Add support for keystone_authtoken/memcache_use_advanced_pool

This change introduces a single parameter, MemcacheUseAdvancedPool, to enable usage of advanced connection pool in keystone middleware. This is useful to avoid bursting connection to memcached. Note that the default value of memcached_use_advanced_pool was changed from false to true during Xena cycle[1], so this parameter is no longer required in master. However the change in keystonemiddleware will never be backported. This change is created so that we can switch to advanced pool even in older releases. [1] https://review.opendev.org/c/openstack/keystonemiddleware/+/773939 (To Victoria) Conflicts: deployment/aodh/aodh-api-container-puppet.yaml deployment/glance/glance-api-container-puppet.yaml deployment/gnocchi/gnocchi-api-container-puppet.yaml deployment/manila/manila-api-container-puppet.yaml deployment/nova/nova-api-container-puppet.yaml Closes-Bug: #1931047 Change-Id: I2887249af44ccfdae1592dd9120d3366fa059876 (cherry picked from commit 09bcacd) (cherry picked from commit 9a89b9add62d1d6251285a091e96e98f8157d1bd) (cherry picked from commit 89fde27)
openstack-archive · Jul 8, 2021 · bef9856 · bef9856
1 parent a10dee7
commit bef9856
Show file tree

Hide file tree

Showing 18 changed files with 109 additions and 0 deletions.
diff --git a/deployment/aodh/aodh-base.yaml b/deployment/aodh/aodh-base.yaml
@@ -61,6 +61,11 @@ parameters:
     type: string
     default: 'noop'
     description: Driver or drivers to handle sending notifications.
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   service_debug_unset: {equals : [{get_param: AodhDebug}, '']}
@@ -108,6 +113,7 @@ outputs:
         aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
         aodh::keystone::authtoken::region_name: {get_param: KeystoneRegion}
         aodh::keystone::authtoken::interface: 'internal'
+        aodh::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
         aodh::auth::auth_password: {get_param: AodhPassword}
         aodh::auth::auth_region: {get_param: KeystoneRegion}
         aodh::auth::auth_project_name: 'service'

diff --git a/deployment/barbican/barbican-api-container-puppet.yaml b/deployment/barbican/barbican-api-container-puppet.yaml
@@ -176,6 +176,11 @@ parameters:
     description: >
       Setting this to a unique value will re-run any deployment tasks which
       perform configuration on a Heat stack-update.
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   service_debug_unset:  {equals : [{get_param: BarbicanDebug}, '']}
@@ -254,6 +259,7 @@ outputs:
             barbican::keystone::authtoken::project_name: 'service'
             barbican::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             barbican::keystone::authtoken::interface: 'internal'
+            barbican::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             barbican::keystone::notification::enable_keystone_notification: True
             barbican::keystone::notification::keystone_notification_topic: 'barbican_notifications'
             barbican::policy::policies: {get_param: BarbicanPolicies}

diff --git a/deployment/cinder/cinder-api-container-puppet.yaml b/deployment/cinder/cinder-api-container-puppet.yaml
@@ -91,6 +91,11 @@ parameters:
   RootStackName:
     description: The name of the stack/plan.
     type: string
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
 
@@ -187,6 +192,7 @@ outputs:
             cinder::keystone::authtoken::project_domain_name: 'Default'
             cinder::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             cinder::keystone::authtoken::interface: 'internal'
+            cinder::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             cinder::policy::policies: {get_param: CinderApiPolicies}
             cinder::notification_driver: {get_param: NotificationDriver}
             cinder::api::default_volume_type: {get_param: CinderDefaultVolumeType}

diff --git a/deployment/experimental/designate/designate-api-container-puppet.yaml b/deployment/experimental/designate/designate-api-container-puppet.yaml
@@ -55,6 +55,11 @@ parameters:
     description: The password for the neutron service and db account, used by neutron agents.
     type: string
     hidden: true
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]}
@@ -105,6 +110,7 @@ outputs:
             designate::keystone::authtoken::password: {get_param: DesignatePassword}
             designate::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             designate::keystone::authtoken::interface: 'internal'
+            designate::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             tripleo::profile::base::designate::api::listen_ip:
               str_replace:
                 template:

diff --git a/deployment/glance/glance-api-container-puppet.yaml b/deployment/glance/glance-api-container-puppet.yaml
@@ -285,6 +285,11 @@ parameters:
   ContainerGlanceApiConfigImage:
     description: The container image to use for the glance_api config_volume
     type: string
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
 
