Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support to TLS #173

Closed
moisesguimaraes opened this issue Feb 10, 2020 · 3 comments
Closed

Add support to TLS #173

moisesguimaraes opened this issue Feb 10, 2020 · 3 comments

Comments

@moisesguimaraes
Copy link
Contributor

moisesguimaraes commented Feb 10, 2020

Since version 1.5.13, Memcached supports TLS.

Motivation

At OpenStack, we use dogpile.cache as one of our oslo.cache Memcache backend drivers. To accommodate some cloud security requirements, we will need to enable TLS in Memcached as data must be encrypted in the wire in some scenarios.

I would like to help with the implementation of this if needed. I already got TLS support to python-binary-memcached, so now I'm trying to get this all the way up to oslo.cache so we can use it.

@zzzeek
Copy link
Member

zzzeek commented Feb 10, 2020

sure. doesn't oslo.cache make its own dogpile backends? maybe keystone is the one doing that.

@moisesguimaraes
Copy link
Contributor Author

moisesguimaraes commented Feb 14, 2020

Hi @zzzeek, Keystore has been upgraded to use oslo.cache already and then oslo.cache uses dogpile.cache:

https://opendev.org/openstack/keystone/src/branch/master/releasenotes/notes/oslo.cache-a9ce47bfa8809efa.yaml

I have enabled TLS in python-binary-memcached by adding a tls_context param to their client class. The idea now is to have oslo.cache to build the tls_context object and pass it to dogpile.cache and dogpile.cache just forward it to python-binary-memcached.

Unless we encounter other setbacks this might be an easy patch.

@sqla-tester
Copy link
Collaborator

sqla-tester commented Aug 6, 2020

Moisés Guimarães de Medeiros has proposed a fix for this issue in the master branch:

Add TLS support for bmemcached https://gerrit.sqlalchemy.org/c/sqlalchemy/dogpile.cache/+/1966

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants