[gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd) - gentoo-user

From:	"Canek Peláez Valdés" <caneko@×××××.com>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
Date:	Sat, 21 Sep 2013 21:50:09
Message-Id:	`CADPrc81yELrTJc6xuBaqP3WXKoOzwtVZMY3zCP=K1iGKuzg6=Q@mail.gmail.com`

1

OK, so I conducted another experiment, to see if I was able to make

2

systemd *not* to work with an exotic combination of underlying

3

storage. I did the following:

4

5

- 4 drives, all of them in RAID5.

6

- The resulting /dev/md127 was put in a Physical Volume, that in a

7

Volume Group, and that split into 5 Logical Volumes:

8

   1. /boot (unnecessary, but why not)

9

   2. swap

10

   3. / (root)

11

   4. /usr

12

   5. /home

13

- The /home partition was encrypted, and so was the swap.

14

15

Everything works, but now I did had to do something not intuitive.

16

17

First the intuitive changes from my previous experiment:

18

19

1. I had to put this in /etc/default/grub:

20

21

GRUB_PRELOAD_MODULES="lvm mdraid1x"

22

23

Basically that's it. The partitions again use labels, so I didn't had

24

to touch fstab, except for the not intuitive change.

25

26

The problem, that I believe Stefan and Frank hinted, is that the

27

encrypted swap did not activated properly, sometimes resulting in huge

28

boot times (in the order of 1 minute). But only if you specify the

29

swap partition in fstab.

30

31

The problem is, I think, that systemd tries to activate as soon as

32

possible the swap partitions, even before

33

systemd-cryptsetup activates the devices in /dev/mapper.

34

35

The solution is to move the swap partition from fstab, and create a

36

system unit for it which has to wait until systemd-cryptsetup does its

37

job:

38

39

lvm ~ # cat /etc/systemd/system/dev-disk-by\\x2did-dm\\x2dname\\x2dswap.swap

40

[Unit]

41

After=systemd-cryptsetup@××××.service

42

43

[Swap]

44

What=/dev/disk/by-id/dm-name-swap

45

46

lvm ~ # cat /etc/crypttab

47

home /dev/vg/vol5

48

swap /dev/vg/vol2 /dev/urandom swap

49

50

lvm ~ # cat /etc/fstab

51

LABEL=Boot /boot ext2 acl,noatime 0 2

52

LABEL=Root / ext4 acl,noatime 0 1

53

LABEL=User /usr ext4 acl,noatime 0 2

54

LABEL=Home /home ext4 acl,noatime 0 2

55

shm /dev/shm tmpfs nodev,nosuid,noexec 0 0

56

tmpfs /tmp tmpfs defaults,nosuid,size=100% 0 0

57

58

Everything works; at boot time systemd asks for the passphrase for

59

/home, and after a timeout continues the boot without mounting it. I

60

haven't tried pam_mount.

61

62

lvm ~ # lsblk

63

NAME                 MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT

64

sr0                   11:0    1 1024M  0 rom

65

vda                  253:0    0    5G  0 disk

66

└─vda1               253:1    0    5G  0 part

67

  └─md127              9:127  0   15G  0 raid5

68

    ├─vg-vol1 (dm-0) 254:0    0  200M  0 lvm   /boot

69

    ├─vg-vol3 (dm-1) 254:1    0    2G  0 lvm   /

70

    ├─vg-vol4 (dm-2) 254:2    0    8G  0 lvm   /usr

71

    ├─vg-vol2 (dm-3) 254:3    0    2G  0 lvm

72

    │ └─swap (dm-5)  254:5    0    2G  0 crypt

73

    └─vg-vol5 (dm-4) 254:4    0  2.8G  0 lvm

74

      └─home (dm-6)  254:6    0  2.8G  0 crypt /home

75

vdb                  253:16   0    5G  0 disk

76

└─vdb1               253:17   0    5G  0 part

77

  └─md127              9:127  0   15G  0 raid5

78

    ├─vg-vol1 (dm-0) 254:0    0  200M  0 lvm   /boot

79

    ├─vg-vol3 (dm-1) 254:1    0    2G  0 lvm   /

80

    ├─vg-vol4 (dm-2) 254:2    0    8G  0 lvm   /usr

81

    ├─vg-vol2 (dm-3) 254:3    0    2G  0 lvm

82

    │ └─swap (dm-5)  254:5    0    2G  0 crypt

83

    └─vg-vol5 (dm-4) 254:4    0  2.8G  0 lvm

84

      └─home (dm-6)  254:6    0  2.8G  0 crypt /home

85

vdc                  253:32   0    5G  0 disk

86

└─vdc1               253:33   0    5G  0 part

87

  └─md127              9:127  0   15G  0 raid5

88

    ├─vg-vol1 (dm-0) 254:0    0  200M  0 lvm   /boot

89

    ├─vg-vol3 (dm-1) 254:1    0    2G  0 lvm   /

90

    ├─vg-vol4 (dm-2) 254:2    0    8G  0 lvm   /usr

91

    ├─vg-vol2 (dm-3) 254:3    0    2G  0 lvm

92

    │ └─swap (dm-5)  254:5    0    2G  0 crypt

93

    └─vg-vol5 (dm-4) 254:4    0  2.8G  0 lvm

94

      └─home (dm-6)  254:6    0  2.8G  0 crypt /home

95

vdd                  253:48   0    5G  0 disk

96

└─vdd1               253:49   0    5G  0 part

97

  └─md127              9:127  0   15G  0 raid5

98

    ├─vg-vol1 (dm-0) 254:0    0  200M  0 lvm   /boot

99

    ├─vg-vol3 (dm-1) 254:1    0    2G  0 lvm   /

100

    ├─vg-vol4 (dm-2) 254:2    0    8G  0 lvm   /usr

101

    ├─vg-vol2 (dm-3) 254:3    0    2G  0 lvm

102

    │ └─swap (dm-5)  254:5    0    2G  0 crypt

103

    └─vg-vol5 (dm-4) 254:4    0  2.8G  0 lvm

104

      └─home (dm-6)  254:6    0  2.8G  0 crypt /home

105

106

lvm ~ # systemd-analyze blame

107

          3.314s systemd-cryptsetup@××××.service

108

           803ms systemd-udev-trigger.service

109

           198ms systemd-cryptsetup@××××.service

110

           134ms systemd-fsck-root.service

111

           123ms dhcpcd@××××××.service

112

           121ms systemd-udev-settle.service

113

           114ms systemd-logind.service

114

           111ms sshd.service

115

           109ms lvm2-activation-early.service

116

           100ms systemd-modules-load.service

117

            60ms lvm2-activation.service

118

            58ms systemd-sysctl.service

119

            58ms systemd-vconsole-setup.service

120

            56ms mdadm.service

121

            55ms dev-mqueue.mount

122

            55ms dev-hugepages.mount

123

            48ms sys-kernel-debug.mount

124

            48ms systemd-random-seed-load.service

125

            47ms systemd-fsck@dev-disk-by\x2dlabel-Boot.service

126

            45ms systemd-tmpfiles-setup-dev.service

127

            44ms systemd-ask-password-wall.service

128

            43ms systemd-remount-fs.service

129

            38ms systemd-fsck@dev-disk-by\x2dlabel-Home.service

130

            34ms systemd-user-sessions.service

131

            30ms boot.mount

132

            27ms systemd-tmpfiles-setup.service

133

            22ms tmp.mount

134

            21ms systemd-udevd.service

135

            19ms systemd-journal-flush.service

136

            15ms home.mount

137

138

I'm going to write to the systemd mailing list to ask if that is the

139

intended behavior, or if the encrypted swap partition should get

140

activated even if it's only listed in fstab. In the future, I hope to

141

write an addendum to the handbook, for people that wants this kind of

142

configuration with systemd.

