Memcached with tls doesn't have a notls port open #203
Comments
|
Since Horizon switched the memcached library in use (https://review.opendev.org/c/openstack/horizon/+/891828) it should support TLS for memcached. We might need to adjust the settings to use the correct certs. |
|
tls memcached for horizon works for me when using latest operator version which includes openstack-k8s-operators/horizon-operator#311 . the latest openstack-operator right now does not have it. need to wait for the service operator bump to be landed |
|
closing this issue. it was addressed in #212 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Most openstack services don't support tls because keystonemiddleware doesn't support TLS (it has it's own encryption), also, horizon doesn't support TLS and fails when TLS is enabled
The way memcached currently runs with TLS enabled:
/usr/bin/memcached -p 11211 -u memcached -m 9932 -c 8192 -Z -o ssl_chain_cert=/etc/pki/tls/certs/memcached.crt -o ssl_key=/etc/pki/tls/private/memcached.key -o ssl_ca_cert=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem -vvThe way it runs in TripleO:
/usr/bin/memcached -p 11212 -u memcached -m 9871 -c 8192 -vv -l 127.0.0.1,192.168.122.100,notls:192.168.122.100:11211,notls:127.0.0.1:11211 -U 0 -X -t 8 -Z -o ssl_chain_cert=/etc/pki/tls/certs/memcached.crt -o ssl_key=/etc/pki/tls/private/memcached.key -o ssl_verify_mode=1The text was updated successfully, but these errors were encountered: