Because RHEL won't update quick enough, cloning to OSP for our version until RHEL picks this up. +++ This bug was initially created as a clone of Bug #1263696 +++ Description of problem: Currently memcached in base is not build with SASL support preventing to secure the memcached instance. Version-Release number of selected component (if applicable): memcached-1.4.15-9.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Spawn a C7 node 2. yum install memcached 3. vi /etc/sysconfig/memcached (add '-S' in OPTIONS="") 4. start memcached Actual results: Service fails to start with error message : memcached[18804]: This server is not built with SASL support. Expected results: Service should start manually Additional info: --- Additional comment from Lars Kellogg-Stedman on 2015-09-16 09:18:40 EDT --- Should this be against RHEL rather than RDO? That's where the memcache package lives. --- Additional comment from Hugh Brock on 2016-02-03 12:11:57 EST --- We'll need this package rebuilt for secure memcached support in RHELOSP 8.
There are a number of potential worries about implementing SASL support in memcached: a) The python-memcached client does not appear to support SASL, so any python application using it will not benefit from running memcached with SASL turned on b) The python-binary-memcached client is not part of RHEL OSP c) Clients written to the python-memcached APIs may not work with python-binary-memcached. While several APIs match up fairly well, several do not. At a quick glance, this may affect at minimum: openstack-heat (openstack-heat-common) openstack-keystone (python-keystone) openstack-nova (python-nova)
Also openstack-designate (python-designate)
The above clients all seem to use the standard python-memcache API, and do not appear to have SASL support.
It also appears that memcached when run with SASL enabled will not work with non-SASL clients.
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.