143

144

Regards

145

--

146

Canek Peláez Valdés

147

Posgrado en Ciencia e Ingeniería de la Computación

148

Universidad Nacional Autónoma de México

Subject	Author
[gentoo-user] Re: LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)	"Canek Peláez Valdés" <caneko@×××××.com>
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)	"Stefan G. Weichinger" <lists@×××××.at>

Gentoo Archives: gentoo-user

Replies

1	OK, so I conducted another experiment, to see if I was able to make
2	systemd not to work with an exotic combination of underlying
3	storage. I did the following:
4
5	- 4 drives, all of them in RAID5.
6	- The resulting /dev/md127 was put in a Physical Volume, that in a
7	Volume Group, and that split into 5 Logical Volumes:
8	1. /boot (unnecessary, but why not)
9	2. swap
10	3. / (root)
11	4. /usr
12	5. /home
13	- The /home partition was encrypted, and so was the swap.
14
15	Everything works, but now I did had to do something not intuitive.
16
17	First the intuitive changes from my previous experiment:
18
19	1. I had to put this in /etc/default/grub:
20
21	GRUB_PRELOAD_MODULES="lvm mdraid1x"
22
23	Basically that's it. The partitions again use labels, so I didn't had
24	to touch fstab, except for the not intuitive change.
25
26	The problem, that I believe Stefan and Frank hinted, is that the
27	encrypted swap did not activated properly, sometimes resulting in huge
28	boot times (in the order of 1 minute). But only if you specify the
29	swap partition in fstab.
30
31	The problem is, I think, that systemd tries to activate as soon as
32	possible the swap partitions, even before
33	systemd-cryptsetup activates the devices in /dev/mapper.
34
35	The solution is to move the swap partition from fstab, and create a
36	system unit for it which has to wait until systemd-cryptsetup does its
37	job:
38
39	lvm ~ # cat /etc/systemd/system/dev-disk-by\\x2did-dm\\x2dname\\x2dswap.swap
40	[Unit]
41	After=systemd-cryptsetup@××××.service
42
43	[Swap]
44	What=/dev/disk/by-id/dm-name-swap
45
46	lvm ~ # cat /etc/crypttab
47	home /dev/vg/vol5
48	swap /dev/vg/vol2 /dev/urandom swap
49
50	lvm ~ # cat /etc/fstab
51	LABEL=Boot /boot ext2 acl,noatime 0 2
52	LABEL=Root / ext4 acl,noatime 0 1
53	LABEL=User /usr ext4 acl,noatime 0 2
54	LABEL=Home /home ext4 acl,noatime 0 2
55	shm /dev/shm tmpfs nodev,nosuid,noexec 0 0
56	tmpfs /tmp tmpfs defaults,nosuid,size=100% 0 0
57
58	Everything works; at boot time systemd asks for the passphrase for
59	/home, and after a timeout continues the boot without mounting it. I
60	haven't tried pam_mount.
61
62	lvm ~ # lsblk
63	NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
64	sr0 11:0 1 1024M 0 rom
65	vda 253:0 0 5G 0 disk
66	└─vda1 253:1 0 5G 0 part
67	└─md127 9:127 0 15G 0 raid5
68	├─vg-vol1 (dm-0) 254:0 0 200M 0 lvm /boot
69	├─vg-vol3 (dm-1) 254:1 0 2G 0 lvm /
70	├─vg-vol4 (dm-2) 254:2 0 8G 0 lvm /usr
