ZFS on Linux: Which mountpoint option when mounting manually per script?

Question

I want to create a zpool with ZFS on Linux (7.13) on Debian Buster. The problem is that the pool will be created based on LUKS encrypted drives (not root, only external). These drives are decrypted and loaded during boot by a script which i created since they are pulling a key file from an external source.

To avoid any issues with timing where the system wants to mount the zpool before the drives are decrypted and loaded I would like to mount the pool also manually as part of the script.

Now I ask myself which option I should choose for the mountpoint at creating the pool: none or legacy

The man page does not really help what the real difference is:

If a file system's mount point is set to legacy ZFS makes no attempt to manage the file system, and the administrator is responsible for mounting and unmounting the file system. Because pools must be imported before a legacy mount can succeed, administrators should ensure that legacy mounts are only attempted after the zpool import process finishes at boot time. For example, on machines using systemd, the mount option

Does anybody know the real differences and how to achieve a manual mounting later by script the best way?

score 4 · Answer 1 · answered Aug 05 '19 at 15:53

4

I use zfs on luks with portable drive. I have never had problems with the standard mount points. Mounting doesn’t happen until after the pool is imported, and that won’t happen until after the luks volume is unlocked. So I think you may be over thinking this.

Anyway, if you really want to, go with legacy for manual mounting.

answered Aug 05 '19 at 15:53

Zoredache

130,897
41
276
420

Mh, I tried, but now `zpool status` gives `no pools available` after reboot and syslog shows `cannot import 'pool01': no such pool or dataset` – MelBourbon Aug 05 '19 at 18:54
So it's like I expected. At the time ZFS is importing the pools at system boot the LUKS drive is not ready and syslog is showing a error message. I need to manually import the pool with `zpool import poolname` a little bit after decrypting and loading of the drives to get it working. – MelBourbon Aug 05 '19 at 20:04
Not sure what to tell use. I have been using zfs on luks for external drives for archives for a while. I even have my notes handy with tall the commands I use mounting, closing, formatting/etc. It all pretty much 'just works'. Notes: https://gist.github.com/zoredache/31958af23baa090ac662546047b9db08 – Zoredache Aug 05 '19 at 21:28
You are using a key file and auto unlocking with native tools while they are using a manual script that runs after boot, so that’s why the poster is having those issues. – oemb1905 Oct 29 '21 at 20:18

Michael Hampton · Accepted Answer · 2019-08-05T19:33:32.203

4

I've been using ZFS pools on LUKS encrypted volumes for the better part of a decade. It works fine.

There is no reason to mount the pool manually to attempt to defeat nonexistent timing problems. Just create your pool normally and enjoy.

To avoid any problems in the future, when creating and managing the pool, use the names beginning with luks- in the /dev/mapper directory to refer to the devices. For example, the devices:

lrwxrwxrwx. 1 root root 10 Jul 26 22:22 luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WCC1P1046856 -> ../../dm-5
lrwxrwxrwx. 1 root root 10 Jul 26 22:22 luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WCC1P1145175 -> ../../dm-4
lrwxrwxrwx. 1 root root 10 Jul 26 22:22 luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WCC1P1165144 -> ../../dm-2
lrwxrwxrwx. 1 root root 10 Jul 26 22:22 luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WMC1P0DHH53R -> ../../dm-3

correspond to:

  pool: srv
 state: ONLINE
  scan: scrub repaired 0B in 0h42m with 0 errors on Tue Jul 30 14:42:04 2019
config:

        NAME                                                 STATE     READ WRITE CKSUM
        srv                                                  ONLINE       0     0     0
          mirror-0                                           ONLINE       0     0     0
            luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WCC1P1046856  ONLINE       0     0     0
            luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WCC1P1145175  ONLINE       0     0     0
          mirror-1                                           ONLINE       0     0     0
            luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WCC1P1165144  ONLINE       0     0     0
            luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WMC1P0DHH53R  ONLINE       0     0     0

This pool is created with:

zpool create -o ashift=12 srv \
    mirror \
        luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WCC1P1046856 \
        luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WCC1P1145175 \
    mirror \
        luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WCC1P1165144 \
        luks-ata-WDC_WD2000FYYZ-01UL1B1_WD-WMC1P0DHH53R

edited Aug 05 '19 at 19:33

answered Aug 05 '19 at 19:22

Michael Hampton

244,070
43
506
972

But my LUKS encrypted volumes will be decrypted by a manual script with a delay and not by the normal system boot sequence. Does your use case also cover this. Because so far it does not work for me. – MelBourbon Aug 05 '19 at 19:41
2

@MelBourbon In that case you should `zpool import` the pool in your manual script also. – Michael Hampton Aug 05 '19 at 19:44
Thanks, yes this was helping. The only issue I know face is that there is a short delay between the luks decrypting and the time where `zpool import` works. If I do it directly afterwards the system tells me that the pool is not existing. I need now to figure out how much delay. – MelBourbon Aug 05 '19 at 20:06
@MelBourbon That's very strange. I have never seen such a delay. Exactly what is your script doing? – Michael Hampton Aug 05 '19 at 20:17
The script does not much, it only pulls a keyfile per SSH and then opens the drive with `sudo cryptsetup luksOpen /dev/disk/by-uuid/ sdc_crypt --key-file /path/to/keyfile`. Afterwards I added a line to import `sudo zpool import pool` – MelBourbon Aug 05 '19 at 20:31
1

@MelBourbon Very strange, you shouldn't need any delay there. As soon as cryptsetup returns, the device should be ready to use. Your Ubuntu system might have something else wrong. – Michael Hampton Aug 05 '19 at 21:17
Yes, I now added `/sbin/modprobe zfs` to my script and it's working. Seems that I have some issues with zfs at boot. But this workaround seems to work. So I have time to figure it out. By the way I use debian buster. – MelBourbon Aug 05 '19 at 21:20
@MelBourbon Eh? Your post said Ubuntu 18.04? Either way the point is the same though. – Michael Hampton Aug 05 '19 at 21:34
Oh, yes you are right. I corrected it. – MelBourbon Aug 06 '19 at 07:52

score 2 · Answer 3 · answered Aug 06 '19 at 07:55

2

You don't need to use none or legacy as mountpoint even if there is some delay with the LUKS drives and if you decrypt these by a script as long as you add zpool import <poolname> after the loading of the drives. Because at the time ZFS wants to import the pools they may be not available which can be seen by a message in syslog

answered Aug 06 '19 at 07:55

MelBourbon

73
5

In my case, I just want top stop zfs-import-cache.service from starting at boot. I don't want the none/legacy functionality, and I don't want to use a key file (nor discuss why here). I just want to manually open my luks volumes, then import the pool, and just not have that dang service take up 60 seconds of boot time. Did you ever figure out how to stop the dang thing, or did you just let it fail and then add the zpool import name after your script? – oemb1905 Oct 28 '21 at 02:07

ZFS on Linux: Which mountpoint option when mounting manually per script?

3 Answers3