Re: Problem with systemd and cryptsetup - how to solve it the systemd way?

[David Christensen <dpchrist@holgerdanske.com>]

On 12/10/2015 05:38 AM, Anders Andersson wrote:
> I am trying to set up an encrypted btrfs system on a Debian Jessie
...
> root@jessie:~# cryptsetup luksFormat /dev/sdb1
> root@jessie:~# cryptsetup luksOpen /dev/sdb1 crypt
> root@jessie:~# dd if=/dev/zero of=/dev/mapper/crypt
> root@jessie:~# cryptsetup luksClose crypt
...
> Then I add this to /etc/crypttab:
> ---- /etc/crypttab ---
> # <target name>    <source device>        <key file>    <options>
> crypt /dev/sdb1 none luks,noauto
> ---- /etc/crypttab ---

When I want a LUKS data partition to be mounted at boot, I create a LUKS 
key:

    # dd if=/dev/random of=/root/.luks-keyfile bs=1 count=32

    # chmod 0400 /root/.luks-keyfile


Add the key to the LUKS partition:

    # cryptsetup luksAddKey /dev/sdb1 /root/.luks-keyfile


(Note: it is preferable to use /dev/disk/by-id/* paths for disk 
administration commands rather than /dev/sd* paths, as the letter 
assignments can and do get re-arranged on reboot.)


Add an entry to /etc/crypttab:

   sdb1_crypt /dev/sdb1 /root/.luks-keyfile luks


Create a mount point:

    # mkdir /var/luks/sdb1_data


Add an entry to /etc/fstab:

    /dev/mapper/sdb1_crypt /var/luks/sdb1_data auto defaults,nofail 0 2


Reboot, verify, and/or troubleshoot.


David