71	├─vg-vol2 (dm-3) 254:3 0 2G 0 lvm
72	│ └─swap (dm-5) 254:5 0 2G 0 crypt
73	└─vg-vol5 (dm-4) 254:4 0 2.8G 0 lvm
74	└─home (dm-6) 254:6 0 2.8G 0 crypt /home
75	vdb 253:16 0 5G 0 disk
76	└─vdb1 253:17 0 5G 0 part
77	└─md127 9:127 0 15G 0 raid5
78	├─vg-vol1 (dm-0) 254:0 0 200M 0 lvm /boot
79	├─vg-vol3 (dm-1) 254:1 0 2G 0 lvm /
80	├─vg-vol4 (dm-2) 254:2 0 8G 0 lvm /usr
81	├─vg-vol2 (dm-3) 254:3 0 2G 0 lvm
82	│ └─swap (dm-5) 254:5 0 2G 0 crypt
83	└─vg-vol5 (dm-4) 254:4 0 2.8G 0 lvm
84	└─home (dm-6) 254:6 0 2.8G 0 crypt /home
85	vdc 253:32 0 5G 0 disk
86	└─vdc1 253:33 0 5G 0 part
87	└─md127 9:127 0 15G 0 raid5
88	├─vg-vol1 (dm-0) 254:0 0 200M 0 lvm /boot
89	├─vg-vol3 (dm-1) 254:1 0 2G 0 lvm /
90	├─vg-vol4 (dm-2) 254:2 0 8G 0 lvm /usr
91	├─vg-vol2 (dm-3) 254:3 0 2G 0 lvm
92	│ └─swap (dm-5) 254:5 0 2G 0 crypt
93	└─vg-vol5 (dm-4) 254:4 0 2.8G 0 lvm
94	└─home (dm-6) 254:6 0 2.8G 0 crypt /home
95	vdd 253:48 0 5G 0 disk
96	└─vdd1 253:49 0 5G 0 part
97	└─md127 9:127 0 15G 0 raid5
98	├─vg-vol1 (dm-0) 254:0 0 200M 0 lvm /boot
99	├─vg-vol3 (dm-1) 254:1 0 2G 0 lvm /
100	├─vg-vol4 (dm-2) 254:2 0 8G 0 lvm /usr
101	├─vg-vol2 (dm-3) 254:3 0 2G 0 lvm
102	│ └─swap (dm-5) 254:5 0 2G 0 crypt
103	└─vg-vol5 (dm-4) 254:4 0 2.8G 0 lvm
104	└─home (dm-6) 254:6 0 2.8G 0 crypt /home
105
106	lvm ~ # systemd-analyze blame
107	3.314s systemd-cryptsetup@××××.service
108	803ms systemd-udev-trigger.service
109	198ms systemd-cryptsetup@××××.service
110	134ms systemd-fsck-root.service
111	123ms dhcpcd@××××××.service
112	121ms systemd-udev-settle.service
113	114ms systemd-logind.service
114	111ms sshd.service
115	109ms lvm2-activation-early.service
116	100ms systemd-modules-load.service
117	60ms lvm2-activation.service
118	58ms systemd-sysctl.service
119	58ms systemd-vconsole-setup.service
120	56ms mdadm.service
121	55ms dev-mqueue.mount
122	55ms dev-hugepages.mount
123	48ms sys-kernel-debug.mount
124	48ms systemd-random-seed-load.service
125	47ms systemd-fsck@dev-disk-by\x2dlabel-Boot.service
126	45ms systemd-tmpfiles-setup-dev.service
127	44ms systemd-ask-password-wall.service
128	43ms systemd-remount-fs.service
129	38ms systemd-fsck@dev-disk-by\x2dlabel-Home.service
130	34ms systemd-user-sessions.service
131	30ms boot.mount
132	27ms systemd-tmpfiles-setup.service
133	22ms tmp.mount
134	21ms systemd-udevd.service
135	19ms systemd-journal-flush.service
136	15ms home.mount
137
138	I'm going to write to the systemd mailing list to ask if that is the
139	intended behavior, or if the encrypted swap partition should get
140	activated even if it's only listed in fstab. In the future, I hope to
141	write an addendum to the handbook, for people that wants this kind of
142	configuration with systemd.
143
144	Regards
145	--
146	Canek Peláez Valdés
147	Posgrado en Ciencia e Ingeniería de la Computación
148	Universidad Nacional Autónoma de México