Re: [gentoo-user] systemd and LUKS
Am 03.09.2013 23:31, schrieb Frank Steinmetzger: This link gave me the deciding hint -- I didn't have cryptsetup-generator in my system, because I didn’t have the cryptsetup useflags enabled. I rebuilt systemd and udisks and now I’m prompted for the LUKS password during boot. \o/ Congratulations! sidenote: The mentioned pam_mount way of doing things lets you boot through to a login. No waiting for the passphrase ... when I login the LUKS-device is opened and mounted ... only one time user/pw ... personally I like it that way. Now I need to find out whether it’s feasible for me to use it. I’ll definitely have to procure some custom unit files, e.g. for monitorix. Most of the bold systemd-users with gentoo see the one or the other unit file missing ... this is still an early stage and should get better with every unit provided. There are quite many bugs filed already pointing at new unit files for ebuilds. pls share your unit as well (or even file it as a bug on bugs.gentoo.org) to help the gentoo devs (and users) here. Stefan
Re: [gentoo-user] systemd and LUKS
On Wed, Sep 04, 2013 at 09:22:37AM +0200, Stefan G. Weichinger wrote: Am 03.09.2013 23:31, schrieb Frank Steinmetzger: This link gave me the deciding hint -- I didn't have cryptsetup-generator in my system, because I didn’t have the cryptsetup useflags enabled. I rebuilt systemd and udisks and now I’m prompted for the LUKS password during boot. \o/ Congratulations! sidenote: The mentioned pam_mount way of doing things lets you boot through to a login. No waiting for the passphrase ... when I login the LUKS-device is opened and mounted ... only one time user/pw ... personally I like it that way. Finding stuff on pam_mount doesn’t seem to be too hard. But how do I prevent systemd from trying it first? Just by disabling the service? Now I need to find out whether it’s feasible for me to use it. I’ll definitely have to procure some custom unit files, e.g. for monitorix. […] pls share your unit as well (or even file it as a bug on bugs.gentoo.org) to help the gentoo devs (and users) here. Well, it’s an experiment, but I’m still quite hesitant to switch. It really shuts down fast (1 to 2 seconds or so), but I don’t see much improvement in booting time (still around 40 seconds until KDM is finished). I like the small stuff around it though, for instance timedatectl is neat and that there is no consolekit thread spam in htop. I also see now why some people rant about it, e.g. that it has an own logging daemon (“one big block of everything”) which uses a binary data format. OTOH, logging becomes very handy with it in that you can see all messages associated with a particular service. Systemdadm is a start, but impractical on a netbook screen. I was hoping I could have openrc and systemd in parallel on the system (so I don’t have to maintain two systems, especially on a slow netbook), but b/c I removed consolekit altogether, a lot of stuff doesn’t work anymore if I try booting with openrc. Perhaps someone can give me a hint about the following: - I’m missing openrc’s feature of using the menu key to switch between the last two TTYs, that’s very useful. - No login prompt on TTY1. - A resource link on how to set up networking without network manager. I always did it the conf.d/net way. Cheers. -- Gruß | Greetings | Qapla’ Please do not share anything from, with or about me with any Facebook service. Dyslexics of the world, untie! signature.asc Description: Digital signature
Re: [gentoo-user] systemd and LUKS
On Wed, Sep 4, 2013 at 5:20 AM, Frank Steinmetzger war...@gmx.de wrote: On Wed, Sep 04, 2013 at 09:22:37AM +0200, Stefan G. Weichinger wrote: Am 03.09.2013 23:31, schrieb Frank Steinmetzger: This link gave me the deciding hint -- I didn't have cryptsetup-generator in my system, because I didn’t have the cryptsetup useflags enabled. I rebuilt systemd and udisks and now I’m prompted for the LUKS password during boot. \o/ Congratulations! sidenote: The mentioned pam_mount way of doing things lets you boot through to a login. No waiting for the passphrase ... when I login the LUKS-device is opened and mounted ... only one time user/pw ... personally I like it that way. Finding stuff on pam_mount doesn’t seem to be too hard. But how do I prevent systemd from trying it first? Just by disabling the service? Now I need to find out whether it’s feasible for me to use it. I’ll definitely have to procure some custom unit files, e.g. for monitorix. […] pls share your unit as well (or even file it as a bug on bugs.gentoo.org) to help the gentoo devs (and users) here. Well, it’s an experiment, but I’m still quite hesitant to switch. It really shuts down fast (1 to 2 seconds or so), but I don’t see much improvement in booting time (still around 40 seconds until KDM is finished). I like the small stuff around it though, for instance timedatectl is neat and that there is no consolekit thread spam in htop. Even considering that you need to input the LUKS password, 40 seconds is too much. You can use systemd-analyze and systemd-analyze blame after a fresh boot to see what is taking most of the boot time. I also see now why some people rant about it, e.g. that it has an own