0

I have LUKS encrypted drives and ZFS on top of that. I unlock the drives on boot using a script. I made a systemd service for that, but the script take some time and the zfs-import-cache.service starts before my script finished.

  • zfs-import-cache.service Journalctl
# journalctl -e -u cryptdisks-unlock.service -u zfs-import-cache.service Sep 25 15:53:45 server systemd[1]: Starting Unlock LUKS drives... Sep 25 15:53:45 server boot[1216]: Decrypting evo850m21-crypt ... Sep 25 15:53:47 server systemd[1]: Starting Import ZFS pools by cache file... Sep 25 15:53:47 server boot[1216]: Device evo850m21-crypt decrypted. Sep 25 15:53:47 server boot[1216]: Decrypting evo850m22-crypt ... Sep 25 15:53:49 server boot[1216]: Device evo850m22-crypt decrypted. Sep 25 15:53:49 server boot[1216]: Decrypting st30001-crypt ... Sep 25 15:53:50 server zpool[1390]: cannot import 'data': no such pool or dataset Sep 25 15:53:51 server zpool[1390]: Destroy and re-create the pool from Sep 25 15:53:51 server zpool[1390]: a backup source. Sep 25 15:53:51 server systemd[1]: zfs-import-cache.service: Main process exited, code=exited, status=1/FAILURE Sep 25 15:53:51 server systemd[1]: zfs-import-cache.service: Failed with result 'exit-code'. Sep 25 15:53:51 server systemd[1]: Failed to start Import ZFS pools by cache file. Sep 25 15:53:52 server boot[1216]: Device st30001-crypt decrypted. Sep 25 15:53:52 server boot[1216]: Decrypting st30002-crypt ... Sep 25 15:53:54 server boot[1216]: Device st30002-crypt decrypted. Sep 25 15:53:54 server systemd[1]: cryptdisks-unlock.service: Succeeded. Sep 25 15:53:54 server systemd[1]: Finished Unlock LUKS drives.

cryptdisks-unlock.service

[Unit] Description=Unlock LUKS drives Before=zfs-import.target [Service] Type=oneshot ExecStart=/usr/local/cryptdisks-tools/boot [Install] WantedBy=zfs-import-cache.service
Improve this question
6
  • What Linux distribution is this? And why did you write a custom systemd unit to unlock your disks? Commented Sep 25, 2020 at 7:30
  • Ubuntu and because the script gets the key the way I want it to on boot. Also crypttab completely prevents the system from booting if any issue (disk missing because it failed for example) Commented Sep 25, 2020 at 7:35
  • Should it be Before=zfs-import-cache.target, it appears that is the service that runs in parallel with but probably shouldn't? Commented Sep 25, 2020 at 7:56
  • @HåkanLindqvist well it is the first thing I tried, I tried many, many things that all seem logical to me Commented Sep 25, 2020 at 8:07
  • @Laurent How does it behave if you add that? (Whether it works or not, I would expect it to be different than this parallel unlocking and importing thing that just doesn't look right) Commented Sep 25, 2020 at 8:15

1 Answer 1

Reset to default
0

Here is how I solved it:

[Unit] Description=Unlock LUKS drives Before=zfs-import-cache.service DefaultDependencies=no [Service] Type=oneshot ExecStart=/usr/local/cryptdisks-tools/boot [Install] WantedBy=cryptsetup.target zfs.target
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.