[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setting up systemd units for dm-crypt devices

On Fri, Jan 22, 2016 at 06:56:15PM +0100, Anders Andersson wrote:
> On Fri, Jan 22, 2016 at 5:09 PM, Jonathan Dowland <jmtd@debian.org> wrote:
> >     2. vgchange -a y <relevant VG name>
...
> I guess having a separate unit for this could be nice, but is it
> really necessary? Having used LVM on top of LUKS, I can't recall
> having to do that step manually.

It might be something to do with my LVM configuration. I had a hint
elsewhere that lvmetad might address this, so I'll explore that.
 
> > [2] I am planning to investigate having a dropbear sshd running in the
> >     initramfs environment in the future, so I can do an ssh-in to decrypt
> >     the filesystems, including /, but I haven't looked at this yet. There
> >     are several dracut modules that seem to do it.
> 
> I do this on one machine, haven't decided if I'm happy with the setup
> or not. There are too many issues with systemd+encryption in Jessie
> right now.

Good to know, thanks! Since writing that I see that the Debian cryptsetup
package seems to have optional initramfs hooks so I wouldn't need to swap
to dracut after all. I may take another look at that when I have more time.

-- 
Jonathan Dowland
Please do not CC me, I am subscribed to the list.
Reply to: