chef/mount_pg_encfs.erb at eded62a3ec9198e2550305ddea6d8fe7ad7961fc - chef - Gitea

kosmos/chef

Greg Karékinian 55b1cbc1d7 Encrypt the Postgresql data dir on the replica (centaurus)

encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:

   systemctl stop postgresql@12-main
   mv /var/lib/postgresql /var/lib/postgresql.old
   encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice

   mv /var/lib/postgresql/* /var/lib/postgresql/
   systemctl start postgresql@12-main

This is running on centaurus and is mounted automatically on boot by a
system unit

Refs #129

2020-05-15 18:41:31 +02:00

4 lines

110 B

Plaintext

Raw Blame History

	`#!/bin/sh`

	`/bin/echo "<%= @password %>" \| encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public -S`