[pkg-cryptsetup-devel] Bug#576646: Bug#576646: Start cryptsetup-early after nbd-client

Jonas Meurer jonas at freesources.org
Sun Jun 20 13:40:21 UTC 2010 

Hey Libor,

On 06/04/2010 Libor Klepáč wrote:
> I didn't want to fill a bug, I just asked in mailing list but it's not read maybe.
> Here is my message.

sorry for the delay, i'm rather busy and didn't manage to reply up to
now.

> We are setting up backup server, which will boot from nfs (this works, nfsroot 
> created easily using debootstrap). Four local disks will be in raid5 (we are 
> testing it in vmware now, so only one disk).
> 
> I have created luks on /dev/sda , then created lvm on top of it.
> 
> This host has to boot automatically and we dont want to have keyfile on 
> filesystem of it. So i started nbd-server on other host and put key into it 
> (1024B).
> So on backup server crypttab looks like this
> backup  /dev/sda       /dev/nbd0    luks,size=8192,noearly
> 
> Problem is that /etc/init.d/cryptdisks starts after lvm, so i put 
> "/etc/init.d/lvm2 start" to rc.local.
> 
> nbd-client has to start before cryptdisks, so I added nbd-client to Required-Start field of cryptdisk. (And i have had to remove "X-Start-Before:    checkfs" so it doesn't complain about loop)
> 
> When i try to add nbd-client to cryptdisks-early (so luks is opened before lvm 
> starts), insserv complains about loop. I don't know how to solve this, do you 
> have any ideas please?
> 
> insserv -v -d
> insserv: There is a loop between service cryptdisks-early and nbd-client if 
> started
> insserv:  loop involving service nbd-client at depth 7
> insserv:  loop involving service networking at depth 6
> insserv: There is a loop between service cryptdisks-early and nbd-client if 
> started
> insserv:  loop involving service lvm2 at depth 3
> insserv:  loop involving service cryptdisks-early at depth 2
> insserv:  loop involving service udev at depth 1
> insserv:  loop involving service mountnfs at depth 10
> insserv: There is a loop between service lvm2 and cryptdisks-early if started
> insserv:  loop involving service checkfs at depth 16
> insserv: exiting now without changing boot order!
> 
> Any ideas please? Or is this setup just to complicated/wrong?
> - ---------
> 
> We are starting crypted as nonearly now , and we are starting lvm in rc.local now - no problem for us.

I guess you already implemented a sane solution, as a solution using the
initscripts dependency system doesn't work right now. The only other
solution i see so far, is adding a third initscript (i.e.
cryptdisks-middle). simply copy /etc/init.d/cryptdisks-early to
/etc/init.d/cryptdisks-middle, subsitute 'early' with 'middle' in this
script, and change the LSB headers to:

# Provides:          cryptdisks-middle
# Required-Start:    checkroot cryptdisks-early
# Required-Stop:     umountroot cryptdisks-early
# Should-Start:      udev nbd-client
# Should-Stop:       udev nbd-client
# X-Start-Before:    mdadm-raid lvm2 cryptdisks
# X-Stop-After:      mdadm-raid lvm2 cryptdisks
# X-Interactive:     true
# Default-Start:     S
# Default-Stop:      0 6
# Short-Description: Setup special encrypted block devices.

i didn't test this setup, so take my suggestion with care. but at
reconsidering it, i think it's a cleaner solution than your current one.

please report back whether that works.

you might as well take a look at the discussion on debian-devel:
http://groups.google.de/group/linux.debian.devel/browse_thread/thread/73a7cbd3e951e399/daa2c80d6e023d54

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20100620/af38b506/attachment.pgp>

More information about the pkg-cryptsetup-devel mailing list