Reviewed: https://review.openstack.org/326234 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=9c89e07b11afa2e12c97d0af514ce5fcc04e2ac3 Submitter: Jenkins Branch: master
commit 9c89e07b11afa2e12c97d0af514ce5fcc04e2ac3 Author: Henry Nash <[email protected]> Date: Tue Jun 7 06:34:21 2016 +0100 Revert to caching fernet tokens the same way we do UUID In Liberty we used to cache the whole token at the provider manager validate token call. However, in Mitaka we changed this, for non-persistent tokens (e.g. fernet), to instead attempt to cache the individual components that make up the token. This change caused validating a fernet token to become 5 times slower than the same operation in Liberty (as well as UUID in both releases). This patches re-instates full-token caching for fernet. This should be considered somewhat of a bandaid to redress the performance degredation, while we work to restructure our token issuance and validation to simplify the multiple code paths. In terms of invalidation of such a cache, this change effectively reverts to the Liberty approach where anything logged to the revokation manager will still cause validaiton of the token to fail (this is checked for all token types). However, the alternate (and confusingly additonal) "direct" invalidation of the cache via the pesistance manager will, like in Liberty, not have any effect with cached fernet tokens. As far as I can tell, all situations where we currently want a token revoked will send this information to both the revoke and persistance managers, hence this change should not result in any tokens remaining valid when they shouldn't. Closes-Bug: #1590179 Change-Id: I80371746735edac075eec9986e89b54b66bc47cb ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1590179 Title: fernet memcache performance regression Status in OpenStack Identity (keystone): Fix Released Bug description: Fernet token validation performance got worse in mitaka vs in liberty. This is because it's not using memcache to cache the token anymore. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1590179/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
