octavia/elements/cert-ramfs-ecrypt/init-scripts/upstart/cert-ramfs-ecrypt.conf

20 lines
871 B
Plaintext

description "Creates an encrypted ramfs for Octavia certs"
start on started cloud-config
stop on runlevel [!2345]
pre-start script
passphrase=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
token=$(echo $passphrase | ecryptfs-add-passphrase | awk -F'[][]' '{printf $2}')
certs_path=$(awk '/base_cert_dir / {printf $3}' /etc/octavia/amphora-agent.conf)
mkdir -p $certs_path
mount -t ramfs -o size=1m ramfs $certs_path
mount -t ecryptfs -o key=passphrase:passphrase_passwd=$passphrase,no_sig_cache=yes,verbose=no,ecryptfs_sig=$token,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no $certs_path $certs_path
end script
post-stop script
certs_path=$(awk '/base_cert_dir / {printf $3}' /etc/octavia/amphora-agent.conf)
umount $certs_path
umount $certs_path
end script