CentOS/RHEL based amphorae: no ecryptfs-utils package for encrypted ramfs certs storage
Bug #1642982 reported by
Bernard Cafarelli
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
octavia |
Fix Released
|
High
|
Bernard Cafarelli |
Bug Description
Per https:/
So "Terminated HTTPS certs and keys in encrypted ramfs" will not work on these amphorae.
Changed in octavia: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in octavia: | |
assignee: | nobody → Bernard Cafarelli (bcafarel) |
status: | Triaged → In Progress |
Changed in octavia: | |
assignee: | Bernard Cafarelli (bcafarel) → Michael Johnson (johnsom) |
Changed in octavia: | |
assignee: | Michael Johnson (johnsom) → Bernard Cafarelli (bcafarel) |
To post a comment you must log in.
So ecryptfs was deprecated in RHEL 6, and completely removed in 7 (which means it is not available in CentOS either). Here are the possible fixes I thought about:
* extend the element to compile and install ecryptfs manually. This includes rebuilding the kernel module as it was also removed and requires a bunch of development packages
* use EncFs instead of ecryptfs. It is fuse-based alernative, so no kernel module required, but is a less popular solution in encryption from what I have seen
* use cryptsetup/LUKS with the same type of unified init scripts currently in for ecryptfs. Looks like the "standard" option for encryption (and was the recommended alternative after ecryptfs deprecation)
* use cryptsetup/LUKS with the system-specific mount options/init scripts. This is a bit cleaner but more distro-dependant
Personnally I am in favor of option 3, thoughts?