I forgot to say that the devices on crypttab are also configured with `noauto`, that's why I was adding the dependences manually.
The strange behavior for me is that, if I do not put the `x-systemd.automount` everything works fine: the devices are not decrypted until I try to mount the final filesystem. But when I add the automount feature, the devices get automatically decrypted at boot, because the dependencies are moved from the .mount to the .automount.
This can be solved manually with custom units, but I would like to know if there is an explanation for this behavior.
Thanks.
El vie., 30 ago. 2019 12:05, Michael Chapman <mike@xxxxxxxxxxxxxxxxx> escribió:
On Fri, 30 Aug 2019, Daniel Otero Oubiña wrote:
> Hi all!
>
> I have found a somehow strange systemd "feature" that I'm not sure if it's
> a bug. Let me know if you prefer having this reported on GitHub instead.
>
> First, let me explain my setup: I have a data filesystem that is split in
> two encrypted partitions (with LUKS) formated as a single btrfs raid1
> filesystem.
> I manage to make everything work just modifying fstab and crypttab.
>
> The problem arises when I try to make the data partition mounted on demand
> (`x-systemd.automount`). That's because it makes my "decrypted partitions"
> dependences (declared with `systemd.requires=systemd-cryptsetup@xxx.service`)
> move from the .mount autogenerated unit to the .automount one. This causes
> the partitions to be decrypted even if the data filesystem is never used,
> because the .automount unit is activated on boot. Is there a reasoning for
> this behavior or I'm missing something?
>
> Here is a link with the autogenerated units with and without the automount
> option:
> https://pastebin.com/RkdHFt59
First, I don't think you should specify
x-systemd.requires=systemd-cryptsetup@xxx.service explicitly.
systemd's cryptsetup-generator ensures that cryptsetup.target has
Wants=systemd-cryptsetup@xxx.service, and systemd-cryptsetup@xxx.service
has BindsTo=dev-yyy.device according to the contents of your crypttab
file.
The end result is cryptsetup should be performed when the device is
detected, not necessarily when any filesystem on it is mounted. That is
the behaviour you're seeing already, but without any need for explicit
dependencies.
As for whether this behaviour is intended, I would say it is. An encrypted
block device might be used for something other than a mountable
filesystem. You might have LVM on it, for instance.
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
