saz-memcached-8.2.00040755000175100001730000000000014434133340011125 5ustar00saz-memcached-8.2.0/CHANGELOG.md0100644000175100001730000000473714434133310013022 0ustar00# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [8.2.0] ### Added - Support puppet/systemd < 5.0.0 (#143) - Support puppetlabs/firewall < 6.0.0 ### Changed - Stop using deprecated Stdlib::Compat::Ip_address (#145) ### Removed - remove Debian 9 as supported OS ## [8.1.0] ### Added - Support for RedHat 9 and CentOS 9 ## [8.0.0] ### Changed - BREAKING CHANGE: switch from camptocamp/systemd to puppet/systemd - Improved tests - Load modern facts first (#138) - Make sure memcached logfile exists (#140) - Allow stdlib < 9.0.0 ### Fixed - Fix duplicate systemd daemon-reload execs (#137) ### Added - Added support for Debian 11 and Ubuntu 22.04 ## [7.0.0] ### Changed - BREAKING CHANGE: Testing for Puppet 5 has been dropped - Switched from Travis to Github Actions - Dependencies updated to support the newest releases ## [6.0.0] ### Added - Add listen parameter as successor for listen_ip (#127) ### Deprecated - listen_ip parameter is deprecated in favor of new listen parameter (#127) ### Changed - Use camptocamp/systemd v2.12.0 for tests, as newer versions might drop support for puppet 5 ### Removed - Dropped notls_listener_addr and notls_listener_port parameter in favor of listen_ip (#128) ## [5.0.0] ### Added - Add sasl support on RHEL derivatives (#122) - Add notls_listener_addr and notls_listener_port parameters (#124) ### Changed - BREAKING CHANGE: Disable UDP by default (#125) If you need UDP enabled, set `memcached::udp_port` to a non-zero value, e.g. 11211 ## [4.0.0] ### Added - Support management of multiple memcached instances (systemd required!) #120 - Add FreeBSD to list of supported operatingsystems ### Removed - Drop support for Puppet 4 (EOL) #116 ## [3.7.0] ### Added - Add support to set TLS parameters in /etc/sysconfig/memcached (#113) ### Fixed - Make ssl_ca_cert optional (#112) ## [3.6.0] ### Added - Add TLS support (#109) ## [3.5.0] ### Fixed - allow FreeBSD to set max memory (#104) ### Changed - Dependencies updated (#107) - Better FreeBSD tests ## [3.4.0] ### Fixed - factor should be a string or number, not boolean ### Added - Add Puppet 6 to travis checks ### Changed - Update Puppet version requirement to include version 6 (< 7.0.0) - Unpin firewall module in fixtures - Require puppetlabs_spec_helper >= 2.11.0 ### Removed - Drop Ruby 2.1 from travis checks saz-memcached-8.2.0/LICENSE0100644000175100001730000000122314434133310012201 0ustar00 Copyright 2011-2016 Steffen Zieger Copyright 2014-2016 Garrett Honeycutt Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. saz-memcached-8.2.0/README-DEVELOPER0100644000175100001730000000043214434133310013400 0ustar00In order to run tests: - puppet and facter must be installed and available in Ruby's LOADPATH - the latest revision of rspec-puppet must be installed - rake, and rspec2 must be install - the name of the module directory needs to be memcached to run all tests: rake spec saz-memcached-8.2.0/README.md0100644000175100001730000001030714434133310012456 0ustar00# memached module for Puppet [![Build Status](https://github.com/saz/puppet-memcached/workflows/CI/badge.svg)](https://github.com/saz/puppet-memcached/actions?query=workflow%3ACI) Manage memcached via Puppet ## Show some love If you find this module useful, send some bitcoins to 1Na3YFUmdxKxJLiuRXQYJU2kiNqA3KY2j9 ### Supported Puppet versions * Puppet >= 5 * Last version supporting Puppet 3: v3.0.2 ## How to use ``` Starting with version 3.0.0, memcached will be listening on 127.0.0.1 only. This should make setups more secure (e.g. if there are no firewall rules in place). To change this behavior, you need to set listen_ip to '0.0.0.0'. ``` ### Use roughly 90% of memory ```ruby class { 'memcached': } ``` ### Set a fixed memory limit in MB ```ruby class { 'memcached': max_memory => 2048 } ``` ### Use 12% of available