Commit b8633381 authored by Thomas Goirand's avatar Thomas Goirand

Fixes Amphora's cert ramfs.

parent 49ddb86d
......@@ -2,6 +2,7 @@ octavia (4.0.0-2) UNRELEASED; urgency=medium
* Fix octavia-agent binary in init/service file.
* Add Fix-osutils.py-to-detect-Debian.patch.
* Fixes Amphora's cert ramfs.
-- Thomas Goirand <zigo@debian.org> Tue, 30 Apr 2019 12:09:24 +0200
......
......@@ -16,6 +16,7 @@ Build-Depends:
python3-sphinx <!nodoc>,
Build-Depends-Indep:
alembic,
python-yaml,
python3-babel,
python3-bandit,
python3-barbicanclient,
......@@ -89,7 +90,6 @@ Build-Depends-Indep:
python3-testtools,
python3-webob,
python3-wsme,
python-yaml,
Standards-Version: 4.3.0
Vcs-Browser: https://salsa.debian.org/openstack-team/services/octavia
Vcs-Git: https://salsa.debian.org/openstack-team/services/octavia.git
......@@ -282,6 +282,7 @@ Section: python
Architecture: all
Depends:
alembic,
python-yaml,
python3-babel,
python3-barbicanclient,
python3-castellan,
......@@ -328,7 +329,6 @@ Depends:
python3-tenacity,
python3-webob,
python3-wsme,
python-yaml,
${misc:Depends},
${python3:Depends},
Description: OpenStack Load Balancer as a Service - Python libraries
......
#!/bin/sh
set -e
modprobe brd rd_size=1024000 max_part=2 rd_nr=1
passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1)
certs_path=$(grep base_cert_dir /etc/octavia/amphora-agent.conf | awk '{print $3}')
mkdir -p "${certs_path}"
echo -n "${passphrase}" | cryptsetup luksFormat /dev/ram0 -
echo -n "${passphrase}" | cryptsetup luksOpen /dev/ram0 certfs-ramfs -
mkfs.ext2 /dev/mapper/certfs-ramfs
mount /dev/mapper/certfs-ramfs "${certs_path}"
#!/bin/sh
set -e
certs_path=$(grep base_cert_dir /etc/octavia/amphora-agent.conf | awk '{printf $3}')
umount "${certs_path}"
cryptsetup luksClose /dev/mapper/certfs-ramfs
debian/octavia-agent-ramfs-start /sbin
debian/octavia-agent-ramfs-stop /sbin
......@@ -4,10 +4,10 @@ After=cloud-config.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'modprobe brd; passphrase=$$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1); certs_path=$$(awk "/base_cert_dir / {printf \\$$3}" /etc/octavia/amphora-agent.conf); mkdir -p "$${certs_path}"; echo -n "$${passphrase}" | cryptsetup luksFormat /dev/ram0 -; echo -n "$${passphrase}" | cryptsetup luksOpen /dev/ram0 certfs-ramfs -; mkfs.ext2 /dev/mapper/certfs-ramfs; mount /dev/mapper/certfs-ramfs "$${certs_path}"'
ExecStop=/bin/sh -c 'certs_path=$$(awk "/base_cert_dir / {printf \\$$3}" /etc/octavia/amphora-agent.conf); umount "$${certs_path}"; cryptsetup luksClose /dev/mapper/certfs-ramfs;'
ExecStart=/sbin/octavia-agent-ramfs-start
ExecStop=/sbin/octavia-agent-ramfs-stop
RemainAfterExit=yes
TimeoutSec=0
[Install]
WantedBy=amphora-agent.service
WantedBy=octavia-agent.service
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment