Created
August 12, 2014 20:19
-
-
Save j14159/dce718012e971b624236 to your computer and use it in GitHub Desktop.
Adapted a couple of encrypted ephemeral disk examples for simple temp storage on mesos-worker nodes (e.g. with Spark)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # WARNING: This will wipe and encrypt the device given. For Mesos workers, | |
| # this is run on EVERY BOOT so you will constantly lose existing data. | |
| # | |
| # I have based this script on the following links: | |
| # https://github.com/matthew-lucidchart/aws-ephemeral-mounts/blob/master/boot_luks.sh | |
| # http://nineofclouds.blogspot.ca/2013/10/how-to-use-lvm-and-luks-with-ebs-volumes.html | |
| # | |
| # This is intended to be put on a host by Ansible. The Ansible variable "ephemeral_dev" must | |
| # be populated, e.g. "xvdb". | |
| KEYDIR=/var/cache/ephemeral-mount | |
| MAPPED_DEV=/dev/mapper/ephemeral | |
| /bin/mkdir -p "$KEYDIR" | |
| /bin/chmod 700 "$KEYDIR" | |
| # Make key: | |
| /bin/dd if=/dev/urandom of="$KEYDIR/ephemeral.key" bs=4k count=1 | |
| # encrypt the device: | |
| /sbin/cryptsetup luksFormat --batch-mode --key-file "$KEYDIR/ephemeral.key" --cipher aes-cbc-essiv:sha256 --hash ripemd160 --key-size 256 "/dev/{{ ephemeral_dev }}" | |
| # make the encrypted volume available | |
| /sbin/cryptsetup luksOpen --key-file "$KEYDIR/ephemeral.key" "/dev/{{ ephemeral_dev }}" ephemeral | |
| # kill the key, live dangerously: | |
| /usr/bin/shred -u "$KEYDIR/ephemeral.key" | |
| /sbin/mkfs.ext3 $MAPPED_DEV | |
| mount $MAPPED_DEV /mnt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment