Running Debian 11 in a Proxmox Virtual machine.
Fairly new to encryption and the mounting of them outside of pre-created during system setup. Trying to do something new here.
Also quite new to creating new systemd services.
I have an encrypted volume I installed my OS onto. It has an LVM on it. When I boot up, I get the following:
Not sure why there’s errors about the vg not being found, but then it asks for the encryption passphrase. I enter this and the machine boots up fine.
Where it gets complicated is that the initial
I have created the encrypted disk and the associated LVM on it. Everything works fine when I mount it all manually. No matter what I do, I /cannot/ get the volume to mount automatically at boot.
I have created a key file and associated it with the encrypted volume that lives at /etc/keys/sdb1.luks
I followed this post which explains to do it via systemd services.
I have two service files at the moment:
Requires=unlock-data.servce After=unlock-data.service [Mount] What=/dev/seafile-data-vg/seafile-data-lv Where=/mnt/seafile-data/ Type=ext4 Options=defaults [Install] WantedBy=multi-user.target
Description=Open encrypted data volume After=multi-user.target Wants=multi-user.target StopWhenUnneeded=true [Service] Type=oneshot ExecStart='/sbin/cryptsetup -d /etc/keys/sdb1.luks -v luksOpen /dev/disk/by-uuid/e770c750-271a-439a-bc2a-93bbc964c221 sdb1_crypt' RemainAfterExit=true ExecStop='/sbin/cryptsetup -d /etc/keys/sdb1.luks -v luksClose sdb1_crypt'
Once the system is booted, if I run the
● mnt-seafilex2ddata.mount - /mnt/seafile-data Loaded: loaded (/etc/systemd/system/mnt-seafilex2ddata.mount; enabled; vendor preset: enabled) Active: inactive (dead) Where: /mnt/seafile-data What: /dev/seafile-data-vg/seafile-data-lv Aug 30 22:21:28 seafile systemd: Dependency failed for /mnt/seafile-data. Aug 30 22:21:28 seafile systemd: mnt-seafilex2ddata.mount: Job mnt-seafilex2ddata.mount/start failed with result 'dependency'.
And, if I try to start the unlock-data service manually
● unlock-data.service - Open encrypted data volume Loaded: loaded (/etc/systemd/system/unlock-data.service; static) Active: failed (Result: exit-code) since Mon 2021-08-30 22:28:15 NZST; 7s ago Process: 720 ExecStart=/sbin/cryptsetup -d /etc/keys/sdb1.luks -v luksOpen /dev/disk/by-uuid/e770c750-271a-439a-bc2a-93bbc964c221 sdb1_crypt (code=exited, status=203/EXEC) Main PID: 720 (code=exited, status=203/EXEC) CPU: 703us Aug 30 22:28:15 seafile systemd: Starting Open encrypted data volume... Aug 30 22:28:15 seafile systemd: unlock-data.service: Main process exited, code=exited, status=203/EXEC Aug 30 22:28:15 seafile systemd: unlock-data.service: Failed with result 'exit-code'. Aug 30 22:28:15 seafile systemd: Failed to start Open encrypted data volume.
Any help would be appreciated. Is there another way I should be doing this?