Fix cryptsetup --pbkdf-memory failures

A recent patch[1] added --pbkdf-memory to the cryptsetup command line
to limit the memory cryptsetup is using. However, some distros use
an older version of cryptsetup that does not need this setting.
This patch adds logic to detect this and run the commands without
--pbkdf-memory.

[1] https://review.opendev.org/663784

Change-Id: I9e0debcbfe6ceeff0012c827d70d80d938b5a2fb
Story: 2006066
Task: 34782
changes/15/668215/7
Michael Johnson 3 years ago
parent 58a4490bbf
commit 2bb2f918ee
  1. 1
      elements/certs-ramfs/element-deps
  2. 2
      elements/certs-ramfs/init-scripts/systemd/certs-ramfs.service
  3. 9
      elements/certs-ramfs/init-scripts/sysv/certs-ramfs
  4. 9
      elements/certs-ramfs/init-scripts/upstart/certs-ramfs.conf
  5. 19
      elements/certs-ramfs/static/usr/local/bin/certfs-ramfs

@ -1,2 +1,3 @@
dib-init-system
package-installs
install-static

@ -4,7 +4,7 @@ After=cloud-config.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'modprobe brd; passphrase=$$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1); certs_path=$$(awk "/base_cert_dir / {printf \\$$3}" /etc/octavia/amphora-agent.conf); mkdir -p "$${certs_path}"; echo -n "$${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 -; echo -n "$${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs -; mkfs.ext2 /dev/mapper/certfs-ramfs; mount /dev/mapper/certfs-ramfs "$${certs_path}"'
ExecStart=/usr/local/bin/certfs-ramfs
ExecStop=/bin/sh -c 'certs_path=$$(awk "/base_cert_dir / {printf \\$$3}" /etc/octavia/amphora-agent.conf); umount "$${certs_path}"; cryptsetup luksClose /dev/mapper/certfs-ramfs;'
RemainAfterExit=yes
TimeoutSec=0

@ -17,14 +17,7 @@ NAME=certs-ramfs
case $1 in
start)
log_daemon_msg "Starting the process" "$NAME"
modprobe brd
passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1)
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
mkdir -p "${certs_path}"
echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 -
echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs -
mkfs.ext2 /dev/mapper/certfs-ramfs
mount /dev/mapper/certfs-ramfs "${certs_path}"
/usr/local/bin/certfs-ramfs
log_end_msg 0
;;
stop)

@ -4,14 +4,7 @@ start on started cloud-config
stop on runlevel [!2345]
pre-start script
modprobe brd
passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1)
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
mkdir -p "${certs_path}"
echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 -
echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs -
mkfs.ext2 /dev/mapper/certfs-ramfs
mount /dev/mapper/certfs-ramfs "${certs_path}"
/usr/local/bin/certfs-ramfs
end script
post-stop script

@ -0,0 +1,19 @@
#!/bin/bash
modprobe brd
passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1)
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
mkdir -p "${certs_path}"
echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 -
# Some distrobutions have an old cryptsetup, try without --pbkdf-memory
if [ $? -eq 0 ]
then
echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs -
else
echo -n "${passphrase}" | cryptsetup luksFormat /dev/ram0 -
echo -n "${passphrase}" | cryptsetup luksOpen /dev/ram0 certfs-ramfs -
fi
mkfs.ext2 /dev/mapper/certfs-ramfs
mount /dev/mapper/certfs-ramfs "${certs_path}"
Loading…
Cancel
Save