Re: Serveur with encrypted partition : 2 steps boot.

[Erwan David <erwan@rail.eu.org>]

Le 11/04/2013 20:53, Rick Thomas a écrit :
> On Apr 11, 2013, at 12:22 AM, Erwan David wrote:
>
> > On Thu, Apr 11, 2013 at 08:25:56AM CEST, Bob Proulx <bob@proulx.com> 
> > said:
> > > Erwan David wrote:
> > > > 2) add at the beginning of each /etc/init.d/myserv a test to stop if
> > > > the encrypted partition is not mounted
> > > >
> > > > Neither of those solutions seems acceptable for me.
> > > >
> > > > So if someone has an idea, I'm listening.
> > >
> > > I would do one of two things.  Either I would remove the /etc/rc?.d/S*
> > > links associated with the services you don't want to start, or make
> > > the script not executable.  Then start them manually later as you
> > > wish.  Or I would install a /usr/sbin/policy-rc.d script that did your
> > > automated check and only allowed the services to start if the disk was
> > > mounted as you wish.
> > >
> > > See the man page for invoke-rc.d for the first pass documentation.
> > > Then read the README.policy-rc.d.gz file.
> >
> > Thanks, I was not aware of policy-rc.d, which seems to be exactly 
> > what I need.
>
> Are you aware that init supports multiple run-levels (man 8 init) each 
> with its own set of services?  I'll bet you can use this to do what 
> you want...
>
> Rick
You mean booting in level 2, where dovecot, postgresql, etc. are not 
started (but ssh is), then after giving the decryption key and mounting 
the encrypted partition switching to runlevel 3 where they are started ?

Indeed it may also be a good solution.