memory ```ruby class { 'memcached': max_memory => '12%' } ``` ### Install multiple memcached instances the multiinstance support uses a systemd instance unit file. This will be placed at `/etc/systemd/system/memcached@.service`. It allows us to manage multiple instances via the same unit file. To start a simple instance, you only need to know the desired TCP port: ```puppet memcached::instance{'11222':} ``` that's it! It will bind to localhost and listen to TCP port 11222. You might want to tune the systemd limits, for example the number of file descriptors (LimitNOFILE) or the number of processes (LimitNPROC): ```puppet memcached::instance{'11222': limits => { 'LimitNOFILE' => 8192, 'LimitNPROC' => 16384, } } ``` All systemd limits are documented in the [systemd documentation](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Process%20Properties). Another usecase. Let's assume your name is Eric and you want to change the actual memcached parameters, for example to bind it to every interface: ```puppet memcached::instance{'11222': override_content => "[Service]\nEnvironment='LISTEN=-l 0.0.0.0'", } ``` Maybe Eric also wants to override the cache size (the unit is MB): ```puppet memcached::instance{'11222': override_content => "[Service]\nEnvironment=CACHESIZE=4096\n", } ``` last but not least, Eric might also want to override the maximum amount of connections (the default is 1024): ```puppet memcached::instance{'11222': override_content => "[Service]\nEnvironment=MAXCONN=4096\n", } ``` Now Eric wants to use all those three settings at the same time: ```puppet memcached::instance{'11222': override_content => "[Service]\nEnvironment=MAXCONN=4096\nEnvironment=CACHESIZE=4096\nEnvironment='LISTEN=-l 0.0.0.0'\n", } ``` Instead of passing a long string with multiple `\n`, Eric can also put the content in a file and provide that: ```puppet memcached::instance{'11222': override_source => "${module_name}/memcached_11222_override.conf\n", } ``` ### Other class parameters * $package_ensure = 'present' * $logfile = '/var/log/memcached.log' * $logstdout = false (Set this to true to disable logging to a file/syslog entirely, useful when memcached runs in containers) * $pidfile = '/var/run/memcached.pid' (Debian family only, set to false to disable pidfile) * $max_memory = false * $max_item_size = false * $min_item_size = false * $factor = false * $lock_memory = false (WARNING: good if used intelligently, google for -k key) * $listen = '127.0.0.1' (if TLS/SSL is enabled, 'notls' prefix can be used to disable for specific listeners "notls::") * $listen_ip = '127.0.0.1' (deprecated, listen will take precedence over this) * $tcp_port = 11211 * $udp_port = 0 * $manage_firewall = false * $user = '' (OS specific setting, see params.pp) * $max_connections = 8192 * $verbosity = undef * $unix_socket = undef * $install_dev = false (TRUE if 'libmemcached-dev' package should be installed) * $processorcount = $::processorcount * $service_restart = true (restart service after configuration changes, false to prevent restarts) * $use_sasl = false (start memcached with SASL support) * $use_tls = false (start memcached with TLS support) * $tls_cert_chain = undef * $tls_key = undef * $tls_ca_cert = undef * $tls_verify_mode = 1 (0: None, 1: Request, 2: Require, 3: Once) * $large_mem_pages = false (try to use large memory pages) saz-memcached-8.2.0/lib0040755000175100001730000000000014434133310011670 5ustar00saz-memcached-8.2.0/lib/puppet0040755000175100001730000000000014434133310013205 5ustar00saz-memcached-8.2.0/lib/puppet/functions0040755000175100001730000000000014434133310015215 5ustar00saz-memcached-8.2.0/lib/puppet/functions/memcached0040755000175100001730000000000014434133310017123 5ustar00saz-memcached-8.2.0/lib/puppet/functions/memcached/max_memory.rb0100644000175100001730000000225414434133310021704 0ustar00# frozen_string_literal: true # Calculate max_memory size from fact 'memsize' and passed argument. Puppet::Functions.create_function(:'memcached::max_memory') do dispatch :max_memory do required_param 'Any', :arg end def max_memory(arg) scope = closure_scope memsize = if scope['facts']['memory'].nil? scope['facts']['memorysize'] else scope['facts']['memory']['system']['total'] end if arg && !arg.to_s.end_with?