22 lines
779 B
Plaintext
22 lines
779 B
Plaintext
description "Creates an encrypted ramfs for Octavia certs"
|
|
|
|
start on started cloud-config
|
|
stop on runlevel [!2345]
|
|
|
|
pre-start script
|
|
modprobe brd
|
|
passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1)
|
|
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
|
|
mkdir -p "${certs_path}"
|
|
echo -n "${passphrase}" | cryptsetup luksFormat /dev/ram0 -
|
|
echo -n "${passphrase}" | cryptsetup luksOpen /dev/ram0 certfs-ramfs -
|
|
mkfs.ext2 /dev/mapper/certfs-ramfs
|
|
mount /dev/mapper/certfs-ramfs "${certs_path}"
|
|
end script
|
|
|
|
post-stop script
|
|
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
|
|
umount "${certs_path}"
|
|
cryptsetup luksClose /dev/mapper/certfs-ramfs
|
|
end script
|