From 38a69b8fd93a7b2440acc0aed8f94e67ac1232a8 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien.macchi@enovance.com>
Date: Thu, 27 Mar 2014 09:50:29 +0100
Subject: [PATCH 1/3] Keystone: Move to SQL backend for Token storage

Using Memcache as storage backend for Tokens in Keystone, we hit this
bug: https://bugs.launchpad.net/keystone/+bug/1242620

It generates some bugs when running Tempest framework and also failures
in our QA process.

After some investigation, it seems the bug will not be fixed in Havana
and we should switch to SQL backend. Another work will be done
also on the MySQL keystone tables to avoid useless replication for
large scale deployments.

Bug #379
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
---
 manifests/identity.pp               | 8 --------
 spec/classes/cloud_identity_spec.rb | 6 +-----
 2 files changed, 1 insertion(+), 13 deletions(-)

diff --git a/manifests/identity.pp b/manifests/identity.pp
index efde1256..8d03913c 100644
--- a/manifests/identity.pp
+++ b/manifests/identity.pp
@@ -35,10 +35,6 @@
 #   (optional) Password to connect to keystone database
 #   Default value in params
 #
-# [*memcache_servers*]
-#   (optional) Memcached servers used by Keystone. Should be an array.
-#   Default value in params
-#
 # [*ks_admin_email*]
 #   (optional) Email address of admin user in Keystone
 #   Default value in params
@@ -333,7 +329,6 @@ class cloud::identity (
   $keystone_db_host             = $os_params::keystone_db_host,
   $keystone_db_user             = $os_params::keystone_db_user,
   $keystone_db_password         = $os_params::keystone_db_password,
-  $memcache_servers             = $os_params::memcache_servers,
   $ks_admin_email               = $os_params::ks_admin_email,
   $ks_admin_password            = $os_params::ks_admin_password,
   $ks_admin_tenant              = $os_params::ks_admin_tenant,
@@ -398,7 +393,6 @@ class cloud::identity (
   $log_facility                 = $os_params::log_facility,
   $use_syslog                   = $os_params::use_syslog,
   $ks_token_expiration          = $os_params::ks_token_expiration,
-  $ks_token_driver              = 'keystone.token.backends.memcache.Token'
 ){
 
   # Disable twice logging if syslog is enabled
@@ -422,9 +416,7 @@ class cloud::identity (
     debug            => $debug,
     idle_timeout     => 60,
     log_facility     => $log_facility,
-    memcache_servers => $memcache_servers,
     sql_connection   => "mysql://${encoded_user}:${encoded_password}@${keystone_db_host}/keystone",
-    token_driver     => $ks_token_driver,
     token_provider   => 'keystone.token.providers.uuid.Provider',
     use_syslog       => $use_syslog,
     verbose          => $verbose,
diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb
index 4ee574e0..86cd0a22 100644
--- a/spec/classes/cloud_identity_spec.rb
+++ b/spec/classes/cloud_identity_spec.rb
@@ -28,7 +28,6 @@ describe 'cloud::identity' do
         :keystone_db_host             => '10.0.0.1',
         :keystone_db_user             => 'keystone',
         :keystone_db_password         => 'secrete',
-        :memcache_servers             => ['10.0.0.1','10.0.0.2'],
         :ks_admin_email               => 'admin@openstack.org',
         :ks_admin_password            => 'secrete',
         :ks_admin_tenant              => 'admin',
@@ -90,8 +89,7 @@ describe 'cloud::identity' do
         :log_facility                 => 'LOG_LOCAL0',
         :use_syslog                   => true,
         :ks_token_expiration          => '3600',
-        :api_eth                      => '10.0.0.1',
-        :ks_token_driver              => 'keystone.token.backends.memcache.Token' }
+        :api_eth                      => '10.0.0.1' }
     end
 
     it 'configure keystone server' do
@@ -103,9 +101,7 @@ describe 'cloud::identity' do
         :verbose             => true,
         :idle_timeout        => '60',
         :log_facility        => 'LOG_LOCAL0',
-        :memcache_servers    => ['10.0.0.1','10.0.0.2'],
         :sql_connection      => 'mysql://keystone:secrete@10.0.0.1/keystone',
-        :token_driver        => 'keystone.token.backends.memcache.Token',
         :token_provider      => 'keystone.token.providers.uuid.Provider',
         :use_syslog          => true,
         :bind_host           => '10.0.0.1',

