Bug 1304473 - Memcached not built with SASL support
Memcached not built with SASL support
Product: Red Hat OpenStack
Classification: Red Hat
Component: memcached (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
unspecified Severity unspecified
: z4
: 7.0 (Kilo)
Assigned To: Lon Hohberger
: ZStream
Depends On: 1263696
Blocks: 1252087 1304493
  Show dependency treegraph
Reported: 2016-02-03 12:59 EST by Mike Burns
Modified: 2016-04-18 03:13 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1263696
: 1304493 (view as bug list)
Last Closed: 2016-02-03 17:06:00 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mike Burns 2016-02-03 12:59:00 EST
Because RHEL won't update quick enough, cloning to OSP for our version until RHEL picks this up.

+++ This bug was initially created as a clone of Bug #1263696 +++

Description of problem:

Currently memcached in base is not build with SASL support preventing to secure the memcached instance.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Spawn a C7 node
2. yum install memcached
3. vi /etc/sysconfig/memcached (add '-S' in OPTIONS="")
4. start memcached 

Actual results:

Service fails to start with error message :

memcached[18804]: This server is not built with SASL support.

Expected results:

Service should start manually

Additional info:

--- Additional comment from Lars Kellogg-Stedman on 2015-09-16 09:18:40 EDT ---

Should this be against RHEL rather than RDO?  That's where the memcache package lives.

--- Additional comment from Hugh Brock on 2016-02-03 12:11:57 EST ---

We'll need this package rebuilt for secure memcached support in RHELOSP 8.
Comment 3 Lon Hohberger 2016-02-03 16:37:02 EST
There are a number of potential worries about implementing SASL support in memcached:

a) The python-memcached client does not appear to support SASL, so
   any python application using it will not benefit from running
   memcached with SASL turned on

b) The python-binary-memcached client is not part of RHEL OSP
c) Clients written to the python-memcached APIs may not work with
   python-binary-memcached.  While several APIs match up fairly well,
   several do not.

   At a quick glance, this may affect at minimum:
     openstack-heat (openstack-heat-common)
     openstack-keystone (python-keystone)
     openstack-nova (python-nova)
Comment 4 Lon Hohberger 2016-02-03 16:38:40 EST
Also openstack-designate (python-designate)
Comment 5 Lon Hohberger 2016-02-03 16:54:56 EST
The above clients all seem to use the standard python-memcache API, and do not appear to have SASL support.
Comment 6 Lon Hohberger 2016-02-03 16:57:11 EST
It also appears that memcached when run with SASL enabled will not work with non-SASL clients.
Comment 7 RHEL Product and Program Management 2016-02-03 17:06:00 EST
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.

Note You need to log in before you can comment on or make changes to this bug.