Encrypt the Postgresql data dir on the replica (centaurus)
encfs always runs a configuration assistant when creating a new volume, so this needs to be done manually: systemctl stop postgresql@12-main mv /var/lib/postgresql /var/lib/postgresql.old encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public Pick p (paranoia mode) and enter the password from the data bag twice mv /var/lib/postgresql/* /var/lib/postgresql/ systemctl start postgresql@12-main This is running on centaurus and is mounted automatically on boot by a system unit Refs #129
This commit is contained in:
Greg Karékinian
10
site-cookbooks/kosmos-postgresql/files/encfs.service
Normal file
10
site-cookbooks/kosmos-postgresql/files/encfs.service
Normal file
@@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=EncFS for PostgreSQL data dir
|
||||
Before=postgresql@12-main.service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/local/bin/mount_pg_encfs
|
||||
ExecStop=/bin/umount /var/lib/postgresql
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user