Red Hat Bugzilla – Bug 1304473
Memcached not built with SASL support
Last modified: 2016-04-18 03:13:21 EDT
Because RHEL won't update quick enough, cloning to OSP for our version until RHEL picks this up.
+++ This bug was initially created as a clone of Bug #1263696 +++
Description of problem:
Currently memcached in base is not build with SASL support preventing to secure the memcached instance.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Spawn a C7 node
2. yum install memcached
3. vi /etc/sysconfig/memcached (add '-S' in OPTIONS="")
4. start memcached
Service fails to start with error message :
memcached: This server is not built with SASL support.
Service should start manually
--- Additional comment from Lars Kellogg-Stedman on 2015-09-16 09:18:40 EDT ---
Should this be against RHEL rather than RDO? That's where the memcache package lives.
--- Additional comment from Hugh Brock on 2016-02-03 12:11:57 EST ---
We'll need this package rebuilt for secure memcached support in RHELOSP 8.
There are a number of potential worries about implementing SASL support in memcached:
a) The python-memcached client does not appear to support SASL, so
any python application using it will not benefit from running
memcached with SASL turned on
b) The python-binary-memcached client is not part of RHEL OSP
c) Clients written to the python-memcached APIs may not work with
python-binary-memcached. While several APIs match up fairly well,
several do not.
At a quick glance, this may affect at minimum:
Also openstack-designate (python-designate)
The above clients all seem to use the standard python-memcache API, and do not appear to have SASL support.
It also appears that memcached when run with SASL enabled will not work with non-SASL clients.
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.