OpenStack + Chef

[identity] in-process token cache is deprecated in favor of memcache

Bug #1661753 reported by Samuel Cassiba on 2017-02-03

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack + Chef	Fix Released	Medium	Dr. Jens Harbott

Bug Description

2017-02-03 21:58:42.861 24305 WARNING keystonemiddleware.auth_token [-] Using the in-process token cache is deprecated as of the 4.2.0 release and may be removed in the 5.0.0 release or the 'O' development cycle. The in-process cache causes inconsistent results and high memory usage. When the feature is removed the auth_token middleware will not cache tokens by default which may result in performance issues. It is recommended to use memcache for the auth_token token cache by setting the memcached_servers option.

Dr. Jens Harbott (j-harbott) on 2017-02-08

Changed in openstack-chef:
status:	New → Confirmed

Revision history for this message

Dr. Jens Harbott (j-harbott) wrote on 2017-02-09:

The solution seems to be to add

[keystone_authtoken]
memcached_servers = ...

entries into the configs for all affected services:

# grep keystone_authtoken /etc/*/*.conf
/etc/ceilometer/ceilometer.conf:[keystone_authtoken]
/etc/cinder/cinder.conf:[keystone_authtoken]
/etc/glance/glance-api.conf:[keystone_authtoken]
/etc/glance/glance-registry.conf:[keystone_authtoken]
/etc/heat/heat.conf:[keystone_authtoken]
/etc/murano/murano.conf:[keystone_authtoken]
/etc/neutron/neutron.conf:[keystone_authtoken]
/etc/nova/nova.conf:[keystone_authtoken]

I'll spin up a set of patches once https://review.openstack.org/431528 is merged which fixes setting memcached_servers in the integration test.

Changed in openstack-chef:
status:	Confirmed → In Progress
assignee:	nobody → Dr. Jens Rosenboom (j-rosenboom-j)

Dr. Jens Harbott (j-harbott) on 2017-02-10

Changed in openstack-chef:
importance:	Undecided → Medium

Revision history for this message

Roger Luethi (rl-o) wrote on 2017-10-17:

The warning message has not changed in Pike. It still suggests that the in-process token cache may be removed for Ocata. So we're good at least until Queens.

Dr. Jens Harbott (j-harbott) on 2019-08-28

Changed in openstack-chef:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.