OpenStack Identity (keystone)

client connection leak to memcached under eventlet due to threadlocal

Bug #1360446 reported by Aleksandr Shaposhnikov on 2014-08-22

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
OpenStack Identity (keystone)	Fix Released	Medium	Yuriy Taraday	OpenStack Identity (keystone) 2014.2 "juno"
Icehouse	Won't Fix	Medium	Unassigned
keystonemiddleware	Fix Released	Medium	Morgan Fainberg	keystonemiddleware 1.2.0

Bug Description

When Keystone configured with memcached as backend and token storage keystone didn't reuse connections to it and starting to fail after having more than 500 connections to the memcached.

Steps to reproduce:

1. Configure keystone with memcached as backend.
2. Create moreless good load (creating of VM's creates a lot of connections) on keystone and watch for connections to memcached using netstat, ex. netstat -an |grep -c ":11211"

Expected behavior:
connections number should be reasonable and be not more that the number of connections to the keystone (ideally :)

Observed bahavior:
Number of connections growing and seems than
1. They didn't reused at all.
2. Lifetime of some connection is 600 seconds.
3. It looks like not all the connections stay for 600 seconds.

<UPDATE from MorganFainberg>
This is specific to deploying under eventlet and the python-memcached library and it's explicit/unavoidable use of threadlocal. Use of threadlocal under eventlet causes the client connections to leak until the GC / kernel cleans up the connections. This was confirmed to only affect eventlet with patch threading.

Keystone deployed under apache is not affected.

All services deployed with keystonemiddleware that utilize eventlet and memcache for token cache are also affected.

See original description

Tags:

Aleksandr Shaposhnikov (alashai8) on 2014-08-22

description:	updated
description:	updated

Lance Bragstad (lbragstad) on 2014-08-23

tags:

added: memcached

Dolph Mathews (dolph) on 2014-09-04

Changed in keystone:
status:	New → Triaged
importance:	Undecided → Medium

Revision history for this message

Dolph Mathews (dolph) wrote on 2014-09-04:

Is this using kvs/dogpile or memcached directly? And icehouse or master?

Revision history for this message

Aleksandr Shaposhnikov (alashai8) wrote on 2014-09-04:

I found this on Icehouse and it was using dogpile with memcache as backend.

Revision history for this message

Dolph Mathews (dolph) wrote on 2014-09-04:

Morgan: is there anything we can do in keystone to fix this? or is it up to the dogpile backend?

Changed in keystone:
status:	Triaged → Incomplete
tags:	added: dogpile.cache

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-09-04:

This is up to fixing the dogpile backend. That being said it isn't hard to add this type of work to the dogpile backend. We already do some of this with the in-memory backend we use for testing.

If we have a clear solution to this (I think I have an idea on how to do this.. Similar to the pool in auth_token) this could easily be implemented in the course of an hour or so.

This is also likely something we can work with Mike Bayer and include upstream in dogpile directly.

So let's do this:

Work on a short term fix here that will land for Juno and is back portable (ensuring compat with older dogpile packaging). Then contribute the longer term fix to upstream dogpile.

I'll discuss a little more in depth on irc wen I'm back off phone only access.

Lance Bragstad (lbragstad) on 2014-09-04

Changed in keystone:
milestone:	none → juno-rc1

Revision history for this message

Mike Bayer (zzzeek) wrote on 2014-09-04:

hey @morganfainberg, looked for you on IRC but think you left already. Let me know what the nature of this is, e.g. if this has to do with the memcached implicit threadlocal thing they do, someone was asking me about this the other day.

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-09-05:

@zzzeek Just missed you on IRC, but I am not sure about the threadlocal issue (doesn't ring a bell). This appears to just be lack of re-use of the actual client connection object to memcached. We got around some of this issue in keystoneclient by using a memcachepool implementation that creates up to the number of worker threads worth of memcache connections and when it's done with the connection it puts it back into the pool (with a little logic to handle dead connections).

In this case i'm guessing they have a lot of activity and some connections aren't being closed due to either GC delay or other memcached client library oddities, so under load you end up with stale connections which cause this related error case.

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-09-05:

Socket limits, FD limits, etc.