From ce3c03d16249f69995ee9cc8caeeb01dc17af7ec Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien.macchi@enovance.com>
Date: Thu, 27 Mar 2014 09:56:35 +0100
Subject: [PATCH 2/3] Keystone / Rspec: Ensure we have SQL backend for tokens

Ensure in the tests that puppet-keystone provide us by default SQL
backend to store tokens.

Bug #379
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
---
 spec/classes/cloud_identity_spec.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb
index 86cd0a22..d152c662 100644
--- a/spec/classes/cloud_identity_spec.rb
+++ b/spec/classes/cloud_identity_spec.rb
@@ -102,6 +102,7 @@ describe 'cloud::identity' do
         :idle_timeout        => '60',
         :log_facility        => 'LOG_LOCAL0',
         :sql_connection      => 'mysql://keystone:secrete@10.0.0.1/keystone',
+        :token_driver        => 'keystone.token.backends.sql.Token',
         :token_provider      => 'keystone.token.providers.uuid.Provider',
         :use_syslog          => true,
         :bind_host           => '10.0.0.1',

From 4d9a98be1ded2ac0234fbdc2b73d233a22afdd1c Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien.macchi@enovance.com>
Date: Thu, 27 Mar 2014 11:21:04 +0100
Subject: [PATCH 3/3] Keystone: Add token_driver param in cloud::identity

Allow the end-user to use another backend (memcache) but let SQL by
default.

Bug #379
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
---
 manifests/identity.pp               | 6 ++++++
 spec/classes/cloud_identity_spec.rb | 1 +
 2 files changed, 7 insertions(+)

diff --git a/manifests/identity.pp b/manifests/identity.pp
index 8d03913c..113151bb 100644
--- a/manifests/identity.pp
+++ b/manifests/identity.pp
@@ -319,6 +319,10 @@
 #   (optional) Syslog facility to receive log lines
 #   Defaults value in params
 #
+# [*token_driver*]
+#   (optional) Driver to store tokens
+#   Defaults to 'keystone.token.backends.sql.Token'
+#
 # [*token_expiration*]
 #   (optional) Amount of time a token should remain valid (in seconds)
 #   Defaults value in params
@@ -392,6 +396,7 @@ class cloud::identity (
   $debug                        = $os_params::debug,
   $log_facility                 = $os_params::log_facility,
   $use_syslog                   = $os_params::use_syslog,
+  $token_driver                 = 'keystone.token.backends.sql.Token',
   $ks_token_expiration          = $os_params::ks_token_expiration,
 ){
 
@@ -424,6 +429,7 @@ class cloud::identity (
     log_dir          => $log_dir,
     public_port      => $ks_keystone_public_port,
     admin_port       => $ks_keystone_admin_port,
+    token_driver     => $token_driver,
     token_expiration => $ks_token_expiration
   }
 
diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb
index d152c662..b5eb19bc 100644
--- a/spec/classes/cloud_identity_spec.rb
+++ b/spec/classes/cloud_identity_spec.rb
@@ -88,6 +88,7 @@ describe 'cloud::identity' do
         :debug                        => true,
         :log_facility                 => 'LOG_LOCAL0',
         :use_syslog                   => true,
+        :token_driver                 => 'keystone.token.backends.sql.Token',
         :ks_token_expiration          => '3600',
         :api_eth                      => '10.0.0.1' }
     end