I need to use stunnel to encrypt a service that by itself does not support any type of encryption. stunnel needs to run on the frontend and on the backend server. Because stunnel does not come with a systemd service file I'm looking for ways how to achieve the following, each time the system boots or the service gets restarted:
- create a directory under /var/run/ and assign it nobody:nobody ownership ( i want to run it in a root jail)
later on I would use
pacemakerandcorosyncto build a HA cluster, so the HA stack should track and manage on which cluster node to startstunnelat any given timeI would need to write a
resource agentused bypacemakerto take action on the resource - in this casestunnel
My question is, what is the best way to handle it? Write my own service file for systemd? But what about the chroot directory that will contain the PID file for the servivce ? Do I need it then ?
I'd like to ask for some help to provide my some hints and ideas how to do it.
All help is more than appreciated!