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-09-05:

After further research, this looks to be an eventlet + memcache client (due to threadlocal implementation) issue.

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-09-05:

Under apache deployment this issue will not occur. It appears as if standard thread deployment under eventlet will also prevent this issue.

Based on a conversation in IRC todya we should have some patches posted soon to address the thread local issue (pending review/updates to make them supportable) for Juno and potentially backported to Icehouse. The longer term fix will include some new libraries and updates to dogpile.cache.

The immediate fix is to deploy keystone under apache instead of eventlet (or not use the Memcache backends)

Changed in keystone:
status:	Incomplete → Triaged

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-09-05:

#10

This affects any server using keystonemiddleware that runs under eventlet and uses memcache for token caching. The fix for keystonemiddleware will likely be based on the Keystone fix.

Changed in keystonemiddleware:
importance:	Undecided → High
status:	New → Triaged
tags:	added: icehouse-backport-potential
summary:	- Keystone server didn't reuse connections to memcached + client connection leak to memcached under eventlet due to threadlocal

Morgan Fainberg (mdrnstm) on 2014-09-05

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-05: Fix proposed to keystone (master)

#11

Fix proposed to branch: master
Review: https://review.openstack.org/119452

Changed in keystone:
assignee:	nobody → Yuriy Taraday (yorik-sar)
status:	Triaged → In Progress

OpenStack Infra (hudson-openstack) on 2014-09-06

Changed in keystone:
assignee:	Yuriy Taraday (yorik-sar) → Morgan Fainberg (mdrnstm)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-08: Fix proposed to keystonemiddleware (master)

#12

Fix proposed to branch: master
Review: https://review.openstack.org/119774

Changed in keystonemiddleware:
assignee:	nobody → Yuriy Taraday (yorik-sar)
status:	Triaged → In Progress
Changed in keystone:
assignee:	Morgan Fainberg (mdrnstm) → Razumovsky Peter (prazumovsky)

Yuriy Taraday (yorik-sar) on 2014-09-08

Changed in keystone:
assignee:	Razumovsky Peter (prazumovsky) → Yuriy Taraday (yorik-sar)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-12: Related fix proposed to keystone (master)

#13

Related fix proposed to branch: master
Review: https://review.openstack.org/121166

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-15: Change abandoned on keystone (master)

#14

Change abandoned by Morgan Fainberg (<email address hidden>) on branch: master
Review: https://review.openstack.org/121166
Reason: The parent needs a rebase will regenerate the config there.

OpenStack Infra (hudson-openstack) on 2014-09-15

Changed in keystone:
assignee:	Yuriy Taraday (yorik-sar) → Morgan Fainberg (mdrnstm)

OpenStack Infra (hudson-openstack) on 2014-09-16

Changed in keystone:
assignee:	Morgan Fainberg (mdrnstm) → Yuriy Taraday (yorik-sar)

OpenStack Infra (hudson-openstack) on 2014-09-17

Changed in keystone:
assignee:	Yuriy Taraday (yorik-sar) → Morgan Fainberg (mdrnstm)

OpenStack Infra (hudson-openstack) on 2014-09-17

Changed in keystone:
assignee:	Morgan Fainberg (mdrnstm) → Yuriy Taraday (yorik-sar)

OpenStack Infra (hudson-openstack) on 2014-09-17

Changed in keystone:
assignee:	Yuriy Taraday (yorik-sar) → Morgan Fainberg (mdrnstm)

Morgan Fainberg (mdrnstm) on 2014-09-20

Changed in keystonemiddleware:
milestone:	none → 1.2.0
importance:	High → Medium

OpenStack Infra (hudson-openstack) on 2014-09-21

Changed in keystonemiddleware:
assignee:	Yuriy Taraday (yorik-sar) → Morgan Fainberg (mdrnstm)

OpenStack Infra (hudson-openstack) on 2014-09-22

Changed in keystone:
assignee:	Morgan Fainberg (mdrnstm) → Yuriy Taraday (yorik-sar)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-23: Fix merged to keystone (master)

#15

Reviewed: https://review.openstack.org/119452
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0010803288748fcd3ce7dba212a54bffe7a61a0c
Submitter: Jenkins
Branch: master

commit 0010803288748fcd3ce7dba212a54bffe7a61a0c
Author: Yuriy Taraday <email address hidden>
Date: Thu Aug 28 14:27:58 2014 +0400

Add a pool of memcached clients

    This patchset adds a pool of memcache clients. This pool allows for reuse of
    a client object, prevents too many client object from being instantiated, and
    maintains proper tracking of dead servers so as to limit delays
    when a server (or all servers) become unavailable.

