diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index 9a6434755192aa8a5e044540422a83f677c597ac..d4a31dfe71a0bde66408a37f0d15dac70bacea42 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -56,6 +56,11 @@ project_name = service
username = {{ cinder_keystone_user }}
password = {{ cinder_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2
index 2955137cbcc5516a965251b966883fdde4d22e96..9fc2026a394fcf9415bf6df41389707a43ea095d 100644
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@@ -29,6 +29,11 @@ project_name = service
username = {{ glance_keystone_user }}
password = {{ glance_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[paste_deploy]
flavor = keystone
diff --git a/ansible/roles/glance/templates/glance-registry.conf.j2 b/ansible/roles/glance/templates/glance-registry.conf.j2
index 3d0d2f4e3dc4a50e1f0076f633ad6809db01afe6..a7f8f6dda9b7b5abad59f5fbd81f4d687bc7ad99 100644
--- a/ansible/roles/glance/templates/glance-registry.conf.j2
+++ b/ansible/roles/glance/templates/glance-registry.conf.j2
@@ -21,6 +21,11 @@ project_name = service
username = {{ glance_keystone_user }}
password = {{ glance_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[paste_deploy]
flavor = keystone
diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index 8fd20fdfd33e5e7a52b024b8407b48512474f223..cb521b2a6ebd76e1317dd4efb2d662d652f624bd 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -47,6 +47,17 @@ project_name = service
username = {{ heat_keystone_user }}
password = {{ heat_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
+[cache]
+backend = oslo_cache.memcache_pool
+enabled = True
+memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[trustee]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 5ae13730f553cb3af59787b9a78773f692de9458..f19769d54a61253d5bbb60dea06635c8374ac4ec 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -40,6 +40,11 @@ project_name = service
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[glance]
glance_host = {{ kolla_internal_fqdn }}
diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2
index 83e2e2a02482ddb7faf82400c37e1d5133edf28c..ac414b99e71a64f7d8c32ee5a0fdc5ad312d4bd6 100644
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@@ -8,3 +8,9 @@ secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
[database]
connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
+
+[cache]
+backend = oslo_cache.memcache_pool
+enabled = True
+memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 047353d55ba1b2733172572bd87cc70550959780..b147df0dc3f8fda5e757ea4e66796f2d292e4d87 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -35,6 +35,11 @@ project_name = service
username = {{ magnum_keystone_user }}
password = {{ magnum_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[oslo_concurrency]
lock_path = /var/lib/magnum/tmp
diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2
index f1f2062161466ba2d52a65762947f3ea1552c0c1..ab4013980de793eaa3369b90d9c8f25e131b3b18 100644
--- a/ansible/roles/manila/templates/manila.conf.j2
+++ b/ansible/roles/manila/templates/manila.conf.j2
@@ -99,3 +99,8 @@ user_domain_id = default
project_name = service
username = {{ manila_keystone_user }}
password = {{ manila_keystone_password }}
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2
index 52456733c78c28c1f30584f3b3e1344acde14fd6..f5f2be5cba048df6c88fc8650d11b33c64bcc585 100644
--- a/ansible/roles/mistral/templates/mistral.conf.j2
+++ b/ansible/roles/mistral/templates/mistral.conf.j2
@@ -25,6 +25,11 @@ project_name = service
username = {{ mistral_keystone_user }}
password = {{ mistral_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[mistral]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ mistral_api_port }}
diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2
index a48dea30edc539089b46a9c4cd9cc8d9b784ce2f..b4bf592f97650f13b43c215b05d559399b510ec4 100644
--- a/ansible/roles/murano/templates/murano.conf.j2
+++ b/ansible/roles/murano/templates/murano.conf.j2
@@ -21,6 +21,11 @@ project_name = service
username = {{ murano_keystone_user }}
password = {{ murano_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[murano]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index ef426a32f5854d23af3f19747c0c16dbfbb98528..202367d6bcadf5c54a4d1736ec5b30cf3a5e6d21 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -69,5 +69,10 @@ project_name = service
