From df586b4892c57ba7b14dc9400cc684d0ed0faff8 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 12 Jun 2022 22:13:29 +0200 Subject: Init S3/CryFS startup script Signed-off-by: Georg Pfuetzenreuter --- scripts/sh/init-s3-cryfs.sh | 96 +++++++++++++++++++++++++++++++++++++++++++++ systemd/init-s3.service | 13 ++++++ 2 files changed, 109 insertions(+) create mode 100755 scripts/sh/init-s3-cryfs.sh create mode 100644 systemd/init-s3.service diff --git a/scripts/sh/init-s3-cryfs.sh b/scripts/sh/init-s3-cryfs.sh new file mode 100755 index 0000000..63bdc30 --- /dev/null +++ b/scripts/sh/init-s3-cryfs.sh @@ -0,0 +1,96 @@ +#!/bin/sh +#Georg Pfuetzenreuter +#Not intended for general purpose use - designed to initialize a construct of bind -> CryFS -> S3 mounts + +basemount="/s3" +cryptmount="$basemount/container" +sysmount="/mnt/s3cry" +datamount="/data" +ingestmount="$datamount/ingest/s3" +clearingestmount="${ingestmount}_clear" + +mounts="/proc/mounts" + +check () { + grep -qs "$1" "$mounts" +} + +check_ingestmount () { + if check "$ingestmount" + then + echo "Already mounted." + exit 0 + fi +} + +stop_mounts () { + if check "$ingestmount " + then + echo "Unmounting $ingestmount ..." + umount "$ingestmount" + fi + if check "$clearingestmount " + then + echo "Unmounting $clearingestmount ..." + umount "$clearingestmount" + fi + if check "$sysmount" + then + echo "Unmounting $sysmount ..." + fusermount -u "$sysmount" + fi + if check "$basemount" + then + echo "Unmounting $basemount ..." + umount "$basemount" + fi +} + +start_mounts () { + check_ingestmount + if ! check "$basemount" + then + echo "Mounting $basemount ..." + s3fs lysergic "$basemount" -o url=https://s3.eu-central-2.wasabisys.com -o allow_other + if [ ! "$?" = "0" ] + then + echo "FATAL - s3fs failed" + exit 1 + fi + + #we don't want this, it's an unencrypted s3 mount, but helpful for testing + if ! check "$clearingestmount " + then + echo "Mounting $clearingestmount ..." + mount -o bind "$basemount/clear" "$clearingestmount" + fi + + if ! check "$sysmount" + then + echo "Mounting $sysmount ..." + cryfs "$cryptmount" "$sysmount" -- -o allow_other < /etc/.cry >/dev/null 2>&1 + if [ ! "$?" = "0" ] + then + echo "FATAL - cryfs failed" + exit 1 + fi + if ! check "$ingestmount " + then + echo "Mounting $ingestmount ..." + mount -o bind "$sysmount" "$ingestmount" + if [ ! "$?" = "0" ] + then + echo "FATAL - bind mount failed" + exit 1 + fi + fi + fi + fi +} + +case "$1" in + "start" ) start_mounts ;; + "stop" ) stop_mounts ;; + "status" ) check_ingestmount ;; + * ) echo "$0 [start|stop|status]" ;; +esac diff --git a/systemd/init-s3.service b/systemd/init-s3.service new file mode 100644 index 0000000..95df4db --- /dev/null +++ b/systemd/init-s3.service @@ -0,0 +1,13 @@ +[Unit] +Description=LYSERGIC S3 Initiator +After=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/init-s3.sh start +ExecStop=/usr/local/bin/init-s3.sh stop +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target + -- cgit v1.2.3