    The new memcache pool backend is available either by being set as the memcache
    backend or by using keystone.token.persistence.backends.memcache_pool.Token for
    the Token memcache persistence driver.

    [memcache]
    servers = 127.0.0.1:11211
    dead_retry = 300
    socket_timeout = 3
    pool_maxsize = 10
    pool_unused_timeout = 60

    Where:
    - servers - comma-separated list of host:port pairs (was already there);
    - dead_retry - number of seconds memcached server is considered dead
      before it is tried again;
    - socket_timeout - timeout in seconds for every call to a server;
    - pool_maxsize - max total number of open connections in the pool;
    - pool_unused_timeout - number of seconds a connection is held unused in
      the pool before it is closed;

    The new memcache pool backend can be used as the driver for the Keystone
    caching layer. To use it as caching driver, set
    'keystone.cache.memcache_pool' as the value of the [cache]\backend option,
    the other options are the same as above, but with 'memcache_' prefix:

    [cache]
    backend = keystone.cache.memcache_pool
    memcache_servers = 127.0.0.1:11211
    memcache_dead_retry = 300
    memcache_socket_timeout = 3
    memcache_pool_maxsize = 10
    memcache_pool_unused_timeout = 60

    Co-Authored-By: Morgan Fainberg <email address hidden>
    Closes-bug: #1332058
    Closes-bug: #1360446
    Change-Id: I3544894482b30a47fcd4fac8948d03136fd83f14

Reviewed:  https://review.openstack.org/119452
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0010803288748fcd3ce7dba212a54bffe7a61a0c
Submitter: Jenkins
Branch:    master

commit 0010803288748fcd3ce7dba212a54bffe7a61a0c
Author: Yuriy Taraday <yorik.sar@gmail.com>
Date:   Thu Aug 28 14:27:58 2014 +0400

Add a pool of memcached clients
    
    This patchset adds a pool of memcache clients. This pool allows for reuse of
    a client object, prevents too many client object from being instantiated, and
    maintains proper tracking of dead servers so as to limit delays
    when a server (or all servers) become unavailable.
    
    The new memcache pool backend is available either by being set as the memcache
    backend or by using keystone.token.persistence.backends.memcache_pool.Token for
    the Token memcache persistence driver.
    
    [memcache]
    servers = 127.0.0.1:11211
    dead_retry = 300
    socket_timeout = 3
    pool_maxsize = 10
    pool_unused_timeout = 60
    
    Where:
    - servers - comma-separated list of host:port pairs (was already there);
    - dead_retry - number of seconds memcached server is considered dead
      before it is tried again;
    - socket_timeout - timeout in seconds for every call to a server;
    - pool_maxsize - max total number of open connections in the pool;
    - pool_unused_timeout - number of seconds a connection is held unused in
      the pool before it is closed;
    
    The new memcache pool backend can be used as the driver for the Keystone
    caching layer. To use it as caching driver, set
    'keystone.cache.memcache_pool' as the value of the [cache]\backend option,
    the other options are the same as above, but with 'memcache_' prefix:
    
    [cache]
    backend = keystone.cache.memcache_pool
    memcache_servers = 127.0.0.1:11211
    memcache_dead_retry = 300
    memcache_socket_timeout = 3
    memcache_pool_maxsize = 10
    memcache_pool_unused_timeout = 60
    
    Co-Authored-By: Morgan Fainberg <morgan.fainberg@gmail.com>
    Closes-bug: #1332058
    Closes-bug: #1360446
    Change-Id: I3544894482b30a47fcd4fac8948d03136fd83f14

Changed in keystone:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-25: Fix merged to keystonemiddleware (master)

