I need to use stunnel
to encrypt a service that by itself does not support any type of encryption. stunnel
needs to run on the frontend and on the backend server. Because stunnel
does not come with a systemd
service file I'm looking for ways how to achieve the following, each time the system boots or the service gets restarted:
- create a directory under /var/run/ and assign it nobody:nobody ownership ( i want to run it in a root jail)
later on I would use
pacemaker
andcorosync
to build a HA cluster, so the HA stack should track and manage on which cluster node to startstunnel
at any given timeI would need to write a
resource agent
used bypacemaker
to take action on the resource - in this casestunnel
My question is, what is the best way to handle it? Write my own service file for systemd? But what about the chroot directory that will contain the PID file for the servivce ? Do I need it then ?
I'd like to ask for some help to provide my some hints and ideas how to do it.
All help is more than appreciated!