We have
1) Alexandr Makarov believed MOS uses "fernet" as token backend.
2) I see "uuid" provider (with "sql" driver) in "[token]" section in puppets.
3) Also "uuid|sql" are default values in keystone code (current master): https://github.com/openstack/keystone/blob/3456a9e8a8ecfb74d4bb814a625c19b161306b8f/keystone/common/config.py#L304-L315
4) Current "documentation" in keystone.conf says ("cache" section, "backend" setting): "It is recommended that Memcache with pooling (oslo_cache.memcache_pool) or Redis (dogpile.cache.redis) be used in production deployments".
5) Proposed fix is to change "cache/backend" (and all other occurrences of "memcache_pool") from "keystone.cache.memcache_pool" to "keystone.cache.memcache".
6) For fernet: Alexandr suggested to use "provider = keystone.token.providers.fernet.Provider" to prevent token reading attempts from memcache.
7) from chat conversation: "when they extracted memcache_pool from keystone to oslo they've forgotten the fix" - there may be an error in keystone/oslo refactoring process (as I guess)
I suggest for the first stage
a) find the real problem (I am not sure it is "puppet issue")
b) if it is puppet problem
b.1) fix puppet
b.2) fix docs (because I see conflict here)
c) if the problem is in code, but we can't solve it in the near future - we can temporary hack puppet
After that in stage 2 we can discuss fernet in fuel.
We have /github. com/openstack/ keystone/ blob/3456a9e8a8 ecfb74d4bb814a6 25c19b161306b8f /keystone/ common/ config. py#L304- L315 memcache_ pool) or Redis (dogpile. cache.redis) be used in production deployments". cache.memcache_ pool" to "keystone. cache.memcache" . token.providers .fernet. Provider" to prevent token reading attempts from memcache.
1) Alexandr Makarov believed MOS uses "fernet" as token backend.
2) I see "uuid" provider (with "sql" driver) in "[token]" section in puppets.
3) Also "uuid|sql" are default values in keystone code (current master): https:/
4) Current "documentation" in keystone.conf says ("cache" section, "backend" setting): "It is recommended that Memcache with pooling (oslo_cache.
5) Proposed fix is to change "cache/backend" (and all other occurrences of "memcache_pool") from "keystone.
6) For fernet: Alexandr suggested to use "provider = keystone.
7) from chat conversation: "when they extracted memcache_pool from keystone to oslo they've forgotten the fix" - there may be an error in keystone/oslo refactoring process (as I guess)
I suggest for the first stage
a) find the real problem (I am not sure it is "puppet issue")
b) if it is puppet problem
b.1) fix puppet
b.2) fix docs (because I see conflict here)
c) if the problem is in code, but we can't solve it in the near future - we can temporary hack puppet
After that in stage 2 we can discuss fernet in fuel.
Colleagues, your thoughts?