Memcached with tls doesn't have a notls port open

[xek]

Most openstack services don't support tls because keystonemiddleware doesn't support TLS (it has it's own encryption), also, horizon doesn't support TLS and fails when TLS is enabled

The way memcached currently runs with TLS enabled:

/usr/bin/memcached -p 11211 -u memcached -m 9932 -c 8192 -Z -o ssl_chain_cert=/etc/pki/tls/certs/memcached.crt -o ssl_key=/etc/pki/tls/private/memcached.key -o ssl_ca_cert=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem -vv

The way it runs in TripleO:

/usr/bin/memcached -p 11212 -u memcached -m 9871 -c 8192 -vv -l 127.0.0.1,192.168.122.100,notls:192.168.122.100:11211,notls:127.0.0.1:11211 -U 0 -X -t 8 -Z -o ssl_chain_cert=/etc/pki/tls/certs/memcached.crt -o ssl_key=/etc/pki/tls/private/memcached.key -o ssl_verify_mode=1

[deshipu]

Since Horizon switched the memcached library in use (https://review.opendev.org/c/openstack/horizon/+/891828) it should support TLS for memcached. We might need to adjust the settings to use the correct certs.

[stuggi]

tls memcached for horizon works for me when using latest operator version which includes https://github.com/openstack-k8s-operators/horizon-operator/pull/311 . the latest openstack-operator right now does not have it. need to wait for the service operator bump to be landed

[stuggi]

closing this issue. it was addressed in https://github.com/openstack-k8s-operators/infra-operator/pull/212