Last modified: 2014-01-07 05:49:07 UTC
Keystone doesn't actually have a redis driver for tokens. It only has some caching code for redis. We need a full driver so that we can replicate tokens across datacenters.
All functions listed as unimplemented in <https://github.com/openstack/keystone/blob/stable/havana/keystone/token/core.py#L194> must be implemented, except for flush_expired_tokens, which can do nothing, assuming expiration values are properly entered for tokens being added to redis.
For Folsom we can use this <https://github.com/icgood/keystone-redis> and can likely modify it for Havana.
So, I've made a fork of <https://github.com/icgood/keystone-redis> at <https://github.com/ryan-lane/keystone-redis>. The fork removes the requirement for python-redis-multiwrite which has a requirement of a much newer version of python-redis and also made the fork itself compatible with the precise version of python-redis. I've also added redis password support to it. I have the changes in labs, but not yet in the fork. It's still a work in progress. When I have it tested and ready I'll push in the changes, make a debian, push it into the repo and deploy it.
I've added it to the repo and added puppet config for this.