[pkg-cryptsetup-devel] Bug#576646: Bug#576646: Start cryptsetup-early after nbd-client
Jonas Meurer
jonas at freesources.org
Sun Jun 20 13:40:21 UTC 2010
Hey Libor,
On 06/04/2010 Libor Klepáč wrote:
> I didn't want to fill a bug, I just asked in mailing list but it's not read maybe.
> Here is my message.
sorry for the delay, i'm rather busy and didn't manage to reply up to
now.
> We are setting up backup server, which will boot from nfs (this works, nfsroot
> created easily using debootstrap). Four local disks will be in raid5 (we are
> testing it in vmware now, so only one disk).
>
> I have created luks on /dev/sda , then created lvm on top of it.
>
> This host has to boot automatically and we dont want to have keyfile on
> filesystem of it. So i started nbd-server on other host and put key into it
> (1024B).
> So on backup server crypttab looks like this
> backup /dev/sda /dev/nbd0 luks,size=8192,noearly
>
> Problem is that /etc/init.d/cryptdisks starts after lvm, so i put
> "/etc/init.d/lvm2 start" to rc.local.
>
> nbd-client has to start before cryptdisks, so I added nbd-client to Required-Start field of cryptdisk. (And i have had to remove "X-Start-Before: checkfs" so it doesn't complain about loop)
>
> When i try to add nbd-client to cryptdisks-early (so luks is opened before lvm
> starts), insserv complains about loop. I don't know how to solve this, do you
> have any ideas please?
>
> insserv -v -d
> insserv: There is a loop between service cryptdisks-early and nbd-client if
> started
> insserv: loop involving service nbd-client at depth 7
> insserv: loop involving service networking at depth 6
> insserv: There is a loop between service cryptdisks-early and nbd-client if
> started
> insserv: loop involving service lvm2 at depth 3
> insserv: loop involving service cryptdisks-early at depth 2
> insserv: loop involving service udev at depth 1
> insserv: loop involving service mountnfs at depth 10
> insserv: There is a loop between service lvm2 and cryptdisks-early if started
> insserv: loop involving service checkfs at depth 16
> insserv: exiting now without changing boot order!
>
> Any ideas please? Or is this setup just to complicated/wrong?
> - ---------
>
> We are starting crypted as nonearly now , and we are starting lvm in rc.local now - no problem for us.
I guess you already implemented a sane solution, as a solution using the
initscripts dependency system doesn't work right now. The only other
solution i see so far, is adding a third initscript (i.e.
cryptdisks-middle). simply copy /etc/init.d/cryptdisks-early to
/etc/init.d/cryptdisks-middle, subsitute 'early' with 'middle' in this
script, and change the LSB headers to:
# Provides: cryptdisks-middle
# Required-Start: checkroot cryptdisks-early
# Required-Stop: umountroot cryptdisks-early
# Should-Start: udev nbd-client
# Should-Stop: udev nbd-client
# X-Start-Before: mdadm-raid lvm2 cryptdisks
# X-Stop-After: mdadm-raid lvm2 cryptdisks
# X-Interactive: true
# Default-Start: S
# Default-Stop: 0 6
# Short-Description: Setup special encrypted block devices.
i didn't test this setup, so take my suggestion with care. but at
reconsidering it, i think it's a cleaner solution than your current one.
please report back whether that works.
you might as well take a look at the discussion on debian-devel:
http://groups.google.de/group/linux.debian.devel/browse_thread/thread/73a7cbd3e951e399/daa2c80d6e023d54
greetings,
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20100620/af38b506/attachment.pgp>
More information about the pkg-cryptsetup-devel
mailing list