('%') result_in_mb = arg.to_i else max_memory_percent = arg || '95%' # Taken from puppetlabs-stdlib to_bytes() function value, suffix = *%r{([0-9.e+-]*)\s*([^bB]?)}.match(memsize)[1, 2] value = value.to_f case suffix when 'k' then value *= (1 << 10) when 'M' then value *= (1 << 20) when 'G' then value *= (1 << 30) when 'T' then value *= (1 << 40) when 'E' then value *= (1 << 50) else raise Puppet::ParseError, "memcached_max_memory(): Unknown suffix #{suffix}" end value = value.to_i result_in_mb = ((value / (1 << 20)) * (max_memory_percent.to_f / 100.0)).floor end result_in_mb end end saz-memcached-8.2.0/manifests0040755000175100001730000000000014434133310013113 5ustar00saz-memcached-8.2.0/manifests/init.pp0100644000175100001730000001657514434133310014511 0ustar00# == Class: memcached # # Manage memcached # # == Parameters # [* syslog *] # Boolean. # If true will pipe output to /bin/logger, sends to syslog. # class memcached ( Enum['present', 'latest', 'absent'] $package_ensure = 'present', Boolean $service_manage = true, Optional[Stdlib::Absolutepath] $logfile = $memcached::params::logfile, Boolean $logstdout = false, Boolean $syslog = false, Variant[Stdlib::Absolutepath, Undef] $pidfile = '/var/run/memcached.pid', Boolean $manage_firewall = false, $max_memory = '95%', Optional[Variant[Integer, String]] $max_item_size = undef, Optional[Variant[Integer, String]] $min_item_size = undef, Optional[Variant[Integer, String]] $factor = undef, Boolean $lock_memory = false, Optional[Variant[String,Array[String]]] $listen = undef, Optional[Variant[Stdlib::Ip::Address,Array[Stdlib::Ip::Address]]] $listen_ip = undef, Integer $tcp_port = 11211, Integer $udp_port = 0, String $user = $memcached::params::user, Integer $max_connections = 8192, Optional[String] $verbosity = undef, Optional[String] $unix_socket = undef, String $unix_socket_mask = '0755', Boolean $install_dev = false, Variant[String,Integer] $processorcount = $facts['processors']['count'], Boolean $service_restart = true, Boolean $auto_removal = false, Boolean $use_sasl = false, Boolean $use_tls = false, Optional[Stdlib::Absolutepath] $tls_cert_chain = undef, Optional[Stdlib::Absolutepath] $tls_key = undef, Optional[Stdlib::Absolutepath] $tls_ca_cert = undef, Integer $tls_verify_mode = 1, Boolean $use_registry = $memcached::params::use_registry, String $registry_key = 'HKLM\System\CurrentControlSet\services\memcached\ImagePath', Boolean $large_mem_pages = false, Boolean $use_svcprop = $memcached::params::use_svcprop, String $svcprop_fmri = 'memcached:default', String $svcprop_key = 'memcached/options', Optional[Array[String]] $extended_opts = undef, String $config_tmpl = $memcached::params::config_tmpl, Boolean $disable_cachedump = false, ) inherits memcached::params { # Logging to syslog and file are mutually exclusive # Fail if both options are defined if $syslog and str2bool($logfile) { fail 'Define either syslog or logfile as logging destinations but not both.' } if $use_tls { if $tls_cert_chain == undef or $tls_key == undef { fail 'tls_cert_chain and tls_key should be set when use_tls is true.' } } if $package_ensure == 'absent' { $service_ensure = 'stopped' $service_enable = false } else { $service_ensure = 'running' $service_enable = true } if ! $listen and ! $listen_ip { # if both are not set, we're setting $real_listen to 127.0.0.1 $real_listen = ['127.0.0.1'] } else { if $listen { # Handle if $listen is not an array $real_listen = [$listen] } else { warning('memcached::listen_ip is deprecated in favor of memcached::listen') # Handle if $listen_ip is not an array $real_listen = [$listen_ip] } } package { $memcached::params::package_name: ensure => $package_ensure, provider => $memcached::params::package_provider, } if $install_dev { package { $memcached::params::dev_package_name: ensure => $package_ensure, require => Package[$memcached::params::package_name], } } if $manage_firewall { firewall { "100_tcp_${tcp_port}_for_memcached": dport => $tcp_port, proto => 'tcp', action => 'accept', } if $udp_port != 0 { firewall { "100_udp_${udp_port}_for_memcached": dport => $udp_port, proto => 'udp', action => 'accept', } } } if $service_restart and $service_manage { $service_notify_real = Service[$memcached::params::service_name] } else { $service_notify_real = undef } if ( $memcached::params::config_file ) { file { $memcached::params::config_file: ensure => 'file', owner => 'root', group => 0, mode => '0644', content => template($config_tmpl), require => Package[$memcached::params::package_name], notify => $service_notify_real, } } if $logfile and !$syslog { file { $logfile: ensure => 'file', owner => $user, group => 0, mode => '0640', require => Package[$memcached::params::package_name], notify => $service_notify_real, } } if $service_manage { service { $memcached::params::service_name: ensure => $service_ensure, enable => $service_enable, hasrestart => true, hasstatus => $memcached::params::service_hasstatus, } } if $use_registry { registry_value { $registry_key: ensure => 'present', type => 'string', data => template($config_tmpl), notify => $service_notify_real, } } if $use_svcprop { svcprop { $svcprop_key: fmri => $svcprop_fmri, property => $svcprop_key, value => template($memcached::params::config_tmpl), notify => $service_notify_real, } } } saz-memcached-8.2.0/manifests/instance0040755000175100001730000000000014434133310014717 5ustar00saz-memcached-8.2.0/manifests/instance/servicefile.pp0100644000175100001730000000047614434133310017643 0ustar00# # @summary helper class to configure the memcache multiinstance unit file *once* # # @api private # # @author Tim Meusel # class memcached::instance::servicefile { assert_private() systemd::unit_file { 'memcached@.service': content => epp("${module_name}/memcached@.service.epp"), } } saz-memcached-8.2.0/manifests/instance.pp0100644000175100001730000000465414434133310015345 0ustar00# # @summary Manage multiple memcached instances # # @param manage_firewall enable/disable fireall management via puppetlabs/firewall # @param port the udp and tcp port to listen on. By default, the instance name is used # @param limits systemd limits for the service # @param override_content overrides for the unit, as string # @param override_source overrides for the unit, as file resource # # @author pglushchenko # @author Tim Meusel # define memcached::instance ( Boolean $manage_firewall = false, Stdlib::Port::Unprivileged $port = Integer($name), Optional[Systemd::ServiceLimits] $limits = undef, Optional[String[1]] $override_content = undef, Optional[Stdlib::Filesource] $override_source = undef, ) { unless $facts['kernel'] == 'Linux' { fail("memcached::instance currently only works with Linux, you are running ${facts['kernel']}") } require memcached require memcached::instance::servicefile $service_name = "memcached@${port}.service" if $manage_firewall { firewall { "100_tcp_${port}_for_memcached": dport => $port, proto => 'tcp', action => 'accept', } } service { $service_name: ensure => 'running', enable => true, } if $limits { systemd::service_limits { $service_name: limits => $limits, } } if $override_content or $override_source { if $override_content and $override_source { fail('memcached::instance: you can only set override_content OR override_source, dont set both') } # manually reload systemd to make puppet 5 users happy. # puppet 6 and newer are reloading systemd properly systemd::dropin_file { "${service_name}-override.conf": unit => $service_name, source => $override_source, content => $override_content, notify => Exec["${service_name}_force_systemd_reload"], } exec { "${service_name}_force_systemd_reload": command => 'systemctl