0dd4649f37
ecryptfs was dropped from RHEL/CentOS, use LUKS on a RAM-backed block device (brd) instead. Made the element name more generic Added systemctl enable call in postinstall (for systemd init), so that the service is correctly started and listed as wanted by amphora-agent Change-Id: Id8c7ff93ae244ef14480e22c85dc79355a902105 Closes-Bug: #1642982 Closes-Bug: #1662952
22 lines
779 B
Plaintext
22 lines
779 B
Plaintext
description "Creates an encrypted ramfs for Octavia certs"
|
|
|
|
start on started cloud-config
|
|
stop on runlevel [!2345]
|
|
|
|
pre-start script
|
|
modprobe brd
|
|
passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1)
|
|
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
|
|
mkdir -p "${certs_path}"
|
|
echo -n "${passphrase}" | cryptsetup luksFormat /dev/ram0 -
|
|
echo -n "${passphrase}" | cryptsetup luksOpen /dev/ram0 certfs-ramfs -
|
|
mkfs.ext2 /dev/mapper/certfs-ramfs
|
|
mount /dev/mapper/certfs-ramfs "${certs_path}"
|
|
end script
|
|
|
|
post-stop script
|
|
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
|
|
umount "${certs_path}"
|
|
cryptsetup luksClose /dev/mapper/certfs-ramfs
|
|
end script
|