Mounting encrypted ZFS on boot with key on NFS

D

doman18

Active Member
Oct 20, 2018
26
2
43
39
My dataset is unlocked with the key placed on NFS share. I followed ARCH LINUX guide and made systemd service to load all keys on startup.

https://wiki.archlinux.org/index.php/ZFS#Unlock_at_boot_time

Unfortunately this does not work with NFS as in the moment of starting this service there is no network connection yet. When should i start this service to have network connections but before proxmox Storage->Directories are mounted?
 
Ok, i think i managed to get it work, i just changed "Before" and "Wanted by" to network-online.target

Code: 
root@proxmox:~# cat /etc/systemd/system/zfs-load-key.service
[Unit]
Description=Load encryption keys
DefaultDependencies=no
Before=pve-storage.target
After=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/bash -c '/root/unlockzfs'

[Install]
WantedBy=network-online.target

And my script ...

Code: 
root@proxmox:~# cat unlockzfs
#!/bin/bash
/usr/bin/mount /mnt/secret
/usr/sbin/zfs load-key -a
#pvesm remove encrypted
#rm -rf /zfsraid0/encrypted/*
zfs mount zfsraid0/encrypted
#pvesm add dir encrypted --path /zfsraid0/encrypted
 
  • Like
Reactions: topcat
You must log in or register to reply here.
Top Bottom