memcached: Change the default MEMCACHED_USERNAME to zulip@localhost.

This prevents memcached from automatically appending the hostname to the username, which was a source of problems on servers where the hostname was changed. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-18 19:12:53 -07:00 · 2020-06-18 19:12:53 -07:00 · a9e59b6bd3
parent a4fdc6f826
commit a9e59b6bd3
3 changed files with 20 additions and 8 deletions
--- a/puppet/zulip/manifests/memcached.pp
+++ b/puppet/zulip/manifests/memcached.pp
@ -31,17 +31,29 @@ class zulip::memcached {
    content => zulipsecret('secrets', 'memcached_password', ''),
    notify  => Exec[generate_memcached_sasldb2],
  }
+  file { '/var/lib/zulip/memcached-sasldb2.stamp':
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => '1',
+    notify  => Exec[generate_memcached_sasldb2],
+  }
  exec { 'generate_memcached_sasldb2':
    require     => [
      Package[$memcached_packages],
      Package[$zulip::sasl_modules::sasl_module_packages],
-      File['/etc/sasl2/memcached-zulip-password'],
    ],
    refreshonly => true,
-    # Pass the hostname explicitly because otherwise saslpasswd2
-    # lowercases it and memcached does not.
-    command     => "bash -c 'saslpasswd2 -p -f /etc/sasl2/memcached-sasldb2 \
-a memcached -u \"\$HOSTNAME\" zulip < /etc/sasl2/memcached-zulip-password'",
+    # Use localhost for the currently recommended MEMCACHED_USERNAME =
+    # "zulip@localhost" and the hostname for compatibility with
+    # MEMCACHED_USERNAME = "zulip".
+    command     => "bash -euc '
+rm -f /etc/sasl2/memcached-sasldb2
+saslpasswd2 -p -f /etc/sasl2/memcached-sasldb2 \
+    -a memcached -u localhost zulip < /etc/sasl2/memcached-zulip-password
+saslpasswd2 -p -f /etc/sasl2/memcached-sasldb2 \
+    -a memcached -u \"\$HOSTNAME\" zulip < /etc/sasl2/memcached-zulip-password
+'",
  }
  file { '/etc/sasl2/memcached-sasldb2':
    require => Exec[generate_memcached_sasldb2],
--- a/zproject/default_settings.py
+++ b/zproject/default_settings.py
@ -123,7 +123,7 @@ BOT_CONFIG_SIZE_LIMIT = 10000
 # External service configuration
 CAMO_URI = ''
 MEMCACHED_LOCATION = '127.0.0.1:11211'
-MEMCACHED_USERNAME = None if get_secret("memcached_password") is None else "zulip"
+MEMCACHED_USERNAME = None if get_secret("memcached_password") is None else "zulip@localhost"
 RABBITMQ_HOST = '127.0.0.1'
 RABBITMQ_USERNAME = 'zulip'
 REDIS_HOST = '127.0.0.1'
--- a/zproject/prod_settings_template.py
+++ b/zproject/prod_settings_template.py
@ -615,8 +615,8 @@ CAMO_URI = '/external_content/'
 # Format HOST:PORT
 # MEMCACHED_LOCATION = 127.0.0.1:11211
 # To authenticate to memcached, set memcached_password in zulip-secrets.conf,
-# and optionally change the default username 'zulip' here.
-# MEMCACHED_USERNAME = 'zulip'
+# and optionally change the default username 'zulip@localhost' here.
+# MEMCACHED_USERNAME = 'zulip@localhost'

 # Redis configuration
 #