I'm trying to implement the following systemd service to auto load the key on boot.
I have two systems. On both systems the key lives on the ZFS-on-root rpool. The rpool is not encrypted and I'm not attempting to encrypt it at this time. On system A (tank), it loads the key flawlessly. On system B (sata1), the key fails to load and the systemd service is in a failed state. I'm not sure why this works on system A but not system B.
System A uses NVME drives for the rpool mirror. System B uses SATADOMs for the rpool mirror. I'm wondering if there's a race condition, which if that's the case I would like to know if this is a bad design decision and should go back to the drawing board.
I'm storing the keys in /root/poolname.key
System A
System B
Code:
cat << 'EOF' > /etc/systemd/system/zfs-load-key@.service
[Unit]
Description=Load ZFS keys
DefaultDependencies=no
Before=zfs-mount.service
After=zfs-import.target
Requires=zfs-import.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/zfs load-key %I
[Install]
WantedBy=zfs-mount.service
EOFI have two systems. On both systems the key lives on the ZFS-on-root rpool. The rpool is not encrypted and I'm not attempting to encrypt it at this time. On system A (tank), it loads the key flawlessly. On system B (sata1), the key fails to load and the systemd service is in a failed state. I'm not sure why this works on system A but not system B.
System A uses NVME drives for the rpool mirror. System B uses SATADOMs for the rpool mirror. I'm wondering if there's a race condition, which if that's the case I would like to know if this is a bad design decision and should go back to the drawing board.
I'm storing the keys in /root/poolname.key
System A
Code:
Mar 11 21:04:42 virvh01 zed[2185]: eid=5 class=config_sync pool='rpool'
Mar 11 21:04:42 virvh01 zed[2184]: eid=10 class=config_sync pool='tank'
Mar 11 21:04:42 virvh01 zed[2178]: eid=8 class=pool_import pool='tank'
Mar 11 21:04:42 virvh01 zed[2175]: eid=7 class=config_sync pool='tank'
Mar 11 21:04:42 virvh01 systemd[1]: Reached target zfs.target - ZFS startup target.
Mar 11 21:04:42 virvh01 zed[2162]: eid=2 class=config_sync pool='rpool'
Mar 11 21:04:42 virvh01 systemd[1]: Finished zfs-share.service - ZFS file system shares.
Mar 11 21:04:42 virvh01 zed[2146]: Processing events since eid=0
Mar 11 21:04:42 virvh01 zed[2146]: ZFS Event Daemon 2.2.6-pve1 (PID 2146)
Mar 11 21:04:42 virvh01 systemd[1]: Started zfs-zed.service - ZFS Event Daemon (zed).
Mar 11 21:04:42 virvh01 systemd[1]: Starting zfs-share.service - ZFS file system shares...
Mar 11 21:04:41 virvh01 systemd[1]: Finished zfs-mount.service - Mount ZFS filesystems.
Mar 11 21:04:41 virvh01 systemd[1]: Reached target zfs-volumes.target - ZFS volumes are ready.
Mar 11 21:04:41 virvh01 systemd[1]: Finished zfs-volume-wait.service - Wait for ZFS Volume (zvol) links in /dev.
Mar 11 21:04:41 virvh01 zvol_wait[2012]: No zvols found, nothing to do.
Mar 11 21:04:41 virvh01 systemd[1]: Starting zfs-mount.service - Mount ZFS filesystems...
Mar 11 21:04:41 virvh01 systemd[1]: Finished zfs-load-key@tank-encrypted.service - Load ZFS keys.
Mar 11 21:04:41 virvh01 systemd[1]: Starting zfs-volume-wait.service - Wait for ZFS Volume (zvol) links in /dev...
Mar 11 21:04:41 virvh01 systemd[1]: Starting zfs-load-key@tank-encrypted.service - Load ZFS keys...
Mar 11 21:04:41 virvh01 systemd[1]: Reached target zfs-import.target - ZFS pool import target.
Mar 11 21:04:41 virvh01 systemd[1]: Finished zfs-import-cache.service - Import ZFS pools by cache file.
Mar 11 21:04:40 virvh01 systemd[1]: zfs-import-scan.service - Import ZFS pools by device scanning was skipped because of an unmet condition check (ConditionFileNotEmpty=!/etc/zfs/zpool.cache).
Mar 11 21:04:40 virvh01 systemd[1]: Starting zfs-import-cache.service - Import ZFS pools by cache file...
-- Boot 8dbfa4c434bc4b7a9021ef51d91401f4 --System B
Code:
Mar 15 17:32:14 VIRVH02 systemd[1]: Reached target zfs.target - ZFS startup target.
Mar 15 17:32:14 VIRVH02 systemd[1]: Finished zfs-share.service - ZFS file system shares.
Mar 15 17:32:13 VIRVH02 systemd[1]: Starting zfs-share.service - ZFS file system shares...
Mar 15 17:31:55 VIRVH02 zed[6528]: eid=15 class=config_sync pool='sata1'
Mar 15 17:31:55 VIRVH02 zed[6502]: eid=13 class=pool_import pool='sata1'
Mar 15 17:31:37 VIRVH02 zed[4597]: eid=10 class=config_sync pool='nvme2'
Mar 15 17:31:37 VIRVH02 zed[4561]: eid=7 class=config_sync pool='nvme2'
Mar 15 17:31:26 VIRVH02 zed[3127]: Processing events since eid=0
Mar 15 17:31:26 VIRVH02 zed[3127]: ZFS Event Daemon 2.2.7-pve1 (PID 3127)
Mar 15 17:31:26 VIRVH02 systemd[1]: Started zfs-zed.service - ZFS Event Daemon (zed).
Mar 15 17:31:25 VIRVH02 systemd[1]: Finished zfs-mount.service - Mount ZFS filesystems.
Mar 15 17:31:25 VIRVH02 systemd[1]: Reached target zfs-volumes.target - ZFS volumes are ready.
Mar 15 17:31:25 VIRVH02 systemd[1]: Finished zfs-volume-wait.service - Wait for ZFS Volume (zvol) links in /dev.
Mar 15 17:31:25 VIRVH02 zvol_wait[3017]: No zvols found, nothing to do.
Mar 15 17:31:25 VIRVH02 systemd[1]: Starting zfs-mount.service - Mount ZFS filesystems...
Mar 15 17:31:25 VIRVH02 systemd[1]: Failed to start zfs-load-key@sata1-encrypted.service - Load ZFS keys.
Mar 15 17:31:25 VIRVH02 systemd[1]: zfs-load-key@sata1-encrypted.service: Failed with result 'exit-code'.
Mar 15 17:31:25 VIRVH02 systemd[1]: zfs-load-key@sata1-encrypted.service: Main process exited, code=exited, status=1/FAILURE
Mar 15 17:31:25 VIRVH02 zfs[3016]: cannot open 'sata1/encrypted': dataset does not exist
Mar 15 17:31:25 VIRVH02 systemd[1]: Starting zfs-volume-wait.service - Wait for ZFS Volume (zvol) links in /dev...
Mar 15 17:31:25 VIRVH02 systemd[1]: Starting zfs-load-key@sata1-encrypted.service - Load ZFS keys...
Mar 15 17:31:25 VIRVH02 systemd[1]: Reached target zfs-import.target - ZFS pool import target.
Mar 15 17:31:25 VIRVH02 systemd[1]: Finished zfs-import-cache.service - Import ZFS pools by cache file.
Mar 15 17:31:25 VIRVH02 zpool[3014]: no pools available to import
Mar 15 17:31:25 VIRVH02 systemd[1]: zfs-import-scan.service - Import ZFS pools by device scanning was skipped because of an unmet condition check (ConditionFileNotE>
Mar 15 17:31:25 VIRVH02 systemd[1]: Starting zfs-import-cache.service - Import ZFS pools by cache file...
-- Boot 637b49f58b9645419129bd27d70e903a --