> This is a critical issue for production deployments - if you add controller you do not expect interruption of service. We need to fix keys storing algorithm and we cannot wait for Fernet tokens.
The way you work with keystone tokens is wrong. You should not assume any time of token validity. The code should assume that the token can become invalid at any time and be ready to fetch a new one. There are many events that can lead to invalidation of token: node failure, token or user credentials compromisation, user role changes, project changes etc. Adding a controller node is just one of these events.
There is no way to "fix key storing algorithm" without rewriting python-memcache. Even if we exert ourselves and rewrite python-memcache, I don't think it's OK to include such a huge change during code freeze.
> This is a critical issue for production deployments - if you add controller you do not expect interruption of service. We need to fix keys storing algorithm and we cannot wait for Fernet tokens.
The way you work with keystone tokens is wrong. You should not assume any time of token validity. The code should assume that the token can become invalid at any time and be ready to fetch a new one. There are many events that can lead to invalidation of token: node failure, token or user credentials compromisation, user role changes, project changes etc. Adding a controller node is just one of these events.
There is no way to "fix key storing algorithm" without rewriting python-memcache. Even if we exert ourselves and rewrite python-memcache, I don't think it's OK to include such a huge change during code freeze.