Mounting encrypted ZFS on boot with key on NFS

doman18

Active Member
Oct 20, 2018
26
1
43
39
My dataset is unlocked with the key placed on NFS share. I followed ARCH LINUX guide and made systemd service to load all keys on startup.

https://wiki.archlinux.org/index.php/ZFS#Unlock_at_boot_time

Unfortunately this does not work with NFS as in the moment of starting this service there is no network connection yet. When should i start this service to have network connections but before proxmox Storage->Directories are mounted?
 
Ok, i think i managed to get it work, i just changed "Before" and "Wanted by" to network-online.target

Code:
root@proxmox:~# cat /etc/systemd/system/zfs-load-key.service
[Unit]
Description=Load encryption keys
DefaultDependencies=no
Before=pve-storage.target
After=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/bash -c '/root/unlockzfs'

[Install]
WantedBy=network-online.target

And my script ...

Code:
root@proxmox:~# cat unlockzfs
#!/bin/bash
/usr/bin/mount /mnt/secret
/usr/sbin/zfs load-key -a
#pvesm remove encrypted
#rm -rf /zfsraid0/encrypted/*
zfs mount zfsraid0/encrypted
#pvesm add dir encrypted --path /zfsraid0/encrypted
 
  • Like
Reactions: topcat

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!