)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":9098,"name":"Nathan Kinder","email":"nkinder@redhat.com","username":"nkinder"},"change_message_id":"3b27a1b91a382ef4a57da1974527345150ff1da5","unresolved":false,"context_lines":[{"line_number":8,"context_line":""},{"line_number":9,"context_line":"There is a Memcached instance available with basic overcloud and"},{"line_number":10,"context_line":"undercloud installations. While the undercloud keystone node is"},{"line_number":11,"context_line":"configured to put data in Memcached, the undercloud keystone node is"},{"line_number":12,"context_line":"missing a couple of key bits to get the same functionality."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"This commit updates the keystone configuration to set the memcache"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"3fa7e38b_79c74447","line":11,"range":{"start_line":11,"start_character":41,"end_line":11,"end_character":51},"updated":"2019-10-03 17:21:59.000000000","message":"(nit) overcloud.","commit_id":"a82a5f76c72151e49ab1b5e485c9b456400c2449"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":6681,"name":"Brent Eagles","email":"beagles@redhat.com","username":"beagles"},"change_message_id":"f9a323ce6391d47601ea3877ac04f71a966532f6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"a587be90_a5c0fbaa","updated":"2021-11-03 19:29:01.000000000","message":"Been awhile. I\u0027m guessing this can be abandoned? @Lance is this dead?","commit_id":"a82a5f76c72151e49ab1b5e485c9b456400c2449"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"d1fb84881f89e4f6465ce6b13ba714bc5e324b28","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"087defd8_d1a1fa3c","updated":"2021-11-04 19:46:39.000000000","message":"I think so. Greg was working on enabling caching with TLS and I think that landed.\n\nI\u0027ll let him weigh in.","commit_id":"a82a5f76c72151e49ab1b5e485c9b456400c2449"}],"deployment/keystone/keystone-container-puppet.yaml":[{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"649c0b8465400743467c97d905d202b8d3fa1ad4","unresolved":false,"context_lines":[{"line_number":431,"context_line":"            keystone::fernet_max_active_keys: {get_param: KeystoneFernetMaxActiveKeys}"},{"line_number":432,"context_line":"            keystone::enable_proxy_headers_parsing: true"},{"line_number":433,"context_line":"            keystone::enable_credential_setup: true"},{"line_number":434,"context_line":"            keystone::cache_memcache_servers: \"%{hiera(\u0027memcached::listen_ip\u0027)}:11211\""},{"line_number":435,"context_line":"            keystone::cache_backend: \"dogpile.cache.memcached\""},{"line_number":436,"context_line":"            keystone::credential_keys:"},{"line_number":437,"context_line":"              \u0027/etc/keystone/credential-keys/0\u0027:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"3fa7e38b_ada750a7","line":434,"updated":"2019-09-24 21:54:01.000000000","message":"This assumes memcache is colocated with the keystone service. It generally is, but could not be. This is why we usually throw something like this in puppet-tripleo to collect the actual servers.  That being said we all know python memcache doesn\u0027t play well with multiple servers when one goes down so I\u0027m not completely sure the best approach here.","commit_id":"a82a5f76c72151e49ab1b5e485c9b456400c2449"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4617fc9c38bf34b1fa05aa9f4d99d4605c9827ce","unresolved":false,"context_lines":[{"line_number":431,"context_line":"            keystone::fernet_max_active_keys: {get_param: KeystoneFernetMaxActiveKeys}"},{"line_number":432,"context_line":"            keystone::enable_proxy_headers_parsing: true"},{"line_number":433,"context_line":"            keystone::enable_credential_setup: true"},{"line_number":434,"context_line":"            keystone::cache_memcache_servers: \"%{hiera(\u0027memcached::listen_ip\u0027)}:11211\""},{"line_number":435,"context_line":"            keystone::cache_backend: \"dogpile.cache.memcached\""},{"line_number":436,"context_line":"            keystone::credential_keys:"},{"line_number":437,"context_line":"              \u0027/etc/keystone/credential-keys/0\u0027:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"3fa7e38b_f002fb3c","line":434,"in_reply_to":"3fa7e38b_ada750a7","updated":"2019-09-25 00:40:38.000000000","message":"Yeah - this is just something I noticed doing a relatively straight-forward deploy following the tripleo docs.\n\nOpen to suggestions on how to handle this if folks have ideas. I figured the performance benefit of at least tying into the available memecached instance would be beneficial.","commit_id":"a82a5f76c72151e49ab1b5e485c9b456400c2449"},{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"ef1dc1732055079c28deebb33abaf5b33ccc0d3e","unresolved":false,"context_lines":[{"line_number":431,"context_line":"            keystone::fernet_max_active_keys: {get_param: KeystoneFernetMaxActiveKeys}"},{"line_number":432,"context_line":"            keystone::enable_proxy_headers_parsing: true"},{"line_number":433,"context_line":"            keystone::enable_credential_setup: true"},{"line_number":434,"context_line":"            keystone::cache_memcache_servers: \"%{hiera(\u0027memcached::listen_ip\u0027)}:11211\""},{"line_number":435,"context_line":"            keystone::cache_backend: \"dogpile.cache.memcached\""},{"line_number":436,"context_line":"            keystone::credential_keys:"},{"line_number":437,"context_line":"              \u0027/etc/keystone/credential-keys/0\u0027:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"3fa7e38b_990ab91d","line":434,"in_reply_to":"3fa7e38b_de9a5712","updated":"2019-10-11 21:10:23.000000000","message":"https://review.opendev.org/#/c/683010/ has already been done. we just need to expose enable_token_caching","commit_id":"a82a5f76c72151e49ab1b5e485c9b456400c2449"},{"author":{"_account_id":7144,"name":"James Slagle","email":"jslagle@redhat.com","username":"slagle"},"change_message_id":"3cc8e172469e565678af15df846d3ee7539e4499","unresolved":false,"context_lines":[{"line_number":431,"context_line":"            keystone::fernet_max_active_keys: {get_param: KeystoneFernetMaxActiveKeys}"},{"line_number":432,"context_line":"            keystone::enable_proxy_headers_parsing: true"},{"line_number":433,"context_line":"            keystone::enable_credential_setup: true"},{"line_number":434,"context_line":"            keystone::cache_memcache_servers: \"%{hiera(\u0027memcached::listen_ip\u0027)}:11211\""},{"line_number":435,"context_line":"            keystone::cache_backend: \"dogpile.cache.memcached\""},{"line_number":436,"context_line":"            keystone::credential_keys:"},{"line_number":437,"context_line":"              \u0027/etc/keystone/credential-keys/0\u0027:"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"3fa7e38b_de9a5712","line":434,"in_reply_to":"3fa7e38b_f002fb3c","updated":"2019-10-11 20:53:03.000000000","message":"as Alex mentions, i think we need to do this in puppet-tripleo. we already have a variable there for memcached_ips. The issue is that memcached::listen_ip defaults to the internal_api IP of the server that looks up that hiera value, so if you\u0027ve deployed with roles that have keystone and memcached on separate roles, then this would actually leave keystone misconfigured.\n\nI guess we can assume it can be enabled by default, or a add a new flag to toggle setting it.","commit_id":"a82a5f76c72151e49ab1b5e485c9b456400c2449"}]}