[systemd-devel] Delaying VM startup until block devices are available
Orion Poplawski
orion at nwra.com
Thu Jan 25 23:28:21 UTC 2024
We have various VMs that are back by luks encrypted LVs. At boot the volumes
are decrypted by clevis. The problem we are seeing at the moment is that the
VMs are started before the block devices are decrypted. Our current solution is:
# cat /etc/systemd/system/virtqemud.service.d/override.conf
[Unit]
After=blockdev at dev-mapper-luks\x2dbackup.target
blockdev at dev-mapper-luks\x2dvm\x2d01\x2ddisk0.target
Where we list each of the volumes to be decyrpted as blocking the virtqemud
service.
Does anyone have any better alternatives? My main issue it that it feels
somewhere in between fine-grained and coarse-grained control.
Ideally I think one would be able to have each individual VM startup
automatically delayed until the devices each used became available, but I
don't see how to do this.
Alternatively it seems like one should be able to delay all VM startup until
all volumes in /etc/crypttab were unlocked, rather than having to specify each
one. But I don't see a target for that.
Thank you for your consideration,
Orion
--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of IT Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 https://www.nwra.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3826 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20240125/b2e3c778/attachment.bin>
More information about the systemd-devel
mailing list