memcached安裝及開啟SASL驗證

天鴿hato發表於2020-11-12

memcached安裝及開啟SASL驗證

安裝memcached

可以yum安裝,但版本較低

yum -y install wget libevent-devel gcc gcc-c++ make cyrus-sasl-devel cyrus-sasl-plain
wget http://memcached.org/files/memcached-1.6.8.tar.gz
tar xf memcached-1.6.8.tar.gz && cd memcached-1.6.8
./configure --prefix=/usr/local/memcached --enable-sasl
make && make install
ln -sf /usr/local/memcached/bin/memcached /usr/bin/memcached
cp scripts/memcached.sysconfig /etc/sysconfig/memcached
cp scripts/memcached.service /etc/systemd/system/
# 預設使用者是nobody
id nobody
systemctl daemon-reload
systemctl enable memcached
systemctl start memcached
systemctl status memcached

開啟SASL及安全設定

SASL開啟後,只有二進位制模式可以使用,telnet無法使用

mkdir /etc/sasl2
cat > /etc/sasl2/memcached.conf << EOF
mech_list: plain
log_level: 5
sasldb_path: /etc/sasl2/memcached-sasldb2
EOF
saslpasswd2 -a memcached -c -f /etc/sasl2/memcached-sasldb2 cacheuser
chown nobody:nobody /etc/sasl2/memcached-sasldb2
# 僅監聽本機迴環IP,開啟SASL
sed -i 's/OPTIONS=""/OPTIONS="-l 127.0.0.1 -S"/' /etc/sysconfig/memcached
# 修改PORT為隨機埠,並iptables中開啟
sed -i 's/PORT="11211"/PORT="32112"/' /etc/sysconfig/memcached
systemctl restart memcached
systemctl status memcached
#區域網使用需要iptables白名單限制
#iptables -A INPUT -p tcp --dport 11211 !-s 192.168.1.1 -j DROP

安裝libmemcached

php和python等語言使用memcached需要安裝這個庫

可以yum安裝,這裡不使用yum安裝

wget https://launchpad.net/libmemcached/1.0/1.0.18/+download/libmemcached-1.0.18.tar.gz
tar xf libmemcached-1.0.18.tar.gz && cd libmemcached-1.0.18
./configure --prefix=/usr/local/libmemcached --with-memcached
make && make install

安裝php擴充套件

memcache擴充套件因為很多問題很少人使用,memcached擴充套件比較不錯,而且支援SASL

php5需要使用2.2.0版本,php7以上可以使用3.x版本

wget http://pecl.php.net/get/memcached-3.1.5.tgz
tar xf memcached-3.1.5.tgz && cd memcached-3.1.5
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcached --with-libmemcached-dir=/usr/local/libmemcached
make && make install
cat >/usr/local/php/conf.d/005-memcached.ini<<EOF
extension = memcached.so
memcached.use_sasl =1
EOF
/etc/init.d/php-fpm restart

php使用:

$m = new \Memcached();
$m->addServer('127.0.0.1', 11211);
$m->setOption(Memcached::OPT_BINARY_PROTOCOL, true);
$m->setSaslAuthData('cacheuser', 'cacheuserpass');
$m->add('ip', '192.168.1.2', 86400);
var_dump($m->get('ip'));

另外,memcached還支援CAS樂觀鎖

安裝python擴充套件

yum install python-setuptools
easy_install -i https://pypi.tuna.tsinghua.edu.cn/simple pip
pip install -i https://pypi.tuna.tsinghua.edu.cn/simple python-binary-memcached

簡單測試:

Python 2.7.5 (default, Apr  2 2020, 13:16:51) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import bmemcached
>>> bm = bmemcached.Client(('127.0.0.1:11211',),'cacheuser','cacheuser')
>>> bm.set('key1','value1')
True
>>> bm.get('key1')
'value1'
>>>

最後,雖然有獲取所有鍵的方法,但各個客戶端都沒有支援,所以一定要記得key

參考:https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-memcached-on-centos-7

相關文章