Re: setting up systemd units for dm-crypt devices
On Mon, Jan 25, 2016 at 04:59:59PM +0000, Jonathan Dowland wrote:
> I *think* enabling lvmetad has indeed fixed the requirement to "vgchange -a y
> <VG name>" upon unlocking the LUKS device. Great!
Since it is harmless to leave the vgchange in when lvmetad *is* available,
I suppose I should leave it in. So I did: unfortunately this doesn't quite
work right (see more below)
> Less important for me but still to figure out, where to put the magic so
> that 'systemctl stop /mountpoint' also disables the relevant VG and closes
> the luks device. (I would like to do this with a removable drive in the
> near future so it will be necessary then).
OK; the necessary nonsense appears to be as follows. My specifics are
* relevant mount point is /backup, defined as a systemd unit
* I use 'backup' as the luks device name too
* the vgname on top of my luks device is phobos_backup
systemd-cryptsetup@backup.service:
...
> [Unit]
...
> BindsTo=backup.mount
> Before=backup.mount
...
> [Service]
...
> # these two lines added by me, necessarily after the existing ExecStart and before
> # the existing ExecStop
> ExecStart=/sbin/vgchange -a y phobos_backup
> ExecStop=/sbin/vgchange -a n phobos_backup
...
With the above:
* "systemctl start /backup" works as it should
* "systemctl stop /backup" de-activates the VG and LUKS device, thanks to the BindsTo
* so does a plain "umount /backup"!
Sadly
* with use_lvmetad=1, I get a spurious failure message on the console on mount;
however, nothing useful in the journal and both units are marked active/success
* The BindsTo/Before has to be in the form "backup.mount" -- attempting to use
"/backup" results in an "invalid argument" error on start-up. Systemd suggests
that you should be able to use paths for mount units quite freely, sadly this
doesn't work here.
Still, with some warts, I've got what I need for now.
--
Jonathan Dowland
Reply to: