Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
687 views
in Technique[技术] by (71.8m points)

linux - memcache for php - unable to connect

I m running centos 6. Using apache for handling php and nginx to handle scripts images and css

i have installed memcached server.

PORT="11211"
USER="memcached"
MAXCONN="4096"
CACHESIZE="512"
OPTIONS="-l 127.0.0.1"

i have also installed the module for php.

i created a new php file

 $memcache = new Memcache;
 $memcache->connect('127.0.0.1', 11211) or die ("Could not connect");

i checked the memcached status and it is running.
I am always getting "Could not connect".
I tried to change the value to 'localhost' from '127.0.0.1' - still not working.

$memcache = new Memcache();
$memcache->addServer('127.0.0.1', 11211) or die ("Could not connect");
var_dump($memcache->getExtendedStats());
$memcache->set('key', 'hello world', false, 60);
echo $memcache->get('key');
//$memcache->connect('127.0.0.1', 11211) or die ("Could not connect");

Output

array(1) { ["127.0.0.1:11211"]=> bool(false) }

What does connect and addServer do differently? Which is best way to do?
But i am not getting the Hello World

More updates on the code and on this problem..

phpinfo is showing memcached.
var_dump($memcache->get('key')); gives

bool(false)

why should i use addServer instead of connect?

More update on the code

$memcache = new Memcache;
$memcache->addServer('localhost', 11211);
echo $memcache->getServerStatus('localhost', 11211);
output : 1

//$memcache->set('key', 'hello world') or die("failed to store data");
output : failed to store data

few more details

getsebool httpd_can_network_memcache

it returns off

Should it return on?

Notice: Memcache::connect(): Server 127.0.0.1 (tcp 11211, udp 0) failed with: Permission denied (13)
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

As flushed out in the comments, it appears you are running Security-Enhanced Linux (SELinux) which adds an extra layer of security at the kernel level. In my experience and usage, I found that SELinux adds a force field around certain services so that they cannot access particular assets on the system. For example, if I want to serve html content from /home/src/web, I have to tell the system that it is ok for the httpd service to access content in the /home/src/web path. To do this I would issue the following command:

$ -> setsebool -P httpd_enable_homedirs 1

Basically, to allow cross-communication between services, you have to allow such access via a policy, much like "pinholing" a firewall to allow access to a specific port, except with SELinux you are not granting access to a port, rather you are granting access to another part of the system, or service. Fortunately for us, there are several built in policies which we can use the above setsebool construct, rather than trying to define our own policies, which can be a pain. For a more complete explanation of SELinux check out the wikipedia page.

Now to answer your specific questions:

why should i use addServer instead of connect?

addserver() will allow you to add multiple ips (or hostnames) to a list from which it is assumed that cached values are present, i.e. a pool of memcache servers. Whereas the connect() will only allow you to connect to the single, specified server.

getsebool httpd_can_network_memcache, it returns off, Should it return on?

Yes, it appears that turning on this specific setting will allow you to connect to a memcache server, with SELinux enabled, however on my production servers I still have it set to off, but have the following set:

$ -> setsebool -P httpd_can_network_connect 1

I believe, that either setting will accomplish the objective, however with the above setting, if you have a memcache server on another host, httpd can still access it.

Here is a decent write-up on pinholing SELinux to allow httpd service access to other services.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...