Reliably Deploying Rails Applications: Hassle free provisioning, reliable deployment (2014)
12.0 - Memcached
Overview
Of all the system components covered in this book, Memcached is by far the simplest to install and maintain. This chapter will be correspondingly brief. We’ll cover installation, a single configuration option and a very simple Monit profile and then we’re done.
Installation
The memcached-server role simply includes the memcached-tlq and monit_configs-tlq::memcached recipes.
The memcached-tlq recipe installs the memcached package from the standard Ubuntu package repository and creates a config file which sets the following options:
1 # run as a daemon (in the background)
2 -d
3
4 # Log memcached's output to /var/log/memcached
5 logfile /var/log/memcached.log
6
7 # Start with a cap of 64 megs of memory.
8 # Note that the daemon will grow to this size but does not
9 start out holding this much memory
10 -m 64
11
12 # Default connection port is 11211
13 -p 11211
14
15 # Run the daemon as root. The start-memcached
16 # will default to running as root if not specified here
17 -u memcache
18
19 # This should only be excluded using the dont_bind
20 # attribute if memcached is suitably
21 # firewalled
22 #
23 <% unless node['memcached'] && node['memcached']['dont_bind'] %>
24 -l 127.0.0.1
25 <% end %>
As you can see the final option is similar to that of Redis in the previous chapter. If the dont_bind attribute is set to true in the node definition like follows:
1 "memcached": {
2 "dont_bind" : true
3 }
Then Memcached will accept connections from any IP addresses, otherwise it will only accept connections from 127.0.0.1 (localhost).
Security
Like Redis, Memcached is entirely unauthenticated. As above it can operate either bound to (only accept connections from) localhost or unbound (accept connections from anywhere).
Therefore when running in unbound mode, it’s essential that the Firewall is carefully configured to only allow trusted machines to access the Memcached port (11211 by default).
Monit
monit_configs-tlq::memcached includes the following simple configuration for monitoring Memcached:
1 check process memcached
2 with pidfile /var/run/memcached.pid
3 group memcache
4 start program = "/etc/init.d/memcached start"
5 stop program = "/etc/init.d/memcached stop"
6 if failed host 127.0.0.1 port 11211 protocol memcache then restart
7 if 3 restarts within 6 cycles then timeout
This checks both that the process exists and whether port 11211 on localhost is responding to the memcache protocol.
Bear in mind that if the Memcached port is changed, the Monit configuration will need updating accordingly.