#16

Reviewed: https://review.openstack.org/119774
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=045cddcea2ecefccecbb40d4249b915c3f1faae3
Submitter: Jenkins
Branch: master

commit 045cddcea2ecefccecbb40d4249b915c3f1faae3
Author: Morgan Fainberg <email address hidden>
Date: Sun Sep 21 13:20:35 2014 -0700

Add an optional advanced pool of memcached clients

    This patchset adds an advanced eventlet safe pool of memcache clients. This
    allows the deployer to configure auth_token middleware to utilize the new
    pool by simply setting 'memcache_use_advanced_pool' to true. Optional
    tunables for the memcache pool have also been added.

    Co-Authored-By: Morgan Fainberg <email address hidden>
    Closes-bug: #1332058
    Closes-bug: #1360446
    Change-Id: I08082b46ce692cf4df449d48dac94718f1e98a6c

Changed in keystonemiddleware:
status:	In Progress → Fix Committed

Dolph Mathews (dolph) on 2014-09-25

Changed in keystonemiddleware:
status:	Fix Committed → Fix Released

Revision history for this message

Dolph Mathews (dolph) wrote on 2014-09-26:

#17

Backporting this to stable/icehouse looks like it's going to take some care rebasing, if anyone wants to tackle that :)

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2014-09-26:

#18

Looks like Brant had some comment on the patch right before it merged that never were addressed. Should a separate patch be pushed to address those concerns in master before back-porting both to icehouse?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-26: Related fix proposed to keystone (master)

#19

Related fix proposed to branch: master
Review: https://review.openstack.org/124443

Thierry Carrez (ttx) on 2014-09-30

Changed in keystone:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-13: Related fix merged to keystone (master)

#20

Reviewed: https://review.openstack.org/124443
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bdc0f68210a29e7ad02734d11fb88e5c31930cd8
Submitter: Jenkins
Branch: master

commit bdc0f68210a29e7ad02734d11fb88e5c31930cd8
Author: Lance Bragstad <email address hidden>
Date: Fri Sep 26 15:31:24 2014 +0000

Address some late comments for memcache clients

This change addresses some late comments from the following review:
https://review.openstack.org/#/c/119452/31

Change-Id: I031620f9085ff914aa9b99c21387f953b6ada171
Related-Bug: #1360446

Thierry Carrez (ttx) on 2014-10-16

Changed in keystone:
milestone:	juno-rc1 → 2014.2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-17: Related fix proposed to keystone (feature/hierarchical-multitenancy)

#21

Related fix proposed to branch: feature/hierarchical-multitenancy
Review: https://review.openstack.org/129376

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-18: Related fix merged to keystone (feature/hierarchical-multitenancy)

#22

Download full text (8.3 KiB)

Reviewed: https://review.openstack.org/129376
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6f806bdc9b58206ecccf29f79df1257e737e9f5b
Submitter: Jenkins
Branch: feature/hierarchical-multitenancy

commit fdbad9f530ea4478d96437b021c9b5cc6d338901
Author: Nathan Kinder <email address hidden>
Date: Wed Oct 15 16:21:01 2014 -0700

Restrict certain APIs to cloud admin in domain-aware policy

    Some of the APIs in the domain-aware policy file are currently
    allowed by any "admin" user, when they should really be locked
    down to the cloud admin. Without this, users who are a project
    admin will be allowed to do things like manage regions, IdPs,
    and other objects that they should not be allowed to touch.

Change-Id: Ifca8bc2fffd2d8c1bf02373d1fadd459a77f836c
Closes-bug: #1381809

commit 062786bc53533edf78a24e35688d7183c0b57175
Author: Brad Topol <email address hidden>
Date: Mon Sep 8 11:28:02 2014 -0500

Clean up federated identity audit code

Change-Id: I110eb40c83f1de25bff9215b0490269f5941316a

commit 1056f9abfb283abb083538b7588a006c1b242d1b
Author: wanghong <email address hidden>
Date: Thu Oct 9 15:39:27 2014 +0800

obsolete deployment docs

Now we use 'database' section instead, but the doc does not synchronize.

