Ask Your Question
2

Expected behavior of Keystone memcached tokens?

asked 2014-04-21 13:18:06 -0500

conrad gravatar image

My team has a use case for Keystone memcached tokens and I want to confirm what I saw when I was playing with this configuration. I turned on memcached and was able to create and validate tokens. I then queried memcached for the tokens and I saw them. I did not see the tokens in the database. Is this expected behavior?

It was my understanding that memcache is usually used to support improvement of read access so the initial write is to the database, and any reads after the first one is from memcache; hence tokens should appear in both places.

From the code, it looks like the backend only talks to memcache, but I want to make sure that this is the design intent. Thanks in advance.

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2014-04-22 01:25:51 -0500

nethawk gravatar image

When you use memcached,the tokens will be saved in memcahced instead of database.And tokens need'nt write to database when using memcached.

edit flag offensive delete link more
add a comment
0

answered 2014-04-21 22:11:44 -0500

Haneef Ali gravatar image

updated 2014-04-22 01:53:59 -0500 

Memcache in services
You want to configure memcache in  the services.  Specifically the authtoken section of your service refers to keystone middleware.  There you want to configure memcache so that keystone middleware makes use of memcache instead of talking to keystone for every request.

http://docs.openstack.org/developer/python-keystoneclient/middlewarearchitecture.html

Use memcache to cache the token in keystone server
  In keystone.conf there is cache settings.  enable global cache and then enable token cache and then configure the cache backend for dogpile. Dogphile cache backend can be  inmemory , memcache or mongo db.  BTW this is from icehouse release
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-04-21 13:18:06 -0500

Seen: 529 times

Last updated: Apr 22 '14

Related questions

Keeping original scope when requesting a new token from token

Is it possible for a normal user to check the tenant list?

Ldap multiple user_tree_dn

How to enable https for keystone endpoints?

unexpected error setting up keystone

keystone error in kilo with ubuntu 14.04

Multiple endpoints for a single service?

How to retrieve a list of tenants/projects for user from keystone API

keystone relocation

How to get service catalog with Python API?