tokens in memcache have no/improper expiration

I'll look into this a little deeper, but from the information provided it doesn't sound like there is an issue. The 'stats cachedump' command will often, and maybe even likely, show things that are expired. memcache won't actually delete the item from memory until you access it again and it decides that it's expired or if it's trying to make room for new entries. In the new entries case I'm not sure if you'd see if as an eviction because the data wasn't forced out.

You can tell if an item has no expiration pretty easily if it's expiration is equal to 'time - uptime' where time and uptime can be found in the stats output.

Also note that memcache is greedy and will use up (or at least appear that way to unix tools) all of the memory you give it.

Matt and I talked offline about this and we'll work together next week on it.

This behavior is actually expected based on our current implementation. keystonemiddleware is actually using the memcached library directly and setting timeouts. keystone uses dogpile and sets a dogpile expiration and not a memcached expiration. This means that the data will expire like expected, but it won't be expired as far as memcached is concerned.

Other than appearing to be fuller than it actually is, I don't think there is too much impact. Even when a memcached timeout exists on an entry is will not actually be deleted from memory by memcached until it is accessed again or memcached needs the memory.

I've created a POC change in olso.cache that "fixes" this problem.

If this is worth having we could bring back this review: https://review.openstack.org/#/c/350942

I don't really think this is a bug, but rather a misunderstanding since we do caching differently between components.

Automatically unassigning due to inactivity.

This is not a bug. Dogpile.cache can set an actual memcache expiration, however, we have simply been leaning on the LRU capabilities on memcache. For keystone this would need to be changed in oslo.cache not in Keystone.

I am marking this as opinion, it's not really a bug, it is how we have implemented the cache. We can revisit this if there is a desire as an RFE for oslo.cache.

I'd like to re-start the discussion about this bug.

What this combination currently leads to is effectively false positive alerts on memcached monitoring.

Monitoring memcached for forced evictions is a well established practice to get alerted when you need to increase the cache size or redistribute it between slabs or check in any other way for possible abnormalities of cache usage.
But this of course relies on cache users to not dump stuff into the cache to keep it "forever". Memcached server AFAIU has no periodic garbage collection, so even with TTL set, memcached will only delete the data if either client tries to access that expired key, or to make room for new data - in which case it won't consider it a forced eviction.

Here however keystone keeps storing token creation/validation data, for whatever reason it is never deleted from memcached by dogpile itself (because at some point too nothing asks for that potentially expired info, and it also does not have any periodic GC? anyway basically impossible in a wsgi app) and it has no TTL in memcached as well, so when memcached tries to make room for new data, it deletes them and fires forced eviction alerts.

I'd like oslo.cache maintainers to please restore the patch https://review.opendev.org/c/openstack/oslo.cache/+/350942 and I will take it over.

Hi,

Do you have any update it's still relevant?

Re-reading the existing implementation I think this is a valid improvement for memcache driver and also redis driver, which do not currently use the expiration mechanism within backend service.

I'll look into this during this cycle, but one thing I noticed here is the fact that the solution earlier proposed breaks the case where a specific cache_time option is configured by a very large value. Probably we have to add a new option to control expiration in backends.