Starting from the Q4‘18 MCP release, to reduce the attack surface and increase the product security, Memcached on the controller nodes listens on TCP only. The UDP port for Memcached is disabled by default. This section explains how to disable the UDP listeners for the existing OpenStack environments deployed on top of the earlier MCP versions.
To disable the Memcached listener on the UDP port:
Log in to the Salt Master node.
Update your Reclass metadata model.
Verify the memcached:server
pillar:
salt ctl01* pillar.get memcached:server
The memcached:server:bind:proto
pillar should be available after
update of the Reclass metadata model and set to False
for
proto:udp:enabled
for all Memcached server instances.
Example of system response:
-- start output --
----------
bind:
----------
address:
0.0.0.0
port:
11211
proto:
----------
tcp:
----------
enabled:
True
udp:
----------
enabled:
False
protocol:
tcp
enabled:
True
maxconn:
8192
-- end output --
Run the memcached.server state to apply the changes to all memcached instances:
salt -C 'I@memcached:server' state.sls memcached.server