Ask Your Question
1

Change keystone token backend from SQL to memcached

asked 2015-05-27 08:54:23 -0500

DanielJ gravatar image

I have installed OpenStack Juno on Ubuntu. In the past, keystone has stored its tokens in an SQL database. Now, I want to use memcached to store the tokens. Therefore, I have installed the packages memcached and python-memcache. Then I have updated the keystone configuration file as shown below and restarted the keystone service. But from then on, keystone only logs the following messages:

WARNING keystone.middleware.core [-] RBAC: Invalid token
WARNING keystone.common.wsgi [-] The request you have made requires authentication.

Even after waiting of 15 minutes these warnings are still logged. How can I configure keystone correctly, to use memcached instead of SQL?

Now, I have changed the configuration back to SQL by (un)comment the appropriate driver lines in the configuration file and restarting keystone but I still get these warnings.

Does it simple require more time until all openstack services have received new tokens?

Here is the keystone.conf file (some sensitive informations are replaced by <> tags):

[DEFAULT]
admin_token=<admin_token>
log_dir=/var/log/keystone
rabbit_hosts=<rabbit_server1>,<rabbit_server2>,<rabbit_server3>
rabbit_userid=<rabbit_user>
rabbit_password=<rabbit_password>
rabbit_retry_interval = 1
rabbit_retry_backoff = 2
rabbit_max_retries = 0
rabbit_durable_queues = false
rabbit_ha_queues=true

[catalog]
driver=keystone.catalog.backends.sql.Catalog

[database]
connection = <database_connection>
use_db_reconnect = True

[token]
provider = keystone.token.providers.uuid.Provider
#driver = keystone.token.persistence.backends.sql.Token
driver = keystone.token.persistence.backends.memcache.Token

[extra_headers]
Distribution = Ubuntu
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-08-04 12:45:56 -0500

deeghuge gravatar image

updated 2015-08-04 12:46:25 -0500

Looks like you missed updating [ cache ] section in keystone.conf.

[cache]
backend_argument = url:localhost:11211
enabled = True
config_prefix = cache.keystone
expiration_time = 300
backend = dogpile.cache.memcached

After update restart the keystone service. Hopefully this should solve your problem.

edit flag offensive delete link more

Comments

Based on my understanding of the official documentation, the [cache] section is used to configure keystone that it just caches the latest tokens in memcached but all tokens remain in the database. Is this correct? I would prefer replacing the database by memcached.

DanielJ gravatar imageDanielJ ( 2015-08-07 06:45:54 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-05-27 08:54:23 -0500

Seen: 1,800 times

Last updated: Aug 04 '15