-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathstart-encfs-mongo-endpoint
executable file
·36 lines (36 loc) · 1.58 KB
/
start-encfs-mongo-endpoint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/bash
# It is assumed that the mongodb has been moved to an encrypted filesystem.
# To do that, first quit monitoring query-gateway, stop monit,
# then gateway software and mongodb:
# $ sudo monit unmonitor query-gateway
# $ sudo /etc/init.d/monit stop
# $ sudo /home/scoopadmin/bin/stop-endpoint.sh
# $ sudo service mongodb stop
# Next move mongodb to encrypted filesystem
# $ sudo encfs --public /.encrypted /encrypted
# (Answer questions and set passphrase)
# $ sudo rsync -av /var/lib/mongodb /encrypted/mongodb
# The files appear unencrypted in /encrypted/mongodb after a passphrase has
# been entered. Otherwise, /encrypted/mongodb is empty.
# The encrypted filesystem can be unmounted using:
# $ fusermount -u /encrypted
#
# IMPORTANT: The file /etc/mongodb.conf must be modified so that the
# database looks for the database files in /encrypted/mongodb rather than
# /var/lib/mongodb. Modify dbpath accordingly.
#
# Restart monit (query-gateway will be unmonitored initially)
# $ sudo /etc/init.d/monit start
#
# The query-gateway logs, which might have sensitive information, can
# also be kept in the /encrypted filesystem:
# $ cd ~/endpoint/query-gateway
# $ sudo mv log /encrypted/mongodb/endpoint-log
# $ ln -s /encrypted/mongodb/endpoint-log ./log
#
sudo /usr/bin/encfs --public /.encrypted /encrypted && sudo initctl start mongodb && sudo monit start query-gateway
#
# Before shutdown query-gateway needs to be set unmonitored
# This can be done by adding the following line to the stop section of
# /etc/init.d/monit:
# $ /usr/bin/monit unmonitor query-gateway