20 lines
871 B
Plaintext
20 lines
871 B
Plaintext
description "Creates an encrypted ramfs for Octavia certs"
|
|
|
|
start on started cloud-config
|
|
stop on runlevel [!2345]
|
|
|
|
pre-start script
|
|
passphrase=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
|
token=$(echo $passphrase | ecryptfs-add-passphrase | awk -F'[][]' '{printf $2}')
|
|
certs_path=$(awk '/base_cert_dir / {printf $3}' /etc/octavia/amphora-agent.conf)
|
|
mkdir -p $certs_path
|
|
mount -t ramfs -o size=1m ramfs $certs_path
|
|
mount -t ecryptfs -o key=passphrase:passphrase_passwd=$passphrase,no_sig_cache=yes,verbose=no,ecryptfs_sig=$token,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no $certs_path $certs_path
|
|
end script
|
|
|
|
post-stop script
|
|
certs_path=$(awk '/base_cert_dir / {printf $3}' /etc/octavia/amphora-agent.conf)
|
|
umount $certs_path
|
|
umount $certs_path
|
|
end script
|