diff --git a/group_vars/memcached.yml b/group_vars/memcached.yml
index 80bf5e39b4..f6e861f079 100644
--- a/group_vars/memcached.yml
+++ b/group_vars/memcached.yml
@@ -17,3 +17,7 @@ memcached_listen: "{{ ansible_host }}"
 
 # Ensure that the package state matches the global setting
 memcached_package_state: "{{ package_state }}"
+
+# Disable PrivateDevices for MemcacheD on CentOS 7
+# See https://bugs.launchpad.net/openstack-ansible/+bug/1697531 for details.
+memcached_disable_privatedevices: "{{ ((properties.is_metal | default(false)) | bool) | ternary('false', 'true') }}"
diff --git a/releasenotes/notes/centos-memcached-privatedevices-d3be3acb19ed71d6.yaml b/releasenotes/notes/centos-memcached-privatedevices-d3be3acb19ed71d6.yaml
new file mode 100644
index 0000000000..254f1edd3e
--- /dev/null
+++ b/releasenotes/notes/centos-memcached-privatedevices-d3be3acb19ed71d6.yaml
@@ -0,0 +1,14 @@
+---
+issues:
+  - |
+    OpenStack-Ansible sets a new variable, `memcached_disable_privatedevices`,
+    that controls whether the `PrivateDevices` configuration in MemcacheD's
+    systemd unit file is enabled.
+
+    If the `memcached_server` role is deployed on a bare metal host, the
+    default is maintained (`PrivateDevices=true`). If the role is deployed
+    within a container, the `PrivateDevices` configuration is set to `true`
+    to work around a systemd bug with a bind mounted `/dev/ptmx`.
+
+    See `Launchpad Bug 1697531 <https://bugs.launchpad.net/openstack-ansible/+bug/1697531>`_
+    for more details.