logging daemon (“one big block of everything”) which uses a binary data format. OTOH, logging becomes very handy with it in that you can see all messages associated with a particular service. Systemdadm is a start, but impractical on a netbook screen. Don't forget journalctl -b -p err and journalctl -b -p warning. Hugh time savings. I was hoping I could have openrc and systemd in parallel on the system (so I don’t have to maintain two systems, especially on a slow netbook), but b/c I removed consolekit altogether, a lot of stuff doesn’t work anymore if I try booting with openrc. Perhaps someone can give me a hint about the following: - I’m missing openrc’s feature of using the menu key to switch between the last two TTYs, that’s very useful. I didn't realized it was gone. However, I don't think is a feature of OpenRC, it's just that OpenRC calls agetty differently from systemd, I suppose. - No login prompt on TTY1. Sure it is. Perhaps is just garbled? Try to log in and do a reset. - A resource link on how to set up networking without network manager. I always did it the conf.d/net way. You can set up the network without networkmanager just fine. If you want to use DHCP: dhcpcd@.service [Unit] Description=DHCP on %I After=basic.target Documentation=man:dhcpcd(8) [Service] ExecStartPre=/bin/ifconfig %I up ExecStart=/sbin/dhcpcd -B %I [Install] WantedBy=multi-user.target If you want to use static network: [Unit] Description=Static network service After=local-fs.target Documentation=man:ifconfig(8) Documentation=man:route(8) [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/ifconfig interface ip broadcast broadcast netmask netmask up ExecStart=/bin/route add default gw gateway interface (You can use the new ip command, but ifconfig is still the one installed by default in Gentoo). Or if you need something more complicated, you can put it in several ExecStart lines, or put it in a script and call that. Regards. -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México
Re: [gentoo-user] systemd and LUKS
On Wed, Sep 04, 2013 at 09:16:55AM -0500, Canek Peláez Valdés wrote: Well, it’s an experiment, but I’m still quite hesitant to switch. It really shuts down fast (1 to 2 seconds or so), but I don’t see much improvement in booting time (still around 40 seconds until KDM is finished). I like the small stuff around it though, for instance timedatectl is neat and that there is no consolekit thread spam in htop. Even considering that you need to input the LUKS password, 40 seconds is too much. You can use systemd-analyze and systemd-analyze blame after a fresh boot to see what is taking most of the boot time. I stopped the timer during password entry. systemd-analyze said (IIRC, netbook is off ATM) a little more than 20 seconds altogether. But as I mentioned it’s a slow machine. From the kind of noises it made during boot, I guess that the HDD is the bottleneck. The time from the initial blank X screen to KDM alone is more than 10 seconds. Perhaps there is still stuff starting in the BG. I also see now why some people rant about it, e.g. that it has an own logging daemon (“one big block of everything”) which uses a binary data format. OTOH, logging becomes very handy with it in that you can see all messages associated with a particular service. Systemdadm is a start, but impractical on a netbook screen. Don't forget journalctl -b -p err and journalctl -b -p warning. Hugh time savings. I’m just so used to tail -f /var/log/messages, and it’s a hard fact of reality that switching to something new/else/different always takes personal effort. I was hoping I could have openrc and systemd in parallel on the system (so I don’t have to maintain two systems, especially on a slow netbook), but b/c I removed consolekit altogether, a lot of stuff doesn’t work anymore if I try booting with openrc. Perhaps someone can give me a hint about the following: - I’m missing openrc’s feature of using the menu key to switch between the last two TTYs, that’s very useful. I didn't realized it was gone. Well not in openrc, obviously. But it isn’t there in systemd. However, I don't think is a feature of OpenRC, it's just that OpenRC calls agetty differently from systemd, I suppose. I didn’t know where to look for that option specifically and thought it was openrc (because I can’t remember any other distro having this, like many other details such as a colourful promt by default). - No login prompt on TTY1. Sure it is. Perhaps is just garbled? Try to log in and do a reset. I have boot output on TTY1 and logins on TTY2-6., but not on one I tried various keys and conbinations such as Ctrl+C. - A resource link on how to set up networking without network manager. I always did it the conf.d/net way. You can set up the network without networkmanager just fine. I was obviously too lazy yesterday to research it. I poked blindly into the dark by trying the pre-existing wpa_supplicant and dhcpcd services without any custom configuration (with wpa_supplicant.conf being the only real requirement for my network setup), but wpa_supplicant always failed to authenticate, so I gave up for that night. -- Gruß | Greetings | Qapla’ Please do not share anything from, with or about me with any Facebook service. The advantage of being smart is that one can pretend to be stupid. The opposite is far more difficult. signature.asc Description: Digital signature
