Memcached for HA CAS 6.2

[Jeremiah Garmatter]

Hello,

I have made it through the CAS installation, configuration and customization process for CAS 6.2. The final thing that I must do is configure a ticket registry shared between two CentOS 7 servers. I was planning on using memcached because my predecessor used it on the old CAS 3.5.2 installment but I have had no luck getting the two CAS instances to share their tickets with each other.

I have included the memcached and spymemcached dependencies within build.gradle:

implementation "org.apereo.cas:cas-server-support-memcached-ticket-registry:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-memcached-spy:${project.'cas.version'}"

I installed memcached on each server with: yum install memcached

The version is: 1.4.15

I have opened the firewall (firewalld) to allow access to memcache's default port: 11211

Inside of cas.properties, I included these properties:

cas.ticket.registry.memcached.memcached.servers=server1.domain:11211 server2.domain:11211
cas.ticket.registry.memcached.memcached.locator-type=ARRAY_MOD
cas.ticket.registry.memcached.memcached.failure-mode=Redistribute
cas.ticket.registry.memcached.memcached.hash-algorithm=FNV1_64_HASH
cas.ticket.registry.memcached.memcached.transcoder=KRYO

cas.ticket.registry.memcached.crypto.signing.key=<My signing key>

cas.ticket.registry.memcached.crypto.encryption.key=<My encryption key>

cas.ticket.registry.memcached.crypto.enabled=true
cas.ticket.registry.memcached.crypto.strategyType=ENCRYPT_AND_SIGN

After rebuilding and deploying, then signing in to server1's CAS instances, I use telnet to verify the cookies are within memcache:

telnet server1 11211

stats items

I see this on server 1:

STAT items:19:number 1
STAT items:19:age 61809
STAT items:19:evicted 0
STAT items:19:evicted_nonzero 0
STAT items:19:evicted_time 0
STAT items:19:outofmemory 0
STAT items:19:tailrepairs 0
STAT items:19:reclaimed 0
STAT items:19:expired_unfetched 0
STAT items:19:evicted_unfetched 0
END

and this on server2:

stats items
END

Troubleshooting:

I used a rich firewalld rule to allow tcp connections between server1 and server2 across port 11211. Thinking I may have gunked up the rule, I opened port 11211 to all. This didn't change anything.

I wasn't sure how memcached worked with signing and encryption of tickets, I'm currently using the same signing key on both servers, as well as the same encryption key, is that the way I should have them?

Has anyone had luck implementing memcached into a CAS 6.2 deployment? Any ideas of the problem here? The cas.log file showed some java errors before I had my cas.properties ironed out, but on the most recent runs I haven't seen any errors at all.

Thank you for your time.

[Jérôme Steve]

Hi,

Try to use comma separator in cas.ticket.registry.memcached.memcached.servers property.

Jérôme.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/306c993d-cb7d-4cae-8751-6b5031409258n%40apereo.org.

[Jeremiah Garmatter]

Thanks for the reply Jérôme

I changed my cas.ticket.registry.memcached.memcached.servers property to look like this:

cas.ticket.registry.memcached.memcached.server=server1.domain:11211, server2.domain:11211

I redeployed and my servers still are not sharing their tickets. Same results as before when I telnet into each server's memcached instance.

[Jeremiah Garmatter]

Maybe I need to configure something on the memcached package before I try connecting to their instances with spymemcached. Can anyone confirm that the memcached package for CentOS 7 works for CAS out-of-box?