daemon-reload', user => 'root', path => ['/sbin', '/bin', '/usr/sbin', '/usr/bin'], refreshonly => true, notify => Service[$service_name], } } if $facts['os']['selinux']['enabled'] { selinux::port { "allow-${service_name}": ensure => 'present', seltype => 'memcache_port_t', protocol => 'tcp', port => $port, before => Service[$service_name], } } } saz-memcached-8.2.0/manifests/params.pp0100644000175100001730000000622014434133310015013 0ustar00# == Class: memcached::params # class memcached::params { case $facts['os']['family'] { 'Debian': { $package_name = 'memcached' $package_provider = undef $service_name = 'memcached' $service_hasstatus = false $dev_package_name = 'libmemcached-dev' $config_file = '/etc/memcached.conf' $config_tmpl = "${module_name}/memcached.conf.erb" $user = 'nobody' $logfile = '/var/log/memcached.log' $use_registry = false $use_svcprop = false } /RedHat|Suse/: { $package_name = 'memcached' $package_provider = undef $service_name = 'memcached' $service_hasstatus = true $dev_package_name = 'libmemcached-devel' $config_file = '/etc/sysconfig/memcached' $config_tmpl = "${module_name}/memcached_sysconfig.erb" $user = 'memcached' $logfile = '/var/log/memcached.log' $use_registry = false $use_svcprop = false } /windows/: { $package_name = 'memcached' $package_provider = 'chocolatey' $service_name = 'memcached' $service_hasstatus = true $dev_package_name = 'libmemcached-devel' $config_file = undef $config_tmpl = "${module_name}/memcached_windows.erb" $user = 'BUILTIN\Administrators' $logfile = undef $use_registry = true $use_svcprop = false } 'Solaris': { $package_name = 'memcached' $package_provider = undef $service_name = 'memcached' $service_hasstatus = false $dev_package_name = 'libmemcached' $config_file = undef $config_tmpl = "${module_name}/memcached_svcprop.erb" $user = 'nobody' $logfile = '/var/log/memcached.log' $use_registry = false $use_svcprop = true } 'FreeBSD': { $package_name = 'memcached' $package_provider = undef $service_name = 'memcached' $service_hasstatus = false $dev_package_name = 'libmemcached' $config_file = '/etc/rc.conf.d/memcached' $config_tmpl = "${module_name}/memcached_freebsd_rcconf.erb" $user = 'nobody' $logfile = '/var/log/memcached.log' $use_registry = false $use_svcprop = false } default: { case $facts['os']['name'] { 'Amazon': { $package_name = 'memcached' $package_provider = undef $service_name = 'memcached' $service_hasstatus = true $dev_package_name = 'libmemcached-devel' $config_file = '/etc/sysconfig/memcached' $config_tmpl = "${module_name}/memcached_sysconfig.erb" $user = 'memcached' $logfile = '/var/log/memcached.log' $use_registry = false $use_svcprop = false } default: { fail("Unsupported platform: ${facts['os']['family']}/${facts['os']['name']}") } } } } } saz-memcached-8.2.0/metadata.json0100644000175100001730000000315214434133310013652 0ustar00{ "name": "saz-memcached", "version": "8.2.0", "author": "saz", "summary": "Manage memcached via Puppet", "license": "Apache-2.0", "source": "git://github.com/saz/puppet-memcached.git", "project_page": "https://github.com/saz/puppet-memcached", "issues_url": "https://github.com/saz/puppet-memcached/issues", "description": "Manage memcached via Puppet", "requirements": [ {"name":"puppet","version_requirement":">= 6.1.0 < 8.0.0" } ], "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 4.13.1 < 9.0.0"}, {"name":"puppetlabs/firewall","version_requirement":">= 0.1.0 < 6.0.0"}, {"name":"puppet/systemd","version_requirement":">= 2.10.0 < 5.0.0"}, {"name":"puppet/selinux","version_requirement":">= 3.2.0 < 4.0.0"} ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "7", "8", "9" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "7", "8", "9" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "7" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "10", "11" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "18.04", "20.04", "22.04" ] }, { "operatingsystem": "Windows" }, { "operatingsystem": "FreeBSD" } ] } saz-memcached-8.2.0/templates0040755000175100001730000000000014434133310013120 