octavia/elements/cert-ramfs-ecrypt/init-scripts/systemd/cert-ramfs-ecrypt.service

16 lines
961 B
Desktop File

[unit]
Description=Creates an encrypted ramfs for Octavia certs
After=cloud-config.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'passphrase=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1);token=$(echo $passphrase | ecryptfs-add-passphrase | awk -F'[][]' '{printf $2}');certs_path=$$(awk '/base_cert_dir / {printf $$3}' /etc/octavia/amphora-agent.conf);mkdir -p $$certs_path;mount -t ramfs -o size=1m ramfs $$certs_path;mount -t ecryptfs -o key=passphrase:passphrase_passwd=$passphrase,no_sig_cache=yes,verbose=no,ecryptfs_sig=$token,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no $certs_path $certs_path'
ExecStop=/bin/sh -c 'certs_path=$$(awk '/base_cert_dir / {printf $$3}' /etc/octavia/amphora-agent.conf);umount $$certs_path;umount $$certs_path'
RemainAfterExit=yes
TimeoutSec=0
[Install]
# TODO(johnsom) Fix when amphora-agent has a systemd script
WantedBy=multi-user.target