On Fri, Jan 22, 2016 at 1:55 PM, Jonathan Dowland < jon+systemd-de...@alcopop.org> wrote:
> Hi, [please CC me on replies if possible], > > I have several LUKS-encrypted volumes, upon which I have placed LVM PVs. > Prior to systemd, I would define them in /etc/crypttab. Right now, due > to systemd-cryptsetup-generator, this gets interpreted and translated > into systemd units. > > I am wondering whether crypttab should be considered deprecated and > whether it would be better practice for new volumes to be defined soley > as systemd units. Is the plan for the crypttab-generator to go away > eventually? > AFAIK, neither fstab nor crypttab are going away anytime soon. To activate my filesystems, the steps are > > 1. cryptsetup luksOpen <backing device> > 2. vgchange -a y <relevant VG name> > 3. mount <mountpoint> > > I know to create a systemd-cryptsetup@XYZ.service unit and a > somepath.mount.unit to cover 1. and 3. above. But should I define a > service for 2., or handle it with ExecStartPost= in the cryptsetup > service definition? > > I'm leaning towards the former, because one also needs to handle > vgchange -a n prior to luksClose, but I'd appreciate your opinions (it > might just be a matter of style). > Some distros have started using lvmetad to set up LVM in a more hotplug manner – it should work here as well. > Finally, does anyone have a good solution for multiplexing the > decrypting of dm-crypt partitions that happen to have the same > passphrases? In normal operation I have 2 such devices that I do not > want to mount at boot-time (as that is headless/unattended), but I do > want to mount (manually) in normal operation. It would be convenient to > only type my passphrase once. Is this something the passphrase-asking > logic in systemd can or could support? Should I be looking at key files > instead? > systemd-ask-password(1) mentions being able to cache passwords in a kernel keyring, but I'm not sure if systemd-cryptsetup actually makes use of that. -- Mantas Mikulėnas <graw...@gmail.com>
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