[gentoo-user] systemd and LUKS
Hey list after the many discussions here about systemd I had a flash of objectivity (“Who cares if people rant about Lennart, the concept seems sound and I don’t care about separate /usr”). So I wanted to try systemd on my netbook. I cloned the / partition from sda2 to sda7 and chrooted into it. In there I followed the systemd Gentoo wiki¹, i.e. I configured the kernel, installed systemd, added -consolekit systemd to my use flags, rebuilt world with --new-use and added init=/usr/lib/systemd/systemd to the kernel cmdline. Rebooting works until the point of mounting /home, which is a LUKS container. I get the message: A start job is running for dev-mapper-home.service and eventually a timeout and prompt for root password or Ctrl-D. The wiki references a bug report that /etc/crypttab was ignored. Well, I didn’t have one, but apparently my old crypt setup was heeded (because systemd knew that I wanted sda5 mounted as home). I tried researching the problem. One I found was a Gentoo forum thread about LVM. I found out that I was missing CONFIG_DM_UEVENT. But enabling it didn’t help either. I found files in the partition’s /dev directory, which hinted that DEVTMPFS_MOUNT was not set. But I don’t suppose that’s really a problem. Does any of you have experience with this combination and would like to share it? Thanks. ¹ http://gentoo-en.vfose.ru/wiki/Systemd On a sidenote, for some reason, grub2 doesn’t find the kernel if I keep the menuentry’s search commands which are created by grub2-mkconfig. Only if I remove all the search --uuid...yadda yadda..., the entry boots. The boot partition (where the grub files lie) is still my normal / on sda2. It then boots the systemd installation on sda7 which was detected by os_prober. -- Gruß | Greetings | Qapla’ Please do not share anything from, with or about me with any Facebook service. For some, it’s just Windows, but for others, it’s the longest batch file in the world. signature.asc Description: Digital signature
Re: [gentoo-user] systemd and LUKS
Am 03.09.2013 13:46, schrieb Frank Steinmetzger: Hey list after the many discussions here about systemd I had a flash of objectivity (“Who cares if people rant about Lennart, the concept seems sound and I don’t care about separate /usr”). So I wanted to try systemd on my netbook. I cloned the / partition from sda2 to sda7 and chrooted into it. In there I followed the systemd Gentoo wiki¹, i.e. I configured the kernel, installed systemd, added -consolekit systemd to my use flags, rebuilt world with --new-use and added init=/usr/lib/systemd/systemd to the kernel cmdline. Rebooting works until the point of mounting /home, which is a LUKS container. I get the message: A start job is running for dev-mapper-home.service and eventually a timeout and prompt for root password or Ctrl-D. The wiki references a bug report that /etc/crypttab was ignored. Well, I didn’t have one, but apparently my old crypt setup was heeded (because systemd knew that I wanted sda5 mounted as home). I tried researching the problem. One I found was a Gentoo forum thread about LVM. I found out that I was missing CONFIG_DM_UEVENT. But enabling it didn’t help either. I found files in the partition’s /dev directory, which hinted that DEVTMPFS_MOUNT was not set. But I don’t suppose that’s really a problem. Does any of you have experience with this combination and would like to share it? Thanks. ¹ http://gentoo-en.vfose.ru/wiki/Systemd I use a crypted /home on my thinkpad ... with systemd. I only have problems with the encrypted swap but /home works fine. But I think my /home gets mounted when I login ... pam_mount ... would have to check if it's mounted and available earlier. I will check asap in the next hours. Stefan
Re: [gentoo-user] systemd and LUKS
Am 03.09.2013 14:32, schrieb Stefan G. Weichinger: I use a crypted /home on my thinkpad ... with systemd. I only have problems with the encrypted swap but /home works fine. But I think my /home gets mounted when I login ... pam_mount ... would have to check if it's mounted and available earlier. I will check asap in the next hours. Yes. I don't have /home in fstab or crypttab ... gets mounted via pam_mount at login of my user. This might be wrong or not the way systemd is capable of ... but it works for me so far (and did it with openrc as well). Stefan
Re: [gentoo-user] systemd and LUKS
