Commit Graph

16 Commits

Author SHA1 Message Date
Erik Berg a0f9fc677f Remove templates to unsupported operating systems
All templates for Gentoo, SUSE are removed. An old pre-systemd
template for debian/ubuntu is removed. And memcached.conf template
for redhat is renamed for consistency.

Change-Id: I1ac948e0244a5eb1036049bba970cfaf8cba3f8e
2021-03-22 10:07:01 +01:00
Jonathan Rosser 5080c42f0a Reduce verbosity level when debug is true
Keystone is experiencing memecached timeouts during tempest tests in
CI, and the memcached log is in excess of 20Mbytes. There will be a lot
of write pressure on this log during tempest tests and this patch reduces
the debug log level in an attempt to increase test reliability.

Change-Id: I7db0eb361fc6f09ce64690be2018bf8ed8204e0c
2020-06-16 21:53:33 +01:00
Dmitriy Rabotyagov 141db60ee6 Use systemd-journald instead of log files
This patch aims to migrate service from usage of regular syslog files
to journald.

Change-Id: I9ee285aeae85ccf6827a652dcd4ff06958141615
2019-07-22 16:40:36 +03:00
Matthew Thode b6bf3784e4
add gentoo support to memcached role
Change-Id: I987abf6fc161f09312fbef984552313989ef3c31
2019-01-24 19:11:12 -06:00
Jean-Philippe Evrard e7ffc8c09f Fix CVE-2018-1000115 for other distros
We must restrict memcached to TCP.
Done for redhat but not SUSE/ubuntu

Change-Id: Ib4520b15fa660b77212dfc91bdb0f27590d30128
2018-03-28 14:07:33 +00:00
ZhongShengping 60adcff1ea [CVE-2018-1000115] memcached: restrict to TCP
https://access.redhat.com/security/cve/cve-2018-1000115

Restrict Memcached to only work on TCP.
The configuration only binds memcached on localhost but in case it
changes, we'll prevent DDoS amplification attacks.

Change-Id: Ifc16c8a3229f5fc0f3651e714627b526e4338cfe
Closes-Bug: #1755063
2018-03-12 09:51:36 +08:00
Andreas Jaeger 426a4f5f0d
Clean up the role and further isolate the service
This change cleans up the role a little bit making it more consistent.

A new configuration file has been added which will further isolate
our services using a named cgroup; this is similar to what we already do in
our openstack services. By further isolating the service from the system
we get quite a bit more control and accountability.

Change-Id: I02a84a2560853473c986ad0db26874341a23fc82
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2017-11-29 20:37:56 -06:00
Major Hayden 4ec27e6874
Add automatic restart for memcached
This patch ensures that systemd will restart memcached in case of
failure or if the process is manually killed.

Closes-Bug: 1659954
Change-Id: I6782320bf429cde17dff00401e7f136cfc979cee
2017-08-17 11:43:07 -05:00
Jesse Pretorius a9acd22e82 Disable PrivateDevices for MemcacheD on CentOS 7
This patch adds the `memcached_disable_privatedevices` variable that
allows deployers to disable PrivateDevices in the systemd unit file.

This is a workaround to fix the systemd/LXC issues with bind
mounting an already bind mounted `/dev/ptmx` inside the LXC
container.

See Launchpad bug, lxc/lxc#1623, or systemd/systemd#6121 for more
details.

The is_metal variable is removed as it is unused.

Related-bug: 1697531
Change-Id: Id7c148bf901354a3dfc2f189ec659f2b92fc7985
2017-06-15 11:56:18 +01:00
Markos Chandras 58e17aa13e Add SUSE support
Add support for SUSE based distributions

Change-Id: Ib57cceeb9af4d1d0232a20622ad6efdba4cc346d
2017-04-04 16:22:08 +01:00
Paulo Matias 04941492c3 Adjust file descriptor limit when systemd is used
Change-Id: I29629ba3c78a55ebd63e4f9710ba71b85c488279
Related-Bug: #1623164
2016-09-15 17:23:37 -03:00
Kevin Carter 88c6712439 Lower verbosity on memcached server
This change lowers the default log level for memcached. currently with the
setting at -vv we're noticing a large spike in logs generated which could
fill up block devices on high traffic systems.

Change-Id: I3378f4cce3a082060f4b202034b48975040a79fe
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-09-13 21:38:34 -05:00
Matt Thompson f0185d9d88 Updated role using the Multi-Distro framework
This commit updates the memcached_server role to work on Trusty,
Xenial, and CentOS 7.

NOTES:

1. This role no longer creates the memcache user since both Ubuntu and
   CentOS already install a suitable user
2. We have temporarily disabled testing of the log file since CentOS and
   Xenial do not log to file
3. On Ubuntu we drop ulimits into /etc/defaults/memcached, we need to
   figure out how to do the equivalent on CentOS
4. We update tasks/memcached_config.yml to use the correct memcached
   user in limits.conf, however neither these limits or the ones in
   templates/memcached.debian.j2 actually seem to be taking effect.
   More work in an additional review will need to be done to clean this
   all up.

Implements: blueprint multi-platform-host

Change-Id: I4c32f3d60939615c5d0c6fb202e96aacb35ab9b4
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-05-26 16:52:54 +01:00
Travis Truman c99d1debe9 Removing the `verbose` variable
Debug logging enabled by using the `debug` variable should
be sufficient for troubleshooting purposes.

The default logging level has increased from -v to -vv

Change-Id: Iad6785f1b445703fcfd84a5582ca81849d70ceed
2016-05-24 09:22:22 -04:00
Jean-Philippe Evrard 2d937511d6 Improved logging for memcached
- Moved to the right folder to get it accessed on bare metal
  when containerized
- Making it work for rsyslog and logrotation's existing
  roles
- Changed the gate tests to reflect path change

Closes-Bug: #1569171

Change-Id: I3a1c2f50ab63b55b39318ba40c0921f6b738cafb
2016-04-13 18:16:07 +01:00
Kevin Carter b818df54e2
first commit
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-12-09 09:24:22 -06:00