Change keystone token backend from SQL to memcached

asked 2015-05-27 08:54:23 -0500

DanielJ gravatar image

I have installed OpenStack Juno on Ubuntu. In the past, keystone has stored its tokens in an SQL database. Now, I want to use memcached to store the tokens. Therefore, I have installed the packages memcached and python-memcache. Then I have updated the keystone configuration file as shown below and restarted the keystone service. But from then on, keystone only logs the following messages:

WARNING keystone.middleware.core [-] RBAC: Invalid token
WARNING keystone.common.wsgi [-] The request you have made requires authentication.

Even after waiting of 15 minutes these warnings are still logged. How can I configure keystone correctly, to use memcached instead of SQL?

Now, I have changed the configuration back to SQL by (un)comment the appropriate driver lines in the configuration file and restarting keystone but I still get these warnings.

Does it simple require more time until all openstack services have received new tokens?

Here is the keystone.conf file (some sensitive informations are replaced by <> tags):

rabbit_retry_interval = 1
rabbit_retry_backoff = 2
rabbit_max_retries = 0
rabbit_durable_queues = false


connection = <database_connection>
use_db_reconnect = True

provider = keystone.token.providers.uuid.Provider
#driver = keystone.token.persistence.backends.sql.Token
driver = keystone.token.persistence.backends.memcache.Token

Distribution = Ubuntu
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-08-04 12:45:56 -0500

deeghuge gravatar image

updated 2015-08-04 12:46:25 -0500

Looks like you missed updating [ cache ] section in keystone.conf.

backend_argument = url:localhost:11211
enabled = True
config_prefix = cache.keystone
expiration_time = 300
backend = dogpile.cache.memcached

After update restart the keystone service. Hopefully this should solve your problem.

edit flag offensive delete link more


Based on my understanding of the official documentation, the [cache] section is used to configure keystone that it just caches the latest tokens in memcached but all tokens remain in the database. Is this correct? I would prefer replacing the database by memcached.

DanielJ gravatar imageDanielJ ( 2015-08-07 06:45:54 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-05-27 08:54:23 -0500

Seen: 1,968 times

Last updated: Aug 04 '15