5ustar00saz-memcached-8.2.0/templates/memcached.conf.erb0100644000175100001730000000362214434133310016523 0ustar00# File managed by puppet # Run memcached as a daemon. -d <% if @pidfile -%> # pidfile -P <%= @pidfile %> <% end -%> # Log memcached's output logfile <%= @logfile -%> <% if @verbosity -%> # Verbosity -<%= @verbosity %> <% end -%> # Use MB memory max to use for object storage. -m <%= scope.call_function('memcached::max_memory', [@max_memory]) %> <% if @lock_memory -%> # Lock down all paged memory. There is a limit on how much memory you may lock. -k <% end -%> <% if @use_sasl -%> # Start with SASL support -S <% end -%> <% if @use_tls -%> # Start with TLS support -Z -o ssl_chain_cert=<%= @tls_cert_chain %> -o ssl_key=<%= @tls_key %> <% if @tls_ca_cert -%> -o ssl_ca_cert=<%= @tls_ca_cert %> <% end -%> -o ssl_verify_mode=<%= @tls_verify_mode %> <% end -%> <% if @unix_socket -%> # UNIX socket path to listen on -s <%= @unix_socket %> # UNIX socket access mask -a <%= @unix_socket_mask %> <% else -%> <% if @real_listen -%> # interfaces to listen on -l <%= @real_listen.join(',') %> <% end -%> # TCP port to listen on -p <%= @tcp_port %> # UDP port to listen on -U <%= @udp_port %> <% end -%> # Run daemon as user -u <%= @user %> <% if @large_mem_pages -%> # Try to use large memory pages (if available) -L <% end -%> # Limit the number of simultaneous incoming connections. -c <%= @max_connections %> # Number of threads to use to process incoming requests. -t <%= @processorcount %> <% if @max_item_size -%> # Override the default size of each slab page -I <%= @max_item_size %> <% end -%> <% if @min_item_size -%> # Override the default size of each slab page -n <%= @min_item_size %> <% end -%> <% if @factor -%> # Override the default factor -f <%= @factor %> <% end -%> <% if @auto_removal -%> # Disable automatic removal of items from the cache when out of memory -M <% end -%> <% if @extended_opts -%> -o <%= @extended_opts.join(',') -%> <% end -%> <% if @disable_cachedump -%> -X <% end -%> saz-memcached-8.2.0/templates/memcached@.service.epp0100644000175100001730000000701414434133310017351 0ustar00# THIS FILE IS MANAGED BY PUPPET # It's not recommended to modify this file in-place, because it will be # overwritten during upgrades. If you want to customize, the best # way is to use the "systemctl edit" command to create an override unit. # # For example, to pass additional options, create an override unit # (as is done by systemctl edit) and enter the following: # # [Service] # Environment=OPTIONS="-l 127.0.0.1,::1" # # To use the "instanced" version of this, just start 'memcached@11211' or # whatever port you'd like. [Unit] Description=memcached daemon After=network.target [Service] User=<%= $memcached::user %> Environment=CACHESIZE=64 Environment=MAXCONN=1024 Environment="LISTEN=-l 127.0.0.1" Environment="OPTIONS=-U 0 -v" ExecStart=/usr/bin/memcached -p %i -m ${CACHESIZE} -c ${MAXCONN} $LISTEN $OPTIONS Restart=always # Set up a new file system namespace and mounts private /tmp and /var/tmp # directories so this service cannot access the global directories and # other processes cannot access this service's directories. PrivateTmp=true # Mounts the /usr, /boot, and /etc directories read-only for processes # invoked by this unit. ProtectSystem=full # Ensures that the service process and all its children can never gain new # privileges NoNewPrivileges=true # Sets up a new /dev namespace for the executed processes and only adds API # pseudo devices such as /dev/null, /dev/zero or /dev/random (as well as # the pseudo TTY subsystem) to it, but no physical devices such as /dev/sda. PrivateDevices=true # Required for dropping privileges and running as a different user CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE # Restricts the set of socket address families accessible to the processes # of this unit. Protects