0

I have LUKS encrypted drives and ZFS on top of that. I unlock the drives on boot using a script. I made a systemd service for that, but the script take some time and the zfs-import-cache.service starts before my script finished.

  • zfs-import-cache.service Journalctl
# journalctl -e -u cryptdisks-unlock.service -u zfs-import-cache.service
Sep 25 15:53:45 server systemd[1]: Starting Unlock LUKS drives...
Sep 25 15:53:45 server boot[1216]: Decrypting evo850m21-crypt ...
Sep 25 15:53:47 server systemd[1]: Starting Import ZFS pools by cache file...
Sep 25 15:53:47 server boot[1216]: Device evo850m21-crypt decrypted.
Sep 25 15:53:47 server boot[1216]: Decrypting evo850m22-crypt ...
Sep 25 15:53:49 server boot[1216]: Device evo850m22-crypt decrypted.
Sep 25 15:53:49 server boot[1216]: Decrypting st30001-crypt ...
Sep 25 15:53:50 server zpool[1390]: cannot import 'data': no such pool or dataset
Sep 25 15:53:51 server zpool[1390]:         Destroy and re-create the pool from
Sep 25 15:53:51 server zpool[1390]:         a backup source.
Sep 25 15:53:51 server systemd[1]: zfs-import-cache.service: Main process exited, code=exited, status=1/FAILURE
Sep 25 15:53:51 server systemd[1]: zfs-import-cache.service: Failed with result 'exit-code'.
Sep 25 15:53:51 server systemd[1]: Failed to start Import ZFS pools by cache file.
Sep 25 15:53:52 server boot[1216]: Device st30001-crypt decrypted.
Sep 25 15:53:52 server boot[1216]: Decrypting st30002-crypt ...
Sep 25 15:53:54 server boot[1216]: Device st30002-crypt decrypted.
Sep 25 15:53:54 server systemd[1]: cryptdisks-unlock.service: Succeeded.
Sep 25 15:53:54 server systemd[1]: Finished Unlock LUKS drives.

cryptdisks-unlock.service

[Unit]
Description=Unlock LUKS drives
Before=zfs-import.target

[Service]
Type=oneshot
ExecStart=/usr/local/cryptdisks-tools/boot

[Install]
WantedBy=zfs-import-cache.service
Laurent
  • 406
  • 1
  • 4
  • 14
  • What Linux distribution is this? And why did you write a custom systemd unit to unlock your disks? – Michael Hampton Sep 25 '20 at 07:30
  • Ubuntu and because the script gets the key the way I want it to on boot. Also crypttab completely prevents the system from booting if any issue (disk missing because it failed for example) – Laurent Sep 25 '20 at 07:35
  • Should it be `Before=zfs-import-cache.target`, it appears that is the service that runs in parallel with but probably shouldn't? – Håkan Lindqvist Sep 25 '20 at 07:56
  • @HåkanLindqvist well it is the first thing I tried, I tried many, many things that all seem logical to me – Laurent Sep 25 '20 at 08:07
  • @Laurent How does it behave if you add that? (Whether it works or not, I would expect it to be different than this parallel unlocking and importing thing that just doesn't look right) – Håkan Lindqvist Sep 25 '20 at 08:15
  • It works with `Before=zfs-import-cache.service` but together with `WantedBy=cryptsetup.target zfs.target` – Laurent Sep 25 '20 at 23:06

1 Answers1

0

Here is how I solved it:

[Unit]
Description=Unlock LUKS drives
Before=zfs-import-cache.service
DefaultDependencies=no

[Service]
Type=oneshot
ExecStart=/usr/local/cryptdisks-tools/boot

[Install]
WantedBy=cryptsetup.target zfs.target
Laurent
  • 406
  • 1
  • 4
  • 14