All templates for Gentoo, SUSE are removed. An old pre-systemd
template for debian/ubuntu is removed. And memcached.conf template
for redhat is renamed for consistency.
Change-Id: I1ac948e0244a5eb1036049bba970cfaf8cba3f8e
Keystone is experiencing memecached timeouts during tempest tests in
CI, and the memcached log is in excess of 20Mbytes. There will be a lot
of write pressure on this log during tempest tests and this patch reduces
the debug log level in an attempt to increase test reliability.
Change-Id: I7db0eb361fc6f09ce64690be2018bf8ed8204e0c
https://access.redhat.com/security/cve/cve-2018-1000115
Restrict Memcached to only work on TCP.
The configuration only binds memcached on localhost but in case it
changes, we'll prevent DDoS amplification attacks.
Change-Id: Ifc16c8a3229f5fc0f3651e714627b526e4338cfe
Closes-Bug: #1755063
This change cleans up the role a little bit making it more consistent.
A new configuration file has been added which will further isolate
our services using a named cgroup; this is similar to what we already do in
our openstack services. By further isolating the service from the system
we get quite a bit more control and accountability.
Change-Id: I02a84a2560853473c986ad0db26874341a23fc82
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch ensures that systemd will restart memcached in case of
failure or if the process is manually killed.
Closes-Bug: 1659954
Change-Id: I6782320bf429cde17dff00401e7f136cfc979cee
This patch adds the `memcached_disable_privatedevices` variable that
allows deployers to disable PrivateDevices in the systemd unit file.
This is a workaround to fix the systemd/LXC issues with bind
mounting an already bind mounted `/dev/ptmx` inside the LXC
container.
See Launchpad bug, lxc/lxc#1623, or systemd/systemd#6121 for more
details.
The is_metal variable is removed as it is unused.
Related-bug: 1697531
Change-Id: Id7c148bf901354a3dfc2f189ec659f2b92fc7985
This change lowers the default log level for memcached. currently with the
setting at -vv we're noticing a large spike in logs generated which could
fill up block devices on high traffic systems.
Change-Id: I3378f4cce3a082060f4b202034b48975040a79fe
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit updates the memcached_server role to work on Trusty,
Xenial, and CentOS 7.
NOTES:
1. This role no longer creates the memcache user since both Ubuntu and
CentOS already install a suitable user
2. We have temporarily disabled testing of the log file since CentOS and
Xenial do not log to file
3. On Ubuntu we drop ulimits into /etc/defaults/memcached, we need to
figure out how to do the equivalent on CentOS
4. We update tasks/memcached_config.yml to use the correct memcached
user in limits.conf, however neither these limits or the ones in
templates/memcached.debian.j2 actually seem to be taking effect.
More work in an additional review will need to be done to clean this
all up.
Implements: blueprint multi-platform-host
Change-Id: I4c32f3d60939615c5d0c6fb202e96aacb35ab9b4
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Debug logging enabled by using the `debug` variable should
be sufficient for troubleshooting purposes.
The default logging level has increased from -v to -vv
Change-Id: Iad6785f1b445703fcfd84a5582ca81849d70ceed
- Moved to the right folder to get it accessed on bare metal
when containerized
- Making it work for rsyslog and logrotation's existing
roles
- Changed the gate tests to reflect path change
Closes-Bug: #1569171
Change-Id: I3a1c2f50ab63b55b39318ba40c0921f6b738cafb