1 |
OK, so I conducted another experiment, to see if I was able to make |
2 |
systemd *not* to work with an exotic combination of underlying |
3 |
storage. I did the following: |
4 |
|
5 |
- 4 drives, all of them in RAID5. |
6 |
- The resulting /dev/md127 was put in a Physical Volume, that in a |
7 |
Volume Group, and that split into 5 Logical Volumes: |
8 |
1. /boot (unnecessary, but why not) |
9 |
2. swap |
10 |
3. / (root) |
11 |
4. /usr |
12 |
5. /home |
13 |
- The /home partition was encrypted, and so was the swap. |
14 |
|
15 |
Everything works, but now I did had to do something not intuitive. |
16 |
|
17 |
First the intuitive changes from my previous experiment: |
18 |
|
19 |
1. I had to put this in /etc/default/grub: |
20 |
|
21 |
GRUB_PRELOAD_MODULES="lvm mdraid1x" |
22 |
|
23 |
Basically that's it. The partitions again use labels, so I didn't had |
24 |
to touch fstab, except for the not intuitive change. |
25 |
|
26 |
The problem, that I believe Stefan and Frank hinted, is that the |
27 |
encrypted swap did not activated properly, sometimes resulting in huge |
28 |
boot times (in the order of 1 minute). But only if you specify the |
29 |
swap partition in fstab. |
30 |
|
31 |
The problem is, I think, that systemd tries to activate as soon as |
32 |
possible the swap partitions, even before |
33 |
systemd-cryptsetup activates the devices in /dev/mapper. |
34 |
|
35 |
The solution is to move the swap partition from fstab, and create a |
36 |
system unit for it which has to wait until systemd-cryptsetup does its |
37 |
job: |
38 |
|
39 |
lvm ~ # cat /etc/systemd/system/dev-disk-by\\x2did-dm\\x2dname\\x2dswap.swap |
40 |
[Unit] |
41 |
After=systemd-cryptsetup@××××.service |
42 |
|
43 |
[Swap] |
44 |
What=/dev/disk/by-id/dm-name-swap |
45 |
|
46 |
lvm ~ # cat /etc/crypttab |
47 |
home /dev/vg/vol5 |
48 |
swap /dev/vg/vol2 /dev/urandom swap |
49 |
|
50 |
lvm ~ # cat /etc/fstab |
51 |
LABEL=Boot /boot ext2 acl,noatime 0 2 |
52 |
LABEL=Root / ext4 acl,noatime 0 1 |
53 |
LABEL=User /usr ext4 acl,noatime 0 2 |
54 |
LABEL=Home /home ext4 acl,noatime 0 2 |
55 |
shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 |
56 |
tmpfs /tmp tmpfs defaults,nosuid,size=100% 0 0 |
57 |
|
58 |
Everything works; at boot time systemd asks for the passphrase for |
59 |
/home, and after a timeout continues the boot without mounting it. I |
60 |
haven't tried pam_mount. |
61 |
|
62 |
lvm ~ # lsblk |
63 |
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT |
64 |
sr0 11:0 1 1024M 0 rom |
65 |
vda 253:0 0 5G 0 disk |
66 |
└─vda1 253:1 0 5G 0 part |
67 |
└─md127 9:127 0 15G 0 raid5 |
68 |
├─vg-vol1 (dm-0) 254:0 0 200M 0 lvm /boot |
69 |
├─vg-vol3 (dm-1) 254:1 0 2G 0 lvm / |
70 |
├─vg-vol4 (dm-2) 254:2 0 8G 0 lvm /usr |
71 |
├─vg-vol2 (dm-3) 254:3 0 2G 0 lvm |
72 |
│ └─swap (dm-5) 254:5 0 2G 0 crypt |
73 |
└─vg-vol5 (dm-4) 254:4 0 2.8G 0 lvm |
74 |
└─home (dm-6) 254:6 0 2.8G 0 crypt /home |
75 |
vdb 253:16 0 5G 0 disk |
