[systemd-devel] What's the correct way to configure encrypted volume and mount point?
systemd at jelmail.com
Sat Jan 31 02:25:07 PST 2015
On 30/01/15 09:49, Jan Janssen wrote:
> But really: why not use automounting logic in fstab?:
> /dev/mapper/data /home/myuser/data ext4 noauto,x-systemd.automount 0 0
> No need to manually trigger a mount. And you can even use "noauto" in
> crypttab so that the encrypted device is only opened once the mount point is
> accessed the first time.
Thanks Jan. as it happens, I've just been trying automount as a solution
before I read your answer ;)
But it leads me on to another question, if that's ok...
I've set up an encrypted volume configured in crypttab/fstab with
key/header on a path that is automounted.
That path is on a encrypted removable usb "keyring" that's inserted at
boot and everything works: the keyring is unlocked (passphrase
requested) and mounted and then the other volumes are unlocked using
their key/header on the keyring and mounted.
However, after boot I want to pull out the keyring (it's only needed for
the key/header during systemd-cryptsetup).
But when I do this, the encrypted volume is unmounted and I don't want
this to happen.
Here's what I have in crypttab:
|# <name> <device> <password> <options>
keyring PARTLABEL=keyring none noauto
abc /dev/lvm/abc /root/keyring/abc.key header=/root/keyring/abc.hdr
xyz /dev/lvm/xyz /root/keyring/xyz.key header=/root/keyring/xyz.hdr|
| <file system> <dir> <type> <options>
/dev/mapper/keyring /root/keyring ext4 ro,noauto,x-systemd.automount
/dev/mapper/abc /srv/abc ext4
/dev/mapper/xyz /srv/xyz ext4|
I don't want to lose abc and xyz when I pull out keyring.
I think it might be due to the "RequiresMountsFor=/root/keyring/abc.key"
entries that systemd generates in the cryptsetup unit.
I have tried using a drop-in to cancel that option:
but that didn't affect the setting, as I verified with
$ systemctl daemon-reload
$ systemctl show systemd-cryptsetup\@abc --property RequiresMountsFor
Do you know if/how I can achieve this functionality?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the systemd-devel