I'm trying to recreate under systemd something I had previously cobbled together with shell scripts and init levels under sysvinit.
Only a few services ran under init 2, the default set in /etc/inittab, including privoxy and ssh; the rest of the services I wanted running, such as fetchmail, exim4, courier-imap, apache2, etc. would be started at init level 3. Those services required an encrypted volume (actually a RAID that was an encrypted LVM PV for a VG with several volumes) to be configured and mounted before they could be started. I wrote a shell script that I'd run manually which would take the encryption password (via /etc/init.d/cryptdisks start), ensure that the volume group was found, mount the filesystems, then run init 3. There was also a flag in case I needed to get the VG up without mounting any volumes (e.g. to run a manual fsck on some volume). I have a new server with a fresh install of stretch and I'm trying to make it just a systemctl start (or stop) to achieve the following: 1) the default.target (i.e. multi-user.target) is equivalent to init 2 with minimal services 2) "systemctl start decrypted" gets the encrypted VG up and running but doesn't mount any filesystems 3) "systemctl start operating" makes sure everything in "decrypted" is up before mounting the volumes then launching the various services 4) "systemctl stop operating" stops the various services and attempts to unmount those filesystems 5) "systemctl stop decrypted" stops everything from "operating" and shuts down the volume group and decryption The first challenge is that the cryptsetup package still installs itself (cryptdisks and cryptdisks-early) in /etc/init.d, which means that systemd goes through a process I don't properly understand to run it; it seems to be generating a unit file in /run/systemd/generator.late for it using the lsb header on the /etc/init.d script. (Also, by default and installed as part of the systemd package, /lib/systemd/system/cryptdisks.service is a symlink to /dev/null which, I believe, prevents the generated service from being enabled.) It looks like (and according to the systemd.unit man page) I can override the generated cryptdisks.service unit file with configuration in /etc/systemd/system/cryptdisks.service.d/override.conf, at least according to what "systemctl edit cryptdisks" creates. I know that's a piece of the puzzle, but I'm still missing something. If I'm even on the right track (and if I'm not please set me straight), I have the following questions (and probably more to come): 1) Should "decrypted" and "operating" be .target units or something else? 2) What would I put in e.g. /etc/systemd/system/fetchmail.d/override.conf to prevent it from starting under multi-user.target? Or is it a matter of removing symlinks from /*/systemd/*/*.wants directories? 3) Is there a systemd command to help me with managing this (including transitive wants)? Or is it requires? What's the difference between wants and requires anyway? 3) What would I put in /etc/systemd/system/cryptdisks.d/override.conf to remove its "Before=checkfs.service" reverse dependency? 4) How do I specify the post-decryption mounts? Can I just set them up in /etc/fstab as noauto then symlink the generated .mount units to a .wants? Thanks in advance, --Greg
