diff --git a/elements/certs-ramfs/element-deps b/elements/certs-ramfs/element-deps index be9833530d..41b5ab2462 100644 --- a/elements/certs-ramfs/element-deps +++ b/elements/certs-ramfs/element-deps @@ -1,2 +1,3 @@ dib-init-system package-installs +install-static diff --git a/elements/certs-ramfs/init-scripts/systemd/certs-ramfs.service b/elements/certs-ramfs/init-scripts/systemd/certs-ramfs.service index f0a8dc1dd8..075067fe1c 100644 --- a/elements/certs-ramfs/init-scripts/systemd/certs-ramfs.service +++ b/elements/certs-ramfs/init-scripts/systemd/certs-ramfs.service @@ -4,7 +4,7 @@ After=cloud-config.target [Service] Type=oneshot -ExecStart=/bin/sh -c 'modprobe brd; passphrase=$$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1); certs_path=$$(awk "/base_cert_dir / {printf \\$$3}" /etc/octavia/amphora-agent.conf); mkdir -p "$${certs_path}"; echo -n "$${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 -; echo -n "$${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs -; mkfs.ext2 /dev/mapper/certfs-ramfs; mount /dev/mapper/certfs-ramfs "$${certs_path}"' +ExecStart=/usr/local/bin/certfs-ramfs ExecStop=/bin/sh -c 'certs_path=$$(awk "/base_cert_dir / {printf \\$$3}" /etc/octavia/amphora-agent.conf); umount "$${certs_path}"; cryptsetup luksClose /dev/mapper/certfs-ramfs;' RemainAfterExit=yes TimeoutSec=0 diff --git a/elements/certs-ramfs/init-scripts/sysv/certs-ramfs b/elements/certs-ramfs/init-scripts/sysv/certs-ramfs index 8e2b3949ba..2cf110079f 100644 --- a/elements/certs-ramfs/init-scripts/sysv/certs-ramfs +++ b/elements/certs-ramfs/init-scripts/sysv/certs-ramfs @@ -17,14 +17,7 @@ NAME=certs-ramfs case $1 in start) log_daemon_msg "Starting the process" "$NAME" - modprobe brd - passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1) - certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf) - mkdir -p "${certs_path}" - echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 - - echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs - - mkfs.ext2 /dev/mapper/certfs-ramfs - mount /dev/mapper/certfs-ramfs "${certs_path}" + /usr/local/bin/certfs-ramfs log_end_msg 0 ;; stop) diff --git a/elements/certs-ramfs/init-scripts/upstart/certs-ramfs.conf b/elements/certs-ramfs/init-scripts/upstart/certs-ramfs.conf index 01ae647559..050474b245 100644 --- a/elements/certs-ramfs/init-scripts/upstart/certs-ramfs.conf +++ b/elements/certs-ramfs/init-scripts/upstart/certs-ramfs.conf @@ -4,14 +4,7 @@ start on started cloud-config stop on runlevel [!2345] pre-start script - modprobe brd - passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1) - certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf) - mkdir -p "${certs_path}" - echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 - - echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs - - mkfs.ext2 /dev/mapper/certfs-ramfs - mount /dev/mapper/certfs-ramfs "${certs_path}" + /usr/local/bin/certfs-ramfs end script post-stop script diff --git a/elements/certs-ramfs/static/usr/local/bin/certfs-ramfs b/elements/certs-ramfs/static/usr/local/bin/certfs-ramfs new file mode 100755 index 0000000000..8de35ffccd --- /dev/null +++ b/elements/certs-ramfs/static/usr/local/bin/certfs-ramfs @@ -0,0 +1,19 @@ +#!/bin/bash + +modprobe brd +passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1) +certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf) +mkdir -p "${certs_path}" + +echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 - +# Some distrobutions have an old cryptsetup, try without --pbkdf-memory +if [ $? -eq 0 ] +then + echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs - +else + echo -n "${passphrase}" | cryptsetup luksFormat /dev/ram0 - + echo -n "${passphrase}" | cryptsetup luksOpen /dev/ram0 certfs-ramfs - +fi + +mkfs.ext2 /dev/mapper/certfs-ramfs +mount /dev/mapper/certfs-ramfs "${certs_path}"