4 Commits

Author SHA1 Message Date
Michael Johnson
2bb2f918ee Fix cryptsetup --pbkdf-memory failures
A recent patch[1] added --pbkdf-memory to the cryptsetup command line
to limit the memory cryptsetup is using. However, some distros use
an older version of cryptsetup that does not need this setting.
This patch adds logic to detect this and run the commands without
--pbkdf-memory.

[1] https://review.opendev.org/663784

Change-Id: I9e0debcbfe6ceeff0012c827d70d80d938b5a2fb
Story: 2006066
Task: 34782
2019-07-17 21:32:45 +00:00
Michael Johnson
4007d56b3e Limit cryptsetup key RAM usage
This patch limits cryptsetup to 256MB of RAM during the amphora
startup. Recent distros have changed to LUKS2 with Argon2
key derivation which defaults to using up to 1GB of RAM.
Typically our amphora are built with only 1GB of RAM for the whole
system.

Change-Id: I018e36f69a9c0b48a6651a01cc9a64abfc04d4de
Story: 2005837
Task: 33606
2019-06-06 15:10:36 -07:00
Bernard Cafarelli
bb1c16b165
Fix invalid escape sequence in certs-ramfs.service
awk variable needs doubled '$' and '\' characters to be properly escaped
(and working properly)

Change-Id: I7703ad64e03c7afe52e49194e3bbed9f228b5760
Closes-Bug: #1689412
2017-07-18 15:53:59 +02:00
Bernard Cafarelli
0dd4649f37 Use cryptsetup/LUKS for encrypted ramfs
ecryptfs was dropped from RHEL/CentOS, use LUKS on a RAM-backed block
device (brd) instead.

Made the element name more generic

Added systemctl enable call in postinstall (for systemd init), so that
the service is correctly started and listed as wanted by amphora-agent

Change-Id: Id8c7ff93ae244ef14480e22c85dc79355a902105
Closes-Bug: #1642982
Closes-Bug: #1662952
2017-02-14 10:37:45 +00:00