Memcached - Reliably Deploying Rails Applications: Hassle free provisioning, reliable deployment (2014)

Reliably Deploying Rails Applications: Hassle free provisioning, reliable deployment (2014)

12.0 - Memcached

Overview

Of all the system components covered in this book, Memcached is by far the simplest to install and maintain. This chapter will be correspondingly brief. We’ll cover installation, a single configuration option and a very simple Monit profile and then we’re done.

Installation

The memcached-server role simply includes the memcached-tlq and monit_configs-tlq::memcached recipes.

The memcached-tlq recipe installs the memcached package from the standard Ubuntu package repository and creates a config file which sets the following options:

1 # run as a daemon (in the background)

2 -d

3

4 # Log memcached's output to /var/log/memcached

5 logfile /var/log/memcached.log

6

7 # Start with a cap of 64 megs of memory.

8 # Note that the daemon will grow to this size but does not

9 start out holding this much memory

10 -m 64

11

12 # Default connection port is 11211

13 -p 11211

14

15 # Run the daemon as root. The start-memcached

16 # will default to running as root if not specified here

17 -u memcache

18

19 # This should only be excluded using the dont_bind

20 # attribute if memcached is suitably

21 # firewalled

22 #

23 <% unless node['memcached'] && node['memcached']['dont_bind'] %>

24 -l 127.0.0.1

25 <% end %>

As you can see the final option is similar to that of Redis in the previous chapter. If the dont_bind attribute is set to true in the node definition like follows:

1 "memcached": {

2 "dont_bind" : true

3 }

Then Memcached will accept connections from any IP addresses, otherwise it will only accept connections from 127.0.0.1 (localhost).

Security

Like Redis, Memcached is entirely unauthenticated. As above it can operate either bound to (only accept connections from) localhost or unbound (accept connections from anywhere).

Therefore when running in unbound mode, it’s essential that the Firewall is carefully configured to only allow trusted machines to access the Memcached port (11211 by default).

Monit

monit_configs-tlq::memcached includes the following simple configuration for monitoring Memcached:

1 check process memcached

2 with pidfile /var/run/memcached.pid

3 group memcache

4 start program = "/etc/init.d/memcached start"

5 stop program = "/etc/init.d/memcached stop"

6 if failed host 127.0.0.1 port 11211 protocol memcache then restart

7 if 3 restarts within 6 cycles then timeout

This checks both that the process exists and whether port 11211 on localhost is responding to the memcache protocol.

Bear in mind that if the Memcached port is changed, the Monit configuration will need updating accordingly.