[gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)

Sat, 21 Sep 2013 14:50:29 -0700 

OK, so I conducted another experiment, to see if I was able to make
systemd *not* to work with an exotic combination of underlying
storage. I did the following:

- 4 drives, all of them in RAID5.
- The resulting /dev/md127 was put in a Physical Volume, that in a
Volume Group, and that split into 5 Logical Volumes:
   1. /boot (unnecessary, but why not)
   2. swap
   3. / (root)
   4. /usr
   5. /home
- The /home partition was encrypted, and so was the swap.

Everything works, but now I did had to do something not intuitive.

First the intuitive changes from my previous experiment:

1. I had to put this in /etc/default/grub:

GRUB_PRELOAD_MODULES="lvm mdraid1x"

Basically that's it. The partitions again use labels, so I didn't had
to touch fstab, except for the not intuitive change.

The problem, that I believe Stefan and Frank hinted, is that the
encrypted swap did not activated properly, sometimes resulting in huge
boot times (in the order of 1 minute). But only if you specify the
swap partition in fstab.

The problem is, I think, that systemd tries to activate as soon as
possible the swap partitions, even before
systemd-cryptsetup activates the devices in /dev/mapper.

The solution is to move the swap partition from fstab, and create a
system unit for it which has to wait until systemd-cryptsetup does its
job:

lvm ~ # cat /etc/systemd/system/dev-disk-by\\x2did-dm\\x2dname\\x2dswap.swap
[Unit]
After=systemd-cryptsetup@swap.service

[Swap]
What=/dev/disk/by-id/dm-name-swap

lvm ~ # cat /etc/crypttab
home /dev/vg/vol5
swap /dev/vg/vol2 /dev/urandom swap

lvm ~ # cat /etc/fstab
LABEL=Boot /boot ext2 acl,noatime 0 2
LABEL=Root / ext4 acl,noatime 0 1
LABEL=User /usr ext4 acl,noatime 0 2
LABEL=Home /home ext4 acl,noatime 0 2
shm /dev/shm tmpfs nodev,nosuid,noexec 0 0
tmpfs /tmp tmpfs defaults,nosuid,size=100% 0 0

Everything works; at boot time systemd asks for the passphrase for
/home, and after a timeout continues the boot without mounting it. I
haven't tried pam_mount.

lvm ~ # lsblk
NAME                 MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sr0                   11:0    1 1024M  0 rom
vda                  253:0    0    5G  0 disk
└─vda1               253:1    0    5G  0 part
  └─md127              9:127  0   15G  0 raid5
    ├─vg-vol1 (dm-0) 254:0    0  200M  0 lvm   /boot
    ├─vg-vol3 (dm-1) 254:1    0    2G  0 lvm   /
    ├─vg-vol4 (dm-2) 254:2    0    8G  0 lvm   /usr
    ├─vg-vol2 (dm-3) 254:3    0    2G  0 lvm
    │ └─swap (dm-5)  254:5    0    2G  0 crypt
    └─vg-vol5 (dm-4) 254:4    0  2.8G  0 lvm
      └─home (dm-6)  254:6    0  2.8G  0 crypt /home
vdb                  253:16   0    5G  0 disk
└─vdb1               253:17   0    5G  0 part
  └─md127              9:127  0   15G  0 raid5
    ├─vg-vol1 (dm-0) 254:0    0  200M  0 lvm   /boot
    ├─vg-vol3 (dm-1) 254:1    0    2G  0 lvm   /
    ├─vg-vol4 (dm-2) 254:2    0    8G  0 lvm   /usr
    ├─vg-vol2 (dm-3) 254:3    0    2G  0 lvm
    │ └─swap (dm-5)  254:5    0    2G  0 crypt
    └─vg-vol5 (dm-4) 254:4    0  2.8G  0 lvm
      └─home (dm-6)  254:6    0  2.8G  0 crypt /home
vdc                  253:32   0    5G  0 disk
└─vdc1               253:33   0    5G  0 part
  └─md127              9:127  0   15G  0 raid5
    ├─vg-vol1 (dm-0) 254:0    0  200M  0 lvm   /boot
    ├─vg-vol3 (dm-1) 254:1    0    2G  0 lvm   /
    ├─vg-vol4 (dm-2) 254:2    0    8G  0 lvm   /usr
    ├─vg-vol2 (dm-3) 254:3    0    2G  0 lvm
    │ └─swap (dm-5)  254:5    0    2G  0 crypt
    └─vg-vol5 (dm-4) 254:4    0  2.8G  0 lvm
      └─home (dm-6)  254:6    0  2.8G  0 crypt /home
vdd                  253:48   0    5G  0 disk
└─vdd1               253:49   0    5G  0 part
  └─md127              9:127  0   15G  0 raid5
    ├─vg-vol1 (dm-0) 254:0    0  200M  0 lvm   /boot
    ├─vg-vol3 (dm-1) 254:1    0    2G  0 lvm   /
    ├─vg-vol4 (dm-2) 254:2    0    8G  0 lvm   /usr
    ├─vg-vol2 (dm-3) 254:3    0    2G  0 lvm
    │ └─swap (dm-5)  254:5    0    2G  0 crypt
    └─vg-vol5 (dm-4) 254:4    0  2.8G  0 lvm
      └─home (dm-6)  254:6    0  2.8G  0 crypt /home

lvm ~ # systemd-analyze blame
          3.314s systemd-cryptsetup@home.service
           803ms systemd-udev-trigger.service
           198ms systemd-cryptsetup@swap.service
           134ms systemd-fsck-root.service
           123ms dhcpcd@enp0s3.service
           121ms systemd-udev-settle.service
           114ms systemd-logind.service
           111ms sshd.service
           109ms lvm2-activation-early.service
           100ms systemd-modules-load.service
            60ms lvm2-activation.service
            58ms systemd-sysctl.service
            58ms systemd-vconsole-setup.service
            56ms mdadm.service
            55ms dev-mqueue.mount
            55ms dev-hugepages.mount
            48ms sys-kernel-debug.mount
            48ms systemd-random-seed-load.service
            47ms systemd-fsck@dev-disk-by\x2dlabel-Boot.service
            45ms systemd-tmpfiles-setup-dev.service
            44ms systemd-ask-password-wall.service
            43ms systemd-remount-fs.service
            38ms systemd-fsck@dev-disk-by\x2dlabel-Home.service
            34ms systemd-user-sessions.service
            30ms boot.mount
            27ms systemd-tmpfiles-setup.service
            22ms tmp.mount
            21ms systemd-udevd.service
            19ms systemd-journal-flush.service
            15ms home.mount

I'm going to write to the systemd mailing list to ask if that is the
intended behavior, or if the encrypted swap partition should get
activated even if it's only listed in fstab. In the future, I hope to
write an addendum to the handbook, for people that wants this kind of
configuration with systemd.

Regards
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México

Reply via email to