Disable memcached's cachedump

To prevent users walking the memcached keys, Add "-X" to memcached in both containerized and puppet memcached overcloud services. Change-Id: I50eefdbdf7a7911f2ba6a7f3b4e739b8e67a7c1c Partial-Bug: #1738835
2017-12-12 14:59:37 +00:00 · 2017-12-12 14:59:37 +00:00 · 317ed3194e
parent edd5c0c2ba
commit 317ed3194e
2 changed files with 2 additions and 1 deletions
--- a/docker/services/memcached.yaml
+++ b/docker/services/memcached.yaml
@ -101,7 +101,7 @@ outputs:
            # will be removed from the $OPTIONS, which is done via the puppet
            # module, but we'll only be able to do this once the following pull
            # request merges: https://github.com/saz/puppet-memcached/pull/88
-            command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS >> /var/log/memcached.log 2>&1']
+            command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} -X $OPTIONS >> /var/log/memcached.log 2>&1']
      host_prep_tasks:
        - name: create persistent logs directory
          file:
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@ -79,6 +79,7 @@ outputs:
                - service_debug
                - 'v'
                - ''
+        memcached::disable_cachedump: true
        tripleo.memcached.firewall_rules:
          '121 memcached':
            dport: 11211