against vulnerabilities such as CVE-2016-8655 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX # Some security features are not in the older versions of systemd used by # e.g. RHEL7/CentOS 7. The below settings are automatically edited at package # build time to uncomment them if the target platform supports them. # Attempts to create memory mappings that are writable and executable at # the same time, or to change existing memory mappings to become executable # are prohibited. MemoryDenyWriteExecute=true # Explicit module loading will be denied. This allows to turn off module # load and unload operations on modular kernels. It is recommended to turn # this on for most services that do not need special file systems or extra # kernel modules to work. ProtectKernelModules=true # Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger, # /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq # will be made read-only to all processes of the unit. Usually, tunable # kernel variables should only be written at boot-time, with the sysctl.d(5) # mechanism. Almost no services need to write to these at runtime; it is hence # recommended to turn this on for most services. ProtectKernelTunables=true # The Linux Control Groups (cgroups(7)) hierarchies accessible through # /sys/fs/cgroup will be made read-only to all processes of the unit. # Except for container managers no services should require write access # to the control groups hierarchies; it is hence recommended to turn this # on for most services ProtectControlGroups=true # Any attempts to enable realtime scheduling in a process of the unit are # refused. RestrictRealtime=true # Takes away the ability to create or manage any kind of namespace RestrictNamespaces=true [Install] WantedBy=multi-user.target saz-memcached-8.2.0/templates/memcached_freebsd_rcconf.erb0100644000175100001730000000236614434133310020627 0ustar00### MANAGED BY PUPPET ### DO NOT EDIT <%- enabled = "YES" if !@service_manage enabled = "NO" end flags = [] # required flags flags << "-d -u #{@user} -P #{@pidfile} -t #{@processorcount}" # optional flags if @item_size flags << "-I #{@item_size}" end if @real_listen flags << "-l #{@real_listen.join(',')}" end if @lock_memory flags << "-k" end if @max_connections flags << "-c #{@max_connections}" end #TODO: wtf do we do with this? #if @logfile #end if @tcp_port flags << "-p #{@tcp_port}" end if @udp_port flags << "-U #{@udp_port}" end if @unix_socket flags << "-s #{@unix_socket} -a #{@unix_socket_mask}" end if @verbosity flags << "-#{@verbosity}" end flags << "-m #{scope.call_function('memcached::max_memory', [@max_memory])}" if @use_sasl flags << "-S" end if @use_tls flags << "-Z" flags << "-o ssl_chain_cert=#{@tls_cert_chain}" flags << "-o ssl_key=#{@tls_key}" if @tls_ca_cert flags << "-o ssl_ca_cert=#{@tls_ca_cert}" end flags << "-o ssl_verify_mode=#{@tls_verify_mode}" end if @large_mem_pages flags << "-L" end if @disable_cachedump flags << "-X" end if @extended_opts flags << "-o #{@extended_opts.join(',')}" end -%> memcached_enable="<%= enabled %>" memcached_flags="<%= flags.join(" ") %>" saz-memcached-8.2.0/templates/memcached_svcprop.erb0100644000175100001730000000405014434133310017347 0ustar00<%- result = [] if @verbosity # Verbosity result << '"-' + @verbosity.to_s + '"' end # Use MB memory max to use for object storage. result << '"-m" "' + scope.call_function('memcached::max_memory', [@max_memory]).to_s + '"' if @lock_memory # Lock down all paged memory. There is a limit on how much memory you may lock. result << '"-k"' end if @use_sasl # Start with SASL support result << '"-S"' end if @use_tls # Start with TLS support result << '"-Z"' result << '"-o" "ssl_chain_cert="' + @tls_cert_chain + '"' result << '"-o" "ssl_key="' + @tls_key + '"' if @tls_ca_cert result << '"-o" "ssl_ca_cert="' + @tls_ca_cert + '"' end result << '"-o" "ssl_verify_mode="' + @tls_verify_mode + '"' end if @unix_socket # UNIX socket path to listen on result << '"-s" "' + @unix_socket + '"' # UNIX socket access mask result << '"-a" "' + @unix_socket_mask + '"' else if @real_listen # interface to listen on result << '"-l" "' + @real_listen.join(',') + '"' end # TCP port to listen on if @tcp_port result << '"-p" "' + @tcp_port.to_s + '"' end # UDP port to listen on if @udp_port result << '"-U" "' + @udp_port.to_s + '"' end end # Run daemon as user result << '"-u" "' + @user + '"' if @large_mem_pages # Try to use large memory pages (if available) result << '"-L"' end # Limit the number of simultaneous incoming connections. result << '"-c" "' + @max_connections.to_s + '"' # Number of threads to use to process incoming requests. result << '"-t" "' + @processorcount.to_s + '"' if @max_item_size # Override the default size of each slab page result << '"-I" "' + @max_item_size.to_s + '"' end if @min_item_size result << '"-n" "' + @min_item_size.to_s + '"' end if @factor result << '"-f" "' + @factor.to_s + '"' end if @auto_removal # Disable automatic removal of items from the cache when out of memory result << '"-M"' end if @extended_opts result << '"-o" "' + @extended_opts.join(',') + '"' end if @disable_cachedump result << '"-X"' end -%> <%= result.join(' ') -%> saz-memcached-8.2.0/templates/memcached_sysconfig.erb0100644000175100001730000000354714434133310017671 0ustar00<%- result = [] if @verbosity result << '-' + @verbosity.to_s end if @lock_memory result << '-k' end if @real_listen result << '-l ' + @real_listen.join(',') end if @udp_port result << '-U ' + @udp_port.to_s end if @unix_socket result << '-s ' + @unix_socket.to_s + ' -a ' + @unix_socket_mask.to_s end if @max_item_size result << '-I ' + @max_item_size.to_s end if @min_item_size result << '-n ' + @min_item_size.to_s end if @factor result << '-f ' + @factor.to_s end if @extended_opts result << '-o ' + @extended_opts.join(',') end if @disable_cachedump result << '-X' end result << '-t ' + @processorcount.to_s if @use_tls result << '-Z' result << '-o ssl_chain_cert=' + @tls_cert_chain result << '-o ssl_key=' + @tls_key if @tls_ca_cert result << '-o ssl_ca_cert=' + @tls_ca_cert end result << '-o ssl_verify_mode=' + @tls_verify_mode.to_s end if @use_sasl result << '-S' end if !@logstdout # log to syslog via logger if @syslog && !@logfile result << '2>&1 |/bin/logger &' # log to log file elsif @logfile && !@syslog result << '>> ' + @logfile + ' 2>&1' end end -%> <%- if scope['osfamily'] != 'Suse' -%> PORT="<%= @tcp_port %>" USER="<%= @user %>" MAXCONN="<%= @max_connections %>" CACHESIZE="<%= scope.call_function('memcached::max_memory', [@max_memory]) %>" OPTIONS="<%= result.join(' ') %>" <%- else -%> MEMCACHED_PARAMS="<%= result.join(' ') %>" ## Path: Network/WWW/Memcached ## Description: username memcached should run as ## Type: string ## Default: "memcached" ## Config: memcached # # username memcached should run as # MEMCACHED_USER="<%= @user %>" ## Path: Network/WWW/Memcached ## Description: group memcached should be run as ## Type: string ## Default: "memcached" ## Config: memcached # # group memcached should be run as # MEMCACHED_GROUP="<%= @user %>" <%- end -%> saz-memcached-8.2.0/templates/memcached_windows.erb0100644000175100001730000000140514434133310017346 0ustar00<%- result = [] if @verbosity result << '-' + @verbosity.to_s end if @lock_memory result << '-k' end if @real_listen result << '-l ' + @real_listen.join(',') end if @tcp_port result << '-p ' + @tcp_port.to_s end if @udp_port result << '-U ' + @udp_port.to_s end if @max_item_size result << '-I ' + @max_item_size.to_s end if @min_item_size result << '-n ' + @min_item_size.to_s end if @factor result << '-f ' + @factor.to_s end result << '-t ' + @processorcount if @max_connections result << '-c ' + @max_connections end if @extended_opts result << '-o ' + @extended_opts.join(',') end if @logfile result << '>> ' + @logfile + ' 2>&1' end if @disable_cachedump result << '-X' end -%> c:\memcached\memcached.exe -d runservice <%= result.join(' ') %>