OpenStack Compute (nova)

Can nova/glance cache the keystone token or not?

Asked by yang, yuxing

as we know that nova uses keystone to authenticate user, but can nova/glance cache the keystone token, or verify with keystone every time?

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Jesse Andrews (anotherjesse) said : 		#1

The validation middleware says it supports caching:

  https://github.com/openstack/keystone/blob/master/examples/paste/auth_token.ini#L21

By adding to the paste config:

  memcache_hosts = 127.0.0.1:11211

(this would be the paste configs for the services - nova/glance/swift/...)

I've not tested it though

Revision history for this message
yang, yuxing (yuxing-yang) said : 		#2

Thank you for your answer.
I think your comment is for keystone memcache, what I want to figure out is when keystone authenticate once, nova will cache the token or something which can prove keystone has already authenticated, next time when user ask for nova resouce , it doesn't need to sent token to keystone authenticate again. do you have any experience about this?

Revision history for this message
Jesse Andrews (anotherjesse) said : 		#3

I'm pretty sure that the config I linked was for the auth_token config (notice the ini was for auth_token).

You can also read the middleware we use in nova/glance/... in auth_token.py

  https://github.com/openstack/keystone/blob/master/keystone/middleware/auth_token.py

And see that it does have code to use memcache and uses the config entry memcache_hosts.

I've not used it but I've read the code before.

Best of luck

Can you help with this problem?

Provide an answer of your own, or ask yang, yuxing for more information if necessary.

To post a message you must log in.