[memcache]dead_retry and [cache]memcache_dead_retry should be set back to 300
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
High
|
Oleksiy Molchanov | ||
5.1.x |
Invalid
|
High
|
Alex Ermolov | ||
6.0.x |
Invalid
|
High
|
Alex Ermolov | ||
6.1.x |
In Progress
|
High
|
Alex Ermolov |
Bug Description
As part of fixing bug 1461036 we set [cache]
Setting dead_retry to 30 does not even solve the initial problem, when keystone was not able to find a token set by woken up keystone.
Consider the following situation:
1. keystone-1, keystone-2, keystone-3; memcache-1, memcache-2, memcache-3.
2.
keystone-1 marks alive memcache-1, memcache-2, memcache-3;
keystone-2 marks alive memcache-1, memcache-2, memcache-3.
keystone-3 marks alive memcache-1, memcache-2, memcache-3.
haproxy knows about keystone-1, keystone-2, keystone-3.
3. keystone-3 and memcache-3 (being on the same controller) go down.
keystone-1 marks alive memcache-1, memcache-2, marks dead for N seconds memcache-3
keystone-2 marks alive memcache-1, memcache-2, marks dead for N seconds memcache-3
haproxy knows about keystone-1, keystone-2.
4. keystone-3 and memcache-3 immediately go up.
keystone-1 marks alive memcache-1, memcache-2; memcache-3 is marked as dead and will be considered dead for N seconds
keystone-2 marks alive memcache-1, memcache-2, memcache-3 is marked as dead and will be considered dead for N seconds
keystone-3 (haproxy marks it alive in 6-7 seconds after going up) marks alive memcache-1, memcache-2 AND memcache-3.
haproxy knows keystone-1, keystone-2, keystone-3,
Since keystone-3 knows that memcache-3 is alive it writes its token there.
keystone-1 does not know that memcache-3 is alive. It will look for requested token in memcache-1 and memcache-2, will not find it and will raise 401 Unauthorized.
We should set [cache]
check inter 10s fastinter 2s downinter 3s rise 150 fall 3
note 150 in `rise`. This setting guarantees that keystone-3 will not be marked as alive for 300 seconds after going up, solving our issue.
Changed in mos: | |
milestone: | 6.1 → 6.1-updates |
assignee: | Fuel Library Team (fuel-library) → Oleksiy Molchanov (omolchanov) |
status: | New → Confirmed |
Changed in mos: | |
milestone: | 6.1-updates → 7.0 |
Changed in mos: | |
status: | In Progress → Fix Committed |
IIUC, fernet tokens in the Kilo will not require memcached backend for the 7.0. If so, this issue is not applicable for the 7.0