On Tue, Sep 3, 2013 at 6:46 AM, Frank Steinmetzger war...@gmx.de wrote: Hey list after the many discussions here about systemd I had a flash of objectivity (“Who cares if people rant about Lennart, the concept seems sound and I don’t care about separate /usr”). So I wanted to try systemd on my netbook. I cloned the / partition from sda2 to sda7 and chrooted into it. In there I followed the systemd Gentoo wiki¹, i.e. I configured the kernel, installed systemd, added -consolekit systemd to my use flags, rebuilt world with --new-use and added init=/usr/lib/systemd/systemd to the kernel cmdline. Rebooting works until the point of mounting /home, which is a LUKS container. I get the message: A start job is running for dev-mapper-home.service and eventually a timeout and prompt for root password or Ctrl-D. The wiki references a bug report that /etc/crypttab was ignored. Well, I didn’t have one, but apparently my old crypt setup was heeded (because systemd knew that I wanted sda5 mounted as home). Mmmh. I don't use LUKS, but from what I understand, systemd generates the unit files necessary to mount encrypted partitions, and to do this it needs /etc/crypttab, in the same manner that it needs /etc/fstab to generate the unit files for the normal partitions. http://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html I tried researching the problem. One I found was a Gentoo forum thread about LVM. I found out that I was missing CONFIG_DM_UEVENT. But enabling it didn’t help either. I found files in the partition’s /dev directory, which hinted that DEVTMPFS_MOUNT was not set. But I don’t suppose that’s really a problem. I would add it anyway. Does any of you have experience with this combination and would like to share it? Thanks. ¹ http://gentoo-en.vfose.ru/wiki/Systemd On a sidenote, for some reason, grub2 doesn’t find the kernel if I keep the menuentry’s search commands which are created by grub2-mkconfig. Only if I remove all the search --uuid...yadda yadda..., the entry boots. The boot partition (where the grub files lie) is still my normal / on sda2. It then boots the systemd installation on sda7 which was detected by os_prober. Are you sure it's not under the advanced submenu? One question: how is the /etc/fstab file in the systemd installation? Regards. -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México
Re: [gentoo-user] systemd and LUKS
Am 03.09.2013 13:46, schrieb Frank Steinmetzger: Hey list after the many discussions here about systemd I had a flash of objectivity (“Who cares if people rant about Lennart, the concept seems sound and I don’t care about separate /usr”). So I wanted to try systemd on my netbook. I cloned the / partition from sda2 to sda7 and chrooted into it. In there I followed the systemd Gentoo wiki¹, i.e. I configured the kernel, installed systemd, added -consolekit systemd to my use flags, rebuilt world with --new-use and added init=/usr/lib/systemd/systemd to the kernel cmdline. Rebooting works until the point of mounting /home, which is a LUKS container. I get the message: A start job is running for dev-mapper-home.service and eventually a timeout and prompt for root password or Ctrl-D. When it show A start job is running for dev-mapper-home.service you can enter the password for the luks volume. Just type in a few letters, you will see them displayed as I too run systemd + luks - this is my config: $ cat /etc/crypttab # target name source device key file options tank/dev/sdb2 noneluks $ grep tank /etc/fstab #/dev/mapper/tank /home ext4noatime,nofail 0 2 Also make sure to compile systemd with USE=cryptsetup signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] systemd and LUKS
On Tue, Sep 03, 2013 at 11:15:54AM -0500, Canek Peláez Valdés wrote: Hey list […] Rebooting works until the point of mounting /home, which is a LUKS container. I get the message: A start job is running for dev-mapper-home.service and eventually a timeout and prompt for root password or Ctrl-D. The wiki references a bug report that /etc/crypttab was ignored. Well, I didn’t have one, but apparently my old crypt setup was heeded (because systemd knew that I wanted sda5 mounted as home). Mmmh. I don't use LUKS, but from what I understand, systemd generates the unit files necessary to mount encrypted partitions, and to do this it needs /etc/crypttab, in the same manner that it needs /etc/fstab to generate the unit files for the normal partitions. I created a crypttab as some point, but it didn’t solve the problem. $ cat /etc/crypttab home/dev/sda5 http://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html This link gave me the deciding hint -- I didn't have cryptsetup-generator in my system, because I didn’t have the cryptsetup useflags enabled. I rebuilt systemd and udisks and now I’m prompted for the LUKS password during boot. \o/ Now I need to find out whether it’s feasible for me to use it. I’ll definitely have to procure some custom unit files, e.g. for monitorix. On a sidenote, for some reason, grub2 doesn’t find the kernel if I keep the menuentry’s search commands which are created by grub2-mkconfig. Only if I remove all the search --uuid...yadda yadda..., the entry boots. The boot partition (where the grub files lie) is still my normal / on sda2. It then boots the systemd installation on sda7 which was detected by os_prober. Are you sure it's not under the advanced submenu? The “normal” menuitem and the one under the advanced submenu are identical. One question: how is the /etc/fstab file in the systemd installation? Now that you mention it -- I forgot to amend the / partition entry to point to sda7. I have root=/dev/sda7 in the kernel cmdline, though, so I didn’t notice. -- Gruß | Greetings | Qapla’ Please do not share anything from, with or about me with any Facebook service. “Time is money” said the waiter and put the date on the bill. signature.asc Description: Digital signature