Change-Id: Ie73ec8225ce1290a4b8fdbb5b9db4c566b5ada22
Closes-Bug: #1377101

commit 1b2fc1e10469bf5ff97b8a825ba404dd8f602320
Author: David Stanek <email address hidden>
Date: Thu Sep 4 17:59:58 2014 +0000

Fixes a spelling error in hacking tests

bp more-code-style-automation

Change-Id: I9159aba128415d6e3a1f9ee9147c7cba19abeffe

commit 2520502724c549fb7ad846203ed60eb86c21aed3
Author: OpenStack Proposal Bot <email address hidden>
Date: Tue Oct 7 19:12:29 2014 +0000

Updated from global requirements

Change-Id: If2d591bba119998e41f109f4099ba4147821171e

commit 8af522af96c4bc0f6d0f7de48f6433fd19115d54
Author: Henry Nash <email address hidden>
Date: Tue Oct 7 10:01:47 2014 +0100

Remove deprecated KVS trust backend.

The trust backend is one of the KVS backends that was marked as
deprecated, for removal in Kilo. This patch removes it.

Partially implements: bp removed-as-of-kilo

Change-Id: Ib67cd33419d09e219d90ab8c50d375964a12640c

commit a96b20238919037837156e238e708abff415cade
Author: Steve Martinelli <email address hidden>
Date: Fri Sep 26 14:40:22 2014 -0400

Add v3 openstackclient CLI examples

    Add some notes about authenticating with v3 keystone and
    openstackclient. Also add some examples that don't exist in v2.0,
    like domains and groups.

Change-Id: I92f9f9ab3ed4657f0771ad284ee6c4c613eca27c

commit 495b44ae0ed3e69e21022ccfc9e2d67ba4d0a97e
Author: Steve Martinelli <email address hidden>
Date: Thu Sep 25 12:08:15 2014 -0400

Update the CLI examples to also use openstackclient

In the CLI example section, use openstackclient examples and
keystoneclient examples.

Change-Id: Ia13730fbac5900998993c56d9a792b392a1ba3ac

commit 4f9add8029de5f9463b9bd9ca4f933f1be79c021
Author: Steve Martinelli <stevemar@c...

Reviewed:  https://review.openstack.org/129376
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6f806bdc9b58206ecccf29f79df1257e737e9f5b
Submitter: Jenkins
Branch:    feature/hierarchical-multitenancy

commit fdbad9f530ea4478d96437b021c9b5cc6d338901
Author: Nathan Kinder <nkinder@redhat.com>
Date:   Wed Oct 15 16:21:01 2014 -0700

Restrict certain APIs to cloud admin in domain-aware policy
    
    Some of the APIs in the domain-aware policy file are currently
    allowed by any "admin" user, when they should really be locked
    down to the cloud admin.  Without this, users who are a project
    admin will be allowed to do things like manage regions, IdPs,
    and other objects that they should not be allowed to touch.
    
    Change-Id: Ifca8bc2fffd2d8c1bf02373d1fadd459a77f836c
    Closes-bug: #1381809

commit 062786bc53533edf78a24e35688d7183c0b57175
Author: Brad Topol <btopol@us.ibm.com>
Date:   Mon Sep 8 11:28:02 2014 -0500

Clean up federated identity audit code
    
    Change-Id: I110eb40c83f1de25bff9215b0490269f5941316a

commit 1056f9abfb283abb083538b7588a006c1b242d1b
Author: wanghong <w.wanghong@huawei.com>
Date:   Thu Oct 9 15:39:27 2014 +0800

obsolete deployment docs
    
    Now we use 'database' section instead, but the doc does not synchronize.
    
    Change-Id: Ie73ec8225ce1290a4b8fdbb5b9db4c566b5ada22
    Closes-Bug: #1377101

commit 1b2fc1e10469bf5ff97b8a825ba404dd8f602320
Author: David Stanek <dstanek@dstanek.com>
Date:   Thu Sep 4 17:59:58 2014 +0000

Fixes a spelling error in hacking tests
    
    bp more-code-style-automation
    
    Change-Id: I9159aba128415d6e3a1f9ee9147c7cba19abeffe

commit 2520502724c549fb7ad846203ed60eb86c21aed3
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Tue Oct 7 19:12:29 2014 +0000

Updated from global requirements
    
    Change-Id: If2d591bba119998e41f109f4099ba4147821171e

commit 8af522af96c4bc0f6d0f7de48f6433fd19115d54
Author: Henry Nash <henryn@linux.vnet.ibm.com>
Date:   Tue Oct 7 10:01:47 2014 +0100

Remove deprecated KVS trust backend.
    
