0

Running Debian 11 in a Proxmox Virtual machine.

Fairly new to encryption and the mounting of them outside of pre-created during system setup. Trying to do something new here.

Also quite new to creating new systemd services.

I have an encrypted volume I installed my OS onto. It has an LVM on it. When I boot up, I get the following:

initial boot up

Not sure why there’s errors about the vg not being found, but then it asks for the encryption passphrase. I enter this and the machine boots up fine.

Where it gets complicated is that the initial

/
volume is on an SSD. I have a second volume that’s connected via my NAS at the VM layer. I want this encrypted also.

I have created the encrypted disk and the associated LVM on it. Everything works fine when I mount it all manually. No matter what I do, I /cannot/ get the volume to mount automatically at boot.

I have created a key file and associated it with the encrypted volume that lives at /etc/keys/sdb1.luks

I followed this post which explains to do it via systemd services.

I have two service files at the moment:

/etc/systemd/system/mnt-seafilex2ddata.mount

Requires=unlock-data.servce
After=unlock-data.service

[Mount]
What=/dev/seafile-data-vg/seafile-data-lv
Where=/mnt/seafile-data/
Type=ext4
Options=defaults

[Install]
WantedBy=multi-user.target

and

/etc/systemd/system/unlock-data.service

Description=Open encrypted data volume
After=multi-user.target
Wants=multi-user.target
StopWhenUnneeded=true

[Service]
Type=oneshot
ExecStart='/sbin/cryptsetup -d /etc/keys/sdb1.luks -v luksOpen /dev/disk/by-uuid/e770c750-271a-439a-bc2a-93bbc964c221 sdb1_crypt'
RemainAfterExit=true
ExecStop='/sbin/cryptsetup -d /etc/keys/sdb1.luks -v luksClose sdb1_crypt' 

Once the system is booted, if I run the

/sbin/cryptsetup
command that is specified in the above unlock service file, I am able to mount the volume. However the service will never start. It always throws me an error that I cannot get my head around.

● mnt-seafilex2ddata.mount - /mnt/seafile-data
     Loaded: loaded (/etc/systemd/system/mnt-seafilex2ddata.mount; enabled; vendor preset: enabled)
     Active: inactive (dead)
      Where: /mnt/seafile-data
       What: /dev/seafile-data-vg/seafile-data-lv

Aug 30 22:21:28 seafile systemd[1]: Dependency failed for /mnt/seafile-data.
Aug 30 22:21:28 seafile systemd[1]: mnt-seafilex2ddata.mount: Job mnt-seafilex2ddata.mount/start failed with result 'dependency'.

And, if I try to start the unlock-data service manually

● unlock-data.service - Open encrypted data volume
     Loaded: loaded (/etc/systemd/system/unlock-data.service; static)
     Active: failed (Result: exit-code) since Mon 2021-08-30 22:28:15 NZST; 7s ago
    Process: 720 ExecStart=/sbin/cryptsetup -d /etc/keys/sdb1.luks -v luksOpen /dev/disk/by-uuid/e770c750-271a-439a-bc2a-93bbc964c221 sdb1_crypt (code=exited, status=203/EXEC)
   Main PID: 720 (code=exited, status=203/EXEC)
        CPU: 703us

Aug 30 22:28:15 seafile systemd[1]: Starting Open encrypted data volume...
Aug 30 22:28:15 seafile systemd[1]: unlock-data.service: Main process exited, code=exited, status=203/EXEC
Aug 30 22:28:15 seafile systemd[1]: unlock-data.service: Failed with result 'exit-code'.
Aug 30 22:28:15 seafile systemd[1]: Failed to start Open encrypted data volume.

Obviously the

mnt-seafilex2ddata.mount
service is what starts automatically then calls the other one, but I cannot figure out why it fails to start because of ‘dependency’.

Any help would be appreciated. Is there another way I should be doing this?

Blockquote