customizing systemd config
I'm trying to recreate under systemd something I had previously cobbled
together with shell scripts and init levels under sysvinit.
Only a few services ran under init 2, the default set in /etc/inittab,
including privoxy and ssh; the rest of the services I wanted running, such
as fetchmail, exim4, courier-imap, apache2, etc. would be started at init
level 3. Those services required an encrypted volume (actually a RAID that
was an encrypted LVM PV for a VG with several volumes) to be configured and
mounted before they could be started.
I wrote a shell script that I'd run manually which would take the
encryption password (via /etc/init.d/cryptdisks start), ensure that the
volume group was found, mount the filesystems, then run init 3. There was
also a flag in case I needed to get the VG up without mounting any volumes
(e.g. to run a manual fsck on some volume).
I have a new server with a fresh install of stretch and I'm trying to make
it just a systemctl start (or stop) to achieve the following:
1) the default.target (i.e. multi-user.target) is equivalent to init 2 with
minimal services
2) "systemctl start decrypted" gets the encrypted VG up and running but
doesn't mount any filesystems
3) "systemctl start operating" makes sure everything in "decrypted" is up
before mounting the volumes then launching the various services
4) "systemctl stop operating" stops the various services and attempts to
unmount those filesystems
5) "systemctl stop decrypted" stops everything from "operating" and shuts
down the volume group and decryption
The first challenge is that the cryptsetup package still installs itself
(cryptdisks and cryptdisks-early) in /etc/init.d, which means that systemd
goes through a process I don't properly understand to run it; it seems to
be generating a unit file in /run/systemd/generator.late for it using the
lsb header on the /etc/init.d script. (Also, by default and installed as
part of the systemd package, /lib/systemd/system/cryptdisks.service is a
symlink to /dev/null which, I believe, prevents the generated service from
being enabled.)
It looks like (and according to the systemd.unit man page) I can override
the generated cryptdisks.service unit file with configuration in
/etc/systemd/system/cryptdisks.service.d/override.conf, at least according
to what "systemctl edit cryptdisks" creates. I know that's a piece of the
puzzle, but I'm still missing something.
If I'm even on the right track (and if I'm not please set me straight), I
have the following questions (and probably more to come):
1) Should "decrypted" and "operating" be .target units or something else?
2) What would I put in e.g. /etc/systemd/system/fetchmail.d/override.conf
to prevent it from starting under multi-user.target? Or is it a matter
of removing symlinks from /*/systemd/*/*.wants directories?
3) Is there a systemd command to help me with managing this (including
transitive wants)? Or is it requires? What's the difference between
wants and requires anyway?
3) What would I put in /etc/systemd/system/cryptdisks.d/override.conf to
remove its "Before=checkfs.service" reverse dependency?
4) How do I specify the post-decryption mounts? Can I just set them up in
/etc/fstab as noauto then symlink the generated .mount units to a
.wants?
Thanks in advance,
--Greg
Reply to: