,6 +172,7 @@ outputs: octavia::keystone::authtoken::project_domain_name: 'Default' octavia::keystone::authtoken::region_name: {get_param: KeystoneRegion} octavia::keystone::authtoken::interface: 'internal' + octavia::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} octavia::policy::policies: {get_param: OctaviaApiPolicies} octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor} octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties} diff --git a/deployment/placement/placement-api-container-puppet.yaml b/deployment/placement/placement-api-container-puppet.yaml index 56276a1617..cd9a8d8534 100644 --- a/deployment/placement/placement-api-container-puppet.yaml +++ b/deployment/placement/placement-api-container-puppet.yaml @@ -80,6 +80,11 @@ parameters: type: boolean default: false description: Set to True to enable debugging on all services. + MemcacheUseAdvancedPool: + type: boolean + description: | + Use the advanced (eventlet safe) memcached client pool. + default: true conditions: placement_workers_zero: {equals : [{get_param: PlacementWorkers}, 0]} @@ -138,6 +143,7 @@ outputs: placement::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} placement::keystone::authtoken::region_name: {get_param: KeystoneRegion} placement::keystone::authtoken::interface: 'internal' + placement::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool} placement::wsgi::apache::api_port: '8778' placement::wsgi::apache::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in hiera replacing the network name with the local node IP diff --git a/releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml b/releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml new file mode 100644 index 0000000000..3468e97fd0 --- /dev/null +++ b/releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + The new ``MemcacheUseAdvancedPool`` parameter is added which enables usage + of advanced poll for memcached connections in keystone middleware. This + parameter is set to ``true`` by default to avoind bursting connections + in some services like neutron.