openstack
/
octavia
Code Issues Proposed changes
octavia/elements/certs-ramfs
History
Gregory Thiemonge c2ef7792fd Use LUKS1 for certfs-ramfs for all distributions 
This commit forces the use of LUKS1 in cryptsetup.

Centos uses LUKS2 by default in cryptsetup, ubuntu uses LUKS1.
Formating a LUKS2 block device is way longer than formating a LUKS1
device (15 sec vs 8 sec in my env) and LUKS2 doesn't provide any
significant features for octavia (it only improves recovery and
metadata).

The commit aslo limits the creation of more than 1 block ram device
(amphora doesn't need 16 ram devices), which reduces startup time.

Change-Id: I5cdc0a9ccc01548f195eed80f2ee2848a1a93e17
 		2020-01-17 10:38:45 +01:00
..
init-scripts Fix a potential race condition with certs-ramfs 2019-11-11 13:45:35 -08:00
post-install.d Use cryptsetup/LUKS for encrypted ramfs 2017-02-14 10:37:45 +00:00
static/usr/local/bin Use LUKS1 for certfs-ramfs for all distributions 2020-01-17 10:38:45 +01:00
README.rst Use cryptsetup/LUKS for encrypted ramfs 2017-02-14 10:37:45 +00:00
element-deps Fix cryptsetup --pbkdf-memory failures 2019-07-17 21:32:45 +00:00
package-installs.yaml Use cryptsetup/LUKS for encrypted ramfs 2017-02-14 10:37:45 +00:00
svc-map Use cryptsetup/LUKS for encrypted ramfs 2017-02-14 10:37:45 +00:00

README.rst

Element to setup an encrypted ramfs to store the TLS certificates and keys.

Enabling this element will mean that the amphora can no longer recover from a reboot.