    The trust backend is one of the KVS backends that was marked as
    deprecated, for removal in Kilo. This patch removes it.
    
    Partially implements: bp removed-as-of-kilo
    
    Change-Id: Ib67cd33419d09e219d90ab8c50d375964a12640c

commit a96b20238919037837156e238e708abff415cade
Author: Steve Martinelli <stevemar@ca.ibm.com>
Date:   Fri Sep 26 14:40:22 2014 -0400

Add v3 openstackclient CLI examples
    
    Add some notes about authenticating with v3 keystone and
    openstackclient. Also add some examples that don't exist in v2.0,
    like domains and groups.
    
    Change-Id: I92f9f9ab3ed4657f0771ad284ee6c4c613eca27c

commit 495b44ae0ed3e69e21022ccfc9e2d67ba4d0a97e
Author: Steve Martinelli <stevemar@ca.ibm.com>
Date:   Thu Sep 25 12:08:15 2014 -0400

Update the CLI examples to also use openstackclient
    
    In the CLI example section, use openstackclient examples and
    keystoneclient examples.
    
    Change-Id: Ia13730fbac5900998993c56d9a792b392a1ba3ac

commit 4f9add8029de5f9463b9bd9ca4f933f1be79c021
Author: Steve Martinelli <stevemar@ca.ibm.com>
Date:   Sat Oct 4 02:32:49 2014 -0400

Replace an instance of keystone/openstack/common/timeutils
    
    There was an instance of timeutils from the sycn'ed code in:
    keystone/contrib/federation/idp.py, we should replace is with
    oslo.utils.
    
    Change-Id: I5a208903d6810d8f2d43fc710874f6d8463e2150

commit 7e1289244ec95a086152229b72ebe83cbcb5a1ea
Author: Steve Martinelli <stevemar@ca.ibm.com>
Date:   Sat Oct 4 00:54:00 2014 -0400

Use importutils from oslo.utils
    
    Rather than sync'ing with oslo-incubator, let's use the library
    oslo.utils instead, we already import it anyway.
    We can't remove importutils under keystone/openstack/common/
    because it's still used by other common functions.
    
    Change-Id: I0a8c2de0fa92090a3631a2d30cc311059d021eae

commit faa6aed1a8ece2e5c67f3d9d678f989de89a50c9
Author: Steve Martinelli <stevemar@ca.ibm.com>
Date:   Sat Oct 4 01:33:35 2014 -0400

Use jsonutils from oslo.serialization
    
    Rather than sync'ing with oslo-incubator, let's use the library
    oslo.serialization instead.
    We can't remove jsonutils under keystone/openstack/common/
    because it's still used by other common functions.
    
    Change-Id: Ic3e8d621616dd1cf14ac1446405896f2dc61288b

commit 6683d96821229eddc634be7a396c4ca018f3e53b
Author: Steve Martinelli <stevemar@ca.ibm.com>
Date:   Thu Sep 25 01:40:16 2014 -0400

Update 'Configuring Services' documentation
    
    These docs are sorely out of date; are littered with references
    to tenants, and reference the soon-to-be-depreated keystone CLI.
    
    Change-Id: Idaa360446d9a0b797044c277f224758505375650

commit 081eb90d722725f05beff6d8dfb3504004a0dcc4
Author: Steve Martinelli <stevemar@ca.ibm.com>
Date:   Fri Sep 26 00:58:00 2014 -0400

Use openstackclient examples in configuration documentation
    
    We should start encouraging the use of openstackclient in the
    Keystone documentation. However, maintain some references to
    keystoneclient's CLI for backwards compatability purposes.
    
