From 37b3c8c35454a1076b3fbe32502264be71fd6e0d Mon Sep 17 00:00:00 2001
From: Ken Wronkiewicz <>
Date: Fri, 10 Jun 2016 16:51:19 -0700
Subject: [PATCH] Keystone interface address and memcached override

Note: This should not result in any behavior changes in regular Kolla,
just Kolla-Kubernetes and only when you've overridden stuff in globals.yml

Allows override of interface address and memcached pools, so that
Kubernetes can do the right thing.

There are some significant architectural issues involved in
memcached pooling in the Kolla-kubernetes world.  Avoiding them right

Current working Kolla-Kubernetes globals.yml file, assuming that your
memcached servers are available under the DNS alias "memcached":

api_interface_address: ""

memcached_servers: "memcached"

keystone_database_address: "mariadb"
keystone_admin_url: "{{ admin_protocol }}://keystone-admin:{{ keystone_admin_port }}/v3"
keystone_internal_url: "{{ internal_protocol }}://keystone-public:{{ keystone_public_port }}/v3"
keystone_public_url: "{{ public_protocol }}://keystone-public:{{ keystone_public_port }}/v3"

Co-authored-by: Ryan Hallisey <>
Change-Id: I5126f81da7b4d48001b87f73d58bbbfad658209c
Partially-implements: blueprint api-interface-bind-address-override
 ansible/roles/keystone/templates/keystone.conf.j2      | 10 ++++++++++
 ansible/roles/keystone/templates/wsgi-keystone.conf.j2 |  4 ++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2
index f5c9054deb..6e8bbf4507 100644
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@@ -19,4 +19,14 @@ domain_config_dir = /etc/keystone/domains
 backend = oslo_cache.memcache_pool
 enabled = True
+{# For Kolla-Ansible, generate the memcache servers based on the list of
+memcached servers in the inventory and memcached_servers should be un-set.
+For Kolla-Kubernetes,  it is necessary to define the memcached_servers
+variable in globals.yml to set it to the Kubernetes service for memcached. #}
+{% if orchestration_engine == 'KUBERNETES' %}
+memcache_servers = {{ memcached_servers }}
+{% else %}
 memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+{%- endif %}
diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
index 6389c7330b..e1bb125dc6 100644
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -1,7 +1,7 @@
 {% set keystone_log_dir = '/var/log/kolla/keystone' %}
 {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
-Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ keystone_public_port }}
-Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ keystone_admin_port }}
+Listen {{ api_interface_address }}:{{ keystone_public_port }}
+Listen {{ api_interface_address }}:{{ keystone_admin_port }}
 <VirtualHost *:{{ keystone_public_port }}>
     WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}