c2ef7792fd
This commit forces the use of LUKS1 in cryptsetup. Centos uses LUKS2 by default in cryptsetup, ubuntu uses LUKS1. Formating a LUKS2 block device is way longer than formating a LUKS1 device (15 sec vs 8 sec in my env) and LUKS2 doesn't provide any significant features for octavia (it only improves recovery and metadata). The commit aslo limits the creation of more than 1 block ram device (amphora doesn't need 16 ram devices), which reduces startup time. Change-Id: I5cdc0a9ccc01548f195eed80f2ee2848a1a93e17
17 lines
537 B
Bash
Executable File
17 lines
537 B
Bash
Executable File
#!/bin/bash
|
|
|
|
cryptsetup_args="--type=luks1"
|
|
|
|
# Only 1 block ram device is needed
|
|
modprobe brd rd_nr=1
|
|
|
|
passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1)
|
|
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
|
|
mkdir -p "${certs_path}"
|
|
|
|
echo -n "${passphrase}" | cryptsetup $cryptsetup_args luksFormat /dev/ram0 -
|
|
echo -n "${passphrase}" | cryptsetup $cryptsetup_args luksOpen /dev/ram0 certfs-ramfs -
|
|
|
|
mkfs.ext2 /dev/mapper/certfs-ramfs
|
|
mount /dev/mapper/certfs-ramfs "${certs_path}"
|