diff --git a/deployment/memcached/memcached-container-puppet.yaml b/deployment/memcached/memcached-container-puppet.yaml index dce17197b5..d501998e02 100644 --- a/deployment/memcached/memcached-container-puppet.yaml +++ b/deployment/memcached/memcached-container-puppet.yaml @@ -75,6 +75,10 @@ conditions: - equals: [{get_param: MemcachedDebug}, 'true'] - equals: [{get_param: MemcachedDebug}, 'True'] - equals: [{get_param: Debug}, true] + is_ipv6: + equals: + - {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} + - 6 resources: @@ -121,17 +125,25 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR memcached::listen_ip: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]} + - if: + - is_ipv6 + - '::1' + - '127.0.0.1' + - str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]} memcached::listen_ip_uri: - str_replace: - template: - "%{hiera('$NETWORK_uri')}" - params: - $NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]} + - if: + - is_ipv6 + - '::1' + - '127.0.0.1' + - str_replace: + template: + "%{hiera('$NETWORK_uri')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]} memcached::max_memory: {get_param: MemcachedMaxMemory} # https://access.redhat.com/security/cve/cve-2018-1000115 # Only accept TCP to avoid spoofed traffic amplification DoS on UDP.