    Change-Id: I16fa302c2cd5bf3592725ef7f3ef6c5ba6e83354

commit 1ea9d50a2c828a3eb976e458659008a5461b1418
Author: Steve Martinelli <stevemar@ca.ibm.com>
Date:   Thu Oct 2 12:57:20 2014 -0400

Remove deprecated TemplatedCatalog class
    
    Use keystone.catalog.backends.templated.Catalog instead
    
    implements bp removed-as-of-kilo
    
    Change-Id: I0415852991e504677d1d1a81740c72f0bd8fc8bb

commit 78b49fdc302ac385b9c94a09a4b866433bf5d1e0
Author: Steve Martinelli <stevemar@ca.ibm.com>
Date:   Wed Oct 1 21:30:45 2014 -0400

Add an XML code directive to a shibboleth example
    
    By using the code directive the doc generated adds some basic
    syntax highlighting, making it much easier to read.
    
    Change-Id: I865085b833dbeba841a4de9111167d5e7aafba98

commit d7b52931aeef06eda6ec774f6cc3497836b14899
Author: Dolph Mathews <dolph.mathews@gmail.com>
Date:   Wed Oct 1 21:18:25 2014 +0000

revise docs on default _member_ role
    
    Closes-Bug: 1330132
    Change-Id: I3d9647ee6e537b304191dfa5e34e56122c11cd68

commit 897cfb18ad1cdb5f169d452178295cafd5ae9e8f
Author: wanghong <w.wanghong@huawei.com>
Date:   Fri Sep 5 15:13:02 2014 +0800

wrong logic in assertValidRoleAssignmentListResponse method
    
    According to current logic, we always use the last of entities to
    compare with ref. And, actually, we provide another method
    assertRoleAssignmentInListResponse to judge whether the ref in the
    list. So, the ref parameter could be removed.
    
    Change-Id: I3f8786baa6964c0f17add2d669aa736732698ea7

commit bdc0f68210a29e7ad02734d11fb88e5c31930cd8
Author: Lance Bragstad <lbragstad@gmail.com>
Date:   Fri Sep 26 15:31:24 2014 +0000

Address some late comments for memcache clients
    
    This change addresses some late comments from the following review:
    https://review.openstack.org/#/c/119452/31
    
    Change-Id: I031620f9085ff914aa9b99c21387f953b6ada171
    Related-Bug: #1360446

commit 15e0c974fe92ca006832da458807dbe7b55dd76b
Author: Brant Knudson <bknudson@us.ibm.com>
Date:   Sat Sep 13 14:10:45 2014 -0500

Refactor FakeLdap to share delete code
    
    FakeLdap is changed to implement delete_s using delete_ext_s.
    
    Change-Id: Ibf63f6e13da830b57a9f7ea5b9689d52d7bdf690

commit 2bf29998942071d656361455e3d75c17ea513cb7
Author: Brant Knudson <bknudson@us.ibm.com>
Date:   Sat Sep 13 14:19:23 2014 -0500

Fix fakeldap search_s documentation
    
    FakeLdap's search_s documentation said it only supported base and
    subtree, but it also supports onelevel.
    
    Change-Id: I7536855d5a94a5d570e993be1a1e3da92ddd9e0f

commit d20cb633506913bb7c6ecb57400bb74dc7b579a8
Author: David Stanek <dstanek@dstanek.com>
Date:   Thu Aug 14 19:30:28 2014 +0000

Updates package comment to be more accurate.
    
    Change-Id: I980b9fb37516f5775f11a01d93e82d5349b8850a

commit 81c52ce5446ee6b7602fb1c38b812a096a4e116a
Author: Brant Knudson <bknudson@us.ibm.com>
Date:   Sun Sep 7 15:41:17 2014 -0500

Add testcase for coverage of 002_add_endpoint_groups
    
    There wasn't unit test coverage for (keystone.contrib.
    endpoint_filter.migrate_repo.versions.002_add_endpoint_groups).
    
    Change-Id: I902ff28a82a964f19835d2b16e46501e45fb1371

Revision history for this message

Piyush Srivastava (piyush0101) wrote on 2018-04-06:

#23

Does this happen if you use unix domain sockets to connect to memcache?

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.