@@ -423,6 +428,7 @@ outputs:
             glance::api::authtoken::user_domain_name: 'Default'
             glance::api::authtoken::project_domain_name: 'Default'
             glance::api::authtoken::interface: 'internal'
+            glance::api::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             glance::api::pipeline:
               if:
               - glance_cache_enabled

diff --git a/deployment/gnocchi/gnocchi-api-container-puppet.yaml b/deployment/gnocchi/gnocchi-api-container-puppet.yaml
@@ -122,6 +122,11 @@ parameters:
     default: ''
     description: Indicate whether this resource may be shared with the domain received in the request
                  "origin" header.
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   cors_allowed_origin_unset: {equals : [{get_param: GnocchiCorsAllowedOrigin}, '']}
@@ -206,6 +211,7 @@ outputs:
             gnocchi::keystone::authtoken::project_domain_name: 'Default'
             gnocchi::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             gnocchi::keystone::authtoken::interface: 'internal'
+            gnocchi::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
             gnocchi::wsgi::apache::servername:
               str_replace:

diff --git a/deployment/heat/heat-base-puppet.yaml b/deployment/heat/heat-base-puppet.yaml
@@ -140,6 +140,11 @@ parameters:
                  port set with MemcachedPort parameter (above) and on 11211,
                  without TLS.
     type: boolean
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   service_debug_unset: {equals : [{get_param: HeatDebug}, '']}
@@ -179,6 +184,7 @@ outputs:
             heat::keystone::authtoken::password: {get_param: HeatPassword}
             heat::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             heat::keystone::authtoken::interface: 'internal'
+            heat::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             heat::keystone::domain::domain_name: 'heat_stack'
             heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
             heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'

diff --git a/deployment/ironic/ironic-api-container-puppet.yaml b/deployment/ironic/ironic-api-container-puppet.yaml
@@ -67,6 +67,11 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
@@ -144,6 +149,7 @@ outputs:
             ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             ironic::api::authtoken::region_name: {get_param: KeystoneRegion }
             ironic::api::authtoken::interface: 'internal'
+            ironic::api::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             # NOTE: bind IP is found in hiera replacing the network name with the
             # local node IP for the given network; replacement examples
             # (eg. for internal_api):

diff --git a/deployment/manila/manila-api-container-puppet.yaml b/deployment/manila/manila-api-container-puppet.yaml
@@ -60,6 +60,11 @@ parameters:
                  When not set, the list is inferred via the storage back end/s
                  enabled.
     type: comma_delimited_list
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
 
@@ -139,6 +144,7 @@ outputs:
             manila::keystone::authtoken::project_domain_name: 'Default'
             manila::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             manila::keystone::authtoken::interface: 'internal'
+            manila::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             # NOTE: bind IP is found in hiera replacing the network name with the
             # local node IP for the given network; replacement examples
             # (eg. for internal_api):

diff --git a/deployment/mistral/mistral-base.yaml b/deployment/mistral/mistral-base.yaml
@@ -62,6 +62,11 @@ parameters:
     type: number
     default: 120
     description: Mistral RPC timeout
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   service_debug_unset: {equals : [{get_param: MistralDebug}, '']}
@@ -108,6 +113,7 @@ outputs:
         mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
         mistral::keystone::authtoken::region_name: {get_param: KeystoneRegion}
         mistral::keystone::authtoken::interface: 'internal'
+        mistral::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
         mistral::keystone_ec2_uri:
           list_join:
           - ''

diff --git a/deployment/neutron/neutron-api-container-puppet.yaml b/deployment/neutron/neutron-api-container-puppet.yaml
@@ -173,6 +173,11 @@ parameters:
     default: ''
     description: Override the private key size used when creating the
                  certificate for this service
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
   # DEPRECATED: the following options are deprecated and are currently maintained
   # for backwards compatibility. They will be removed in the Ocata cycle.
   NeutronL3HA:
@@ -309,6 +314,7 @@ outputs:
             neutron::keystone::authtoken::project_domain_name: 'Default'
             neutron::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             neutron::keystone::authtoken::interface: 'internal'
+            neutron::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             neutron::quota::quota_port: {get_param: NeutronPortQuota}
             neutron::quota::quota_security_group: {get_param: NeutronSecurityGroupQuota}
             neutron::server::sync_db: true

