Hello,
I have a LUKS drive (called "locker-1"), which is necessary to be
properly mounted before ZFS can import my pool on boot. I believe
systemd needs to be explicitly configured to mount dm-crypt devices
before doing anything ZFS-related, but I'm relatively new to working
with systemd so I'm stuck on the implementation. I believe the following
is revelant configuration information:
~ $ systemctl list-units | grep "crypt\|zfs"
systemd-cryptsetup@locker\x2d1.service loaded active exited ...
zfs-import-cache.service loaded active exited ...
zfs-mount.service loaded active exited ...
zfs-share.service loaded active exited ...
system-systemd\x2dcryptsetup.slice loaded active active ...
cryptsetup.target loaded active active ...
zfs.target loaded active active ...
~ $ find /usr/lib/systemd/ -name *crypt*
/usr/lib/systemd/system-generators/systemd-cryptsetup-generator
/usr/lib/systemd/systemd-cryptsetup
/usr/lib/systemd/system/cryptsetup.target
/usr/lib/systemd/system/sysinit.target.wants/cryptsetup.target
~ $ find /usr/lib/systemd/ -name *zfs*
/usr/lib/systemd/system-preset/50-zfs.preset
/usr/lib/systemd/system/zfs.target
/usr/lib/systemd/system/zfs-share.service
/usr/lib/systemd/system/zfs-import-cache.service
/usr/lib/systemd/system/zfs-import-scan.service
/usr/lib/systemd/system/zfs-mount.service
Based on my limited understanding of systemd dependency resolution
from [1], I created a custom file to force ZFS to depend on my LUKS device:
~ $ cat /etc/systemd/system/zfs-import-cache.service.d/luks.conf
[Unit]
Requires=systemd-cryptsetup@locker\x2d1.service
After=systemd-cryptsetup@locker\x2d1.service
I rebooted and no joy, though `systemd-delta` does see the override:
~ $ systemd-delta
[EXTENDED] /run/systemd/system/session-c2.scope →
/run/systemd/system/session-c2.scope.d/90-SendSIGHUP.conf
[EXTENDED] /run/systemd/system/session-c2.scope →
/run/systemd/system/session-c2.scope.d/90-After-systemd-user-sessions\x2eservic
[EXTENDED] /run/systemd/system/session-c2.scope →
/run/systemd/system/session-c2.scope.d/90-After-systemd-logind\x2eservice.conf
[EXTENDED] /run/systemd/system/session-c2.scope →
/run/systemd/system/session-c2.scope.d/90-Description.conf
[EXTENDED] /run/systemd/system/session-c2.scope →
/run/systemd/system/session-c2.scope.d/90-Slice.conf
[EXTENDED] /usr/lib/systemd/system/zfs-import-cache.service →
/etc/systemd/system/zfs-import-cache.service.d/luks.conf
Looking back, I notice that ZFS has definitions for both importing via
cache or scan, so I duplicated this override for
`zfs-import-scan.service` and get the same result.
Oddly (to me), the boot log shows ZFS inner workings, but nothing
about dm-crypt:
~ $ journalctl -b | grep 'zed\['
Jul 09 05:20:03 vigilance.thetonk.net zed[720]: ZFS Event Daemon 0.6.3-1
Jul 09 05:20:03 vigilance.thetonk.net zed[720]: Processing events
since eid=0
Jul 09 05:20:03 vigilance.thetonk.net zed[720]: Invoking
"all-syslog.sh" eid=1 pid=726
Jul 09 05:20:03 vigilance.thetonk.net zed[727]: eid=1 class=statechange
Jul 09 05:20:03 vigilance.thetonk.net zed[720]: Finished
"all-syslog.sh" eid=1 pid=726 exit=0
Jul 09 05:20:03 vigilance.thetonk.net zed[720]: Invoking
"all-syslog.sh" eid=2 pid=729
...
~ $ journalctl -b | grep 'crypt'
~ $
Any advice would be greatly appreciated. For what it's worth, this is
just the first drive of six (I'm in the process of encrypting my RAID-Z2
pool in-place) so the DRYest-configuration solution is optimal but at
this point I'll take what I can get.
[1]:
https://wiki.archlinux.org/index.php/Systemd#Editing_provided_unit_files
Cheers,
-Chris
PS: The only thing that sticks out at me visually at this point is that
"\x2d" in places; is the inclusion of a hyphen in my LUKS device name
causing problems? It seems like systemd sometimes? does magic with
hyphens and paths, which is why I assume it's being encoded but I figure
I would ask.
--
Chris Tonkinson
610.425.7807
"Lead, follow, or get out of the way."
-Thomas Paine
Attachment:
signature.asc
Description: OpenPGP digital signature