username = {{ neutron_keystone_user }}
password = {{ neutron_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[oslo_messaging_notifications]
driver = noop
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 484e0bdbc2ae4f19a8c2fc5a8604b46ef08b2292..ceb875938de4e1c8b7dcc2a2dfaa0a5c79fb8295 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -21,7 +21,6 @@ metadata_listen_port = {{ nova_metadata_port }}
ec2_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
ec2_listen_port = {{ nova_api_ec2_port }}
-
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
@@ -50,9 +49,6 @@ compute_driver = fake.FakeDriver
compute_driver = libvirt.LibvirtDriver
{% endif %}
-memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
-
-
# Though my_ip is not used directly, lots of other variables use $my_ip
my_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
@@ -130,6 +126,12 @@ connection = mysql+pymysql://{{ nova_database_user }}:{{ nova_database_password
[api_database]
connection = mysql+pymysql://{{ nova_api_database_user }}:{{ nova_api_database_password }}@{{ nova_api_database_address }}/{{ nova_api_database_name }}
+[cache]
+backend = oslo_cache.memcache_pool
+enabled = True
+memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[keystone_authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -140,6 +142,11 @@ project_name = service
username = {{ nova_keystone_user }}
password = {{ nova_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[libvirt]
connection_uri = "qemu+tcp://{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}/system"
{% if enable_ceph | bool %}
diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2
index e6b9e5b89c7fe034ade5b66f8baa295b1c84c6b1..40fc02a97add71bf366e637da264982b1c924f6b 100644
--- a/ansible/roles/swift/templates/proxy-server.conf.j2
+++ b/ansible/roles/swift/templates/proxy-server.conf.j2
@@ -39,6 +39,11 @@ project_name = service
username = {{ swift_keystone_user }}
password = {{ swift_keystone_password }}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
diff --git a/ansible/site.yml b/ansible/site.yml
index f84e40b9d5e72cc608947b7ee407a1c3d251248e..c225c9452ea861cbbfbef5d91ec30a19dca97716 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -56,7 +56,9 @@
tags: rabbitmq,
when: enable_rabbitmq | bool }
-- hosts: keystone
+- hosts:
+ - keystone
+ - memcached
roles:
- { role: keystone,
tags: keystone,
@@ -68,6 +70,7 @@
- swift-object-server
- swift-proxy-server
- rabbitmq
+ - memcached
roles:
- { role: swift,
tags: swift,
@@ -78,6 +81,7 @@
- glance-api
- glance-registry
- rabbitmq
+ - memcached
roles:
- { role: glance,
tags: glance,
@@ -93,6 +97,7 @@
- nova-novncproxy
- nova-scheduler
- rabbitmq
+ - memcached
roles:
- { role: nova,
tags: nova,
@@ -106,6 +111,7 @@
- neutron-metadata-agent
- neutron-server
- rabbitmq
+ - memcached
roles:
- { role: neutron,
tags: neutron,
@@ -118,6 +124,7 @@
- cinder-scheduler
- cinder-volume
- rabbitmq
+ - memcached
roles:
- { role: cinder,
tags: cinder,
@@ -128,12 +135,15 @@
- heat-api-cfn
- heat-engine
- rabbitmq
+ - memcached
roles:
- { role: heat,
tags: heat,
when: enable_heat | bool }
-- hosts: horizon
+- hosts:
+ - horizon
+ - memcached
roles:
- { role: horizon,
tags: horizon,
@@ -143,6 +153,7 @@
- murano-api
- murano-engine
- rabbitmq
+ - memcached
roles:
- { role: murano,
tags: murano,
@@ -154,6 +165,7 @@
- ironic-inspector
- ironic-pxe
- rabbitmq
+ - memcached
roles:
- { role: ironic,
tags: ironic,
@@ -163,6 +175,7 @@
- magnum-api
- magnum-conductor
- rabbitmq
+ - memcached
roles:
- { role: magnum,
tags: magnum,
@@ -173,6 +186,7 @@
- mistral-engine
- mistral-executor
- rabbitmq
+ - memcached
roles:
- { role: mistral,
tags: mistral,
@@ -190,6 +204,7 @@
- manila-share
- manila-scheduler
- rabbitmq
+ - memcached
roles:
- { role: manila,
tags: manila,
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index deed018da90a42e837743b63fb3cf032de7ddef0..626a7ae4292432ff97c3e63caaf24bce333537a3 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -67,6 +67,7 @@ horizon_secret_key: "password"
manila_database_password: "password"
manila_keystone_password: "password"
+memcache_secret_key: "password"
####################
# Manila options