diff --git a/deployment/nova/nova-api-container-puppet.yaml b/deployment/nova/nova-api-container-puppet.yaml
@@ -109,6 +109,11 @@ parameters:
     default: 1000
     description: Max number of objects returned per API query
     type: number
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 parameter_groups:
 - label: deprecated
@@ -226,6 +231,7 @@ outputs:
             nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             nova::keystone::authtoken::interface: 'internal'
+            nova::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             nova::api::max_limit: {get_param: NovaApiMaxLimit}
             nova::api::enabled: true
             nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}

diff --git a/deployment/nova/nova-metadata-container-puppet.yaml b/deployment/nova/nova-metadata-container-puppet.yaml
@@ -76,6 +76,11 @@ parameters:
       each Neutron metadata-agent to point to the corresponding nova-metadata API
       service.
     type: boolean
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
@@ -164,6 +169,7 @@ outputs:
             nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
             nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             nova::keystone::authtoken::interface: 'internal'
+            nova::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             nova::wsgi::apache_metadata::api_port: '8775'
             nova::wsgi::apache_metadata::ssl: {get_param: EnableInternalTLS}
             nova::metadata::local_metadata_per_cell: {get_param: NovaLocalMetadataPerCell}

diff --git a/deployment/nova/novajoin-container-puppet.yaml b/deployment/nova/novajoin-container-puppet.yaml
@@ -83,6 +83,11 @@ parameters:
       A hash of policies to configure for Novajoin.
     default: {}
     type: json
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 resources:
 
@@ -135,6 +140,7 @@ outputs:
         nova::metadata::novajoin::authtoken::project_name: 'service'
         nova::metadata::novajoin::authtoken::region_name: {get_param: KeystoneRegion}
         nova::metadata::novajoin::authtoken::interface: 'internal'
+        nova::metadata::novajoin::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
         nova::metadata::novajoin::policy::policies: {get_param: NovajoinPolicies}
       service_config_settings:
         nova_metadata: &nova_vendordata

diff --git a/deployment/octavia/octavia-api-container-puppet.yaml b/deployment/octavia/octavia-api-container-puppet.yaml
@@ -90,6 +90,11 @@ parameters:
     default: true
     description:  Set to false if the driver agent needs to be disabled for some reason.
     type: boolean
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
 
@@ -172,6 +177,7 @@ outputs:
             octavia::keystone::authtoken::project_domain_name: 'Default'
             octavia::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             octavia::keystone::authtoken::interface: 'internal'
+            octavia::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             octavia::policy::policies: {get_param: OctaviaApiPolicies}
             octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor}
             octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties}

diff --git a/deployment/placement/placement-api-container-puppet.yaml b/deployment/placement/placement-api-container-puppet.yaml
@@ -83,6 +83,11 @@ parameters:
     type: boolean
     default: false
     description: Set to True to enable debugging on all services.
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   placement_workers_zero: {equals : [{get_param: PlacementWorkers}, 0]}
@@ -142,6 +147,7 @@ outputs:
             placement::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             placement::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             placement::keystone::authtoken::interface: 'internal'
+            placement::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             placement::wsgi::apache::api_port: '8778'
             placement::wsgi::apache::ssl: {get_param: EnableInternalTLS}
             # NOTE: bind IP is found in hiera replacing the network name with the local node IP

diff --git a/deployment/zaqar/zaqar-container-puppet.yaml b/deployment/zaqar/zaqar-container-puppet.yaml
@@ -90,6 +90,11 @@ parameters:
     description: The password for the redis service account.
     type: string
     hidden: true
+  MemcacheUseAdvancedPool:
+    type: boolean
+    description: |
+      Use the advanced (eventlet safe) memcached client pool.
+    default: true
 
 conditions:
   internal_tls_enabled: {get_param: EnableInternalTLS}
@@ -160,6 +165,7 @@ outputs:
             zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
             zaqar::keystone::authtoken::region_name: {get_param: KeystoneRegion}
             zaqar::keystone::authtoken::interface: 'internal'
+            zaqar::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
             zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             zaqar::logging::debug:
               if:

diff --git a/releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml b/releasenotes/notes/memcache_use_advanced_pool-41ca18221e60c05a.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    The new ``MemcacheUseAdvancedPool`` parameter is added which enables usage
+    of advanced poll for memcached connections in keystone middleware. This
+    parameter is set to ``true`` by default to avoind bursting connections
+    in some services like neutron.