46 lines
1.6 KiB
Plaintext
46 lines
1.6 KiB
Plaintext
### BEGIN INIT INFO
|
|
# Provides: cert-ramfs-ecrypt
|
|
# Required-Start: $remote_fs $syslog $network cloud-config
|
|
# Required-Stop: $remote_fs $syslog $network
|
|
# Default-Start: 2 3 4 5
|
|
# Default-Stop: 0 1 6
|
|
# Short-Description: Creates an encrypted ramfs for Octavia certs
|
|
# Description: Creates an encrypted ramfs for Octavia TLS
|
|
# certificates and key storage.
|
|
### END INIT INFO
|
|
|
|
# Using the lsb functions to perform the operations.
|
|
. /lib/lsb/init-functions
|
|
# Process name ( For display )
|
|
NAME=cert-ramfs-ecrypt
|
|
|
|
case $1 in
|
|
start)
|
|
log_daemon_msg "Starting the process" "$NAME"
|
|
passphrase=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
|
token=$(echo $passphrase | ecryptfs-add-passphrase | awk -F'[][]' '{printf $2}')
|
|
|
|
certs_path=$(awk '/base_cert_dir / {printf $3}' /etc/octavia/amphora-agent.conf)
|
|
mkdir -p $certs_path
|
|
mount -t ramfs -o size=1m ramfs $certs_path
|
|
mount -t ecryptfs -o key=passphrase:passphrase_passwd=$passphrase,no_sig_cache=yes,verbose=no,ecryptfs_sig=$token,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no $certs_path $certs_path
|
|
log_end_msg 0
|
|
;;
|
|
stop)
|
|
log_daemon_msg "Stopping the process" "$NAME"
|
|
certs_path=$(awk '/base_cert_dir / {printf $3}' /etc/octavia/amphora-agent.conf)
|
|
umount $certs_path
|
|
umount $certs_path
|
|
log_end_msg 0
|
|
;;
|
|
restart)
|
|
# Restart the daemon.
|
|
$0 stop && sleep 2 && $0 start
|
|
;;
|
|
*)
|
|
# For invalid arguments, print the usage message.
|
|
echo "Usage: $0 {start|stop|restart|reload|status}"
|
|
exit 2
|
|
;;
|
|
esac
|