76 |
└─vdb1 253:17 0 5G 0 part |
77 |
└─md127 9:127 0 15G 0 raid5 |
78 |
├─vg-vol1 (dm-0) 254:0 0 200M 0 lvm /boot |
79 |
├─vg-vol3 (dm-1) 254:1 0 2G 0 lvm / |
80 |
├─vg-vol4 (dm-2) 254:2 0 8G 0 lvm /usr |
81 |
├─vg-vol2 (dm-3) 254:3 0 2G 0 lvm |
82 |
│ └─swap (dm-5) 254:5 0 2G 0 crypt |
83 |
└─vg-vol5 (dm-4) 254:4 0 2.8G 0 lvm |
84 |
└─home (dm-6) 254:6 0 2.8G 0 crypt /home |
85 |
vdc 253:32 0 5G 0 disk |
86 |
└─vdc1 253:33 0 5G 0 part |
87 |
└─md127 9:127 0 15G 0 raid5 |
88 |
├─vg-vol1 (dm-0) 254:0 0 200M 0 lvm /boot |
89 |
├─vg-vol3 (dm-1) 254:1 0 2G 0 lvm / |
90 |
├─vg-vol4 (dm-2) 254:2 0 8G 0 lvm /usr |
91 |
├─vg-vol2 (dm-3) 254:3 0 2G 0 lvm |
92 |
│ └─swap (dm-5) 254:5 0 2G 0 crypt |
93 |
└─vg-vol5 (dm-4) 254:4 0 2.8G 0 lvm |
94 |
└─home (dm-6) 254:6 0 2.8G 0 crypt /home |
95 |
vdd 253:48 0 5G 0 disk |
96 |
└─vdd1 253:49 0 5G 0 part |
97 |
└─md127 9:127 0 15G 0 raid5 |
98 |
├─vg-vol1 (dm-0) 254:0 0 200M 0 lvm /boot |
99 |
├─vg-vol3 (dm-1) 254:1 0 2G 0 lvm / |
100 |
├─vg-vol4 (dm-2) 254:2 0 8G 0 lvm /usr |
101 |
├─vg-vol2 (dm-3) 254:3 0 2G 0 lvm |
102 |
│ └─swap (dm-5) 254:5 0 2G 0 crypt |
103 |
└─vg-vol5 (dm-4) 254:4 0 2.8G 0 lvm |
104 |
└─home (dm-6) 254:6 0 2.8G 0 crypt /home |
105 |
|
106 |
lvm ~ # systemd-analyze blame |
107 |
3.314s systemd-cryptsetup@××××.service |
108 |
803ms systemd-udev-trigger.service |
109 |
198ms systemd-cryptsetup@××××.service |
110 |
134ms systemd-fsck-root.service |
111 |
123ms dhcpcd@××××××.service |
112 |
121ms systemd-udev-settle.service |
113 |
114ms systemd-logind.service |
114 |
111ms sshd.service |
115 |
109ms lvm2-activation-early.service |
116 |
100ms systemd-modules-load.service |
117 |
60ms lvm2-activation.service |
118 |
58ms systemd-sysctl.service |
119 |
58ms systemd-vconsole-setup.service |
120 |
56ms mdadm.service |
121 |
55ms dev-mqueue.mount |
122 |
55ms dev-hugepages.mount |
123 |
48ms sys-kernel-debug.mount |
124 |
48ms systemd-random-seed-load.service |
125 |
47ms systemd-fsck@dev-disk-by\x2dlabel-Boot.service |
126 |
45ms systemd-tmpfiles-setup-dev.service |
127 |
44ms systemd-ask-password-wall.service |
128 |
43ms systemd-remount-fs.service |
129 |
38ms systemd-fsck@dev-disk-by\x2dlabel-Home.service |
130 |
34ms systemd-user-sessions.service |
131 |
30ms boot.mount |
132 |
27ms systemd-tmpfiles-setup.service |
133 |
22ms tmp.mount |
134 |
21ms systemd-udevd.service |
135 |
19ms systemd-journal-flush.service |
136 |
15ms home.mount |
137 |
|
138 |
I'm going to write to the systemd mailing list to ask if that is the |
139 |
intended behavior, or if the encrypted swap partition should get |
140 |
activated even if it's only listed in fstab. In the future, I hope to |
141 |
write an addendum to the handbook, for people that wants this kind of |
142 |
configuration with systemd. |
143 |
|
144 |
Regards |
145 |
-- |
146 |
Canek Peláez Valdés |
147 |
Posgrado en Ciencia e Ingeniería de la Computación |
148 |
Universidad Nacional Autónoma de México |