mardi 6 janvier 2015

Systemd config for later mounted encrypted volume with services working on it


Hi everyone,

I am working on a Banana Pi with Arch Linux and i am currently trying to accomplish the following:



  1. After someone mounted the encrypted keyfiles for my external storage systemd shall use them and mount the external storage

  2. systemd shall start all services that operate on the external storage

  3. On shutdown everything shall be stopped before unmounting the encrypted volume



After some hours it finally worked and I wonder if there is a smaller solution:



/etc/systemd/system


luks.keys.path



[Unit]
Description=looks-keys found in /etc/luks-keys

[Path]
DirectoryNotEmpty=/etc/luks-keys/

[Install]
WantedBy=multi-user.target




luks.keys.service



[Unit]
Description=luks-keys availible
Conflicts=umount.target
Before=umount.target
StopWhenUnneeded=true

[Service]
Type=simple
ExecStart=/usr/local/bin/storage
RemainAfterExit=yes




storage.target



[Unit]
Description=Storage
Requires=multi-user.target
After=multi-user.target
Requisite=luks.keys.service
AllowIsolate=yes




./storage.target.wants/minidlna.service



[Unit]
Description=minidlna server
After=network.target
Requisite=luks.keys.service

[Service]
Type=forking
ExecStart=/usr/bin/minidlnad -P /run/minidlna/minidlna.pid
PIDFile=/run/minidlna/minidlna.pid

[Install]
WantedBy=storage.target




/usr/local/bin/storage



#!/bin/bash

systemclt isolate storage.target

cryptsetup --key-file /etc/luks-keys/storage1 luksOpen /dev/sda1 storage1

mount /dev/mapper/storage1 /mnt/storage1







Pi boots:



  • systemd starts multi-user.target

  • activates luks.keys.path witch waits for files in /etc/luks-keys

  • files found

  • luks.keys.service is activated and starts storage.target

  • the other services are starting




Before unmount:



  • systemctl trys to luks.keys.service

  • storage.target and the other services are stopping because then need luks.keys.service

  • luks.keys.service finally stops and the shutdown continuous with umount.target



If its not possible to accomplish this with less work i am happy to present the Answer to the question:



How configure systemd for a later mounted encrypted volume with services working on it




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)