Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
Am 27.09.2013 12:36, schrieb Stefan G. Weichinger: Am 25.09.2013 01:38, schrieb Canek Peláez Valdés: systemd-analyze blame to see what is taking so long. systemd-delta to see what changes from upstream do you have. Thanks ... I cleaned up some cruft already and will test some boot-process soon. Still on the road ... sorry for the delay ... quite some non-gentoo-things happening here lately ;-) My systemd-delta is down to zero ... and my LVs are activated fine in the last few boots. Fine! sys-apps/systemd-208-r2 # cat /proc/version Linux version 3.11.5-gentoo Greets, regards, Stefan
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
Am 25.09.2013 01:38, schrieb Canek Peláez Valdés: systemd-analyze blame to see what is taking so long. systemd-delta to see what changes from upstream do you have. Thanks ... I cleaned up some cruft already and will test some boot-process soon. Still on the road ...
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
On 23/09/13 17:37, Canek Peláez Valdés wrote: On Sep 23, 2013 6:01 AM, Tanstaafl tansta...@libertytrek.org mailto:tansta...@libertytrek.org wrote: Man... watching this discussion just makes me want to avoid systemd like the plague/all the more... Please don't top post. Please disable HTML from your mail client when posting to mailing lists. It looks very ugly.
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
Am 23.09.2013 16:30, schrieb Canek Peláez Valdés: Did you read my next email? There is no need for the extra swap unit. I was missing a couple of kernel options and to compile LVM2 and cryptsetup with some USE flags. Everything works as expected; but you need to put the swap in fstab. got it now, thanks. I have to check flags and stuff ... the changes gave me some timeouts (race conditions?) for the last 3 boots. When it boots I get enabled encrypted swap now. Stefan
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
systemd-analyze blame to see what is taking so long. systemd-delta to see what changes from upstream do you have. Regards. On Sep 24, 2013 4:47 PM, Stefan G. Weichinger li...@xunil.at wrote: Am 23.09.2013 16:30, schrieb Canek Peláez Valdés: Did you read my next email? There is no need for the extra swap unit. I was missing a couple of kernel options and to compile LVM2 and cryptsetup with some USE flags. Everything works as expected; but you need to put the swap in fstab. got it now, thanks. I have to check flags and stuff ... the changes gave me some timeouts (race conditions?) for the last 3 boots. When it boots I get enabled encrypted swap now. Stefan
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
Am 21.09.2013 23:49, schrieb Canek Peláez Valdés: OK, so I conducted another experiment, to see if I was able to make systemd *not* to work with an exotic combination of underlying storage. I did the following: - 4 drives, all of them in RAID5. - The resulting /dev/md127 was put in a Physical Volume, that in a Volume Group, and that split into 5 Logical Volumes: 1. /boot (unnecessary, but why not) 2. swap 3. / (root) 4. /usr 5. /home - The /home partition was encrypted, and so was the swap. Everything works, but now I did had to do something not intuitive. First the intuitive changes from my previous experiment: 1. I had to put this in /etc/default/grub: GRUB_PRELOAD_MODULES=lvm mdraid1x Basically that's it. The partitions again use labels, so I didn't had to touch fstab, except for the not intuitive change. The problem, that I believe Stefan and Frank hinted, is that the encrypted swap did not activated properly, sometimes resulting in huge boot times (in the order of 1 minute). But only if you specify the swap partition in fstab. Yes, I reported this issue back then ... but I don't have the encrypted swap in /etc/fstab. I only have: # cat /etc/crypttab swap /dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO015404LR080JGN-part5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256 which gives me a /dev/mapper/swap ... but no activated swap ... I will create a swap-unit now ... S
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
Am 23.09.2013 09:09, schrieb Stefan G. Weichinger: Yes, I reported this issue back then ... but I don't have the encrypted swap in /etc/fstab. I only have: # cat /etc/crypttab swap /dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO015404LR080JGN-part5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256 which gives me a /dev/mapper/swap ... but no activated swap ... I will create a swap-unit now ... Getting that unit-name right is quite annoying ... fiddling with understanding that strange escaping etc ... :-(
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
Am 23.09.2013 10:00, schrieb Stefan G. Weichinger: Getting that unit-name right is quite annoying ... fiddling with understanding that strange escaping etc ... :-( I have now: # cat /etc/systemd/system/dev-disk-by\\x2did-dm\\x2dname\\x2dswap.swap [Unit] #After=systemd-cryptsetup.service After=systemd-cryptsetup@swap.service [Swap] What=/dev/disk/by-id/dm-name-swap see the comment, I tried both because the swap was not activated after boot but it is when I manually start it. I only have: # systemctl | grep cry cryptsetup.target loaded active activeEncrypted Volumes so I edited the dependency. This gave me encrypted swap once already after manually starting the swap-unit. But after booting it still generates another swap.service which makes the new unit fail or run into a timeout. # systemctl | grep swap dev-mapper-swap.deviceloaded inactive dead start dev-mapper-swap.device systemd-...p@swap.service loaded active exited Cryptography Setup for swap swap.target loaded active active Swap oh my ... Glad to have enough RAM for now ;-) for the records: no swap-stuff in fstab ... Stefan
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
Man... watching this discussion just makes me want to avoid systemd like the plague/all the more... On 2013-09-23 4:21 AM, Stefan G. Weichinger li...@xunil.at wrote: Am 23.09.2013 10:00, schrieb Stefan G. Weichinger: Getting that unit-name right is quite annoying ... fiddling with understanding that strange escaping etc ... :-( I have now: # cat /etc/systemd/system/dev-disk-by\\x2did-dm\\x2dname\\x2dswap.swap [Unit] #After=systemd-cryptsetup.service After=systemd-cryptsetup@swap.service [Swap] What=/dev/disk/by-id/dm-name-swap see the comment, I tried both because the swap was not activated after boot but it is when I manually start it. I only have: # systemctl | grep cry cryptsetup.target loaded active activeEncrypted Volumes so I edited the dependency. This gave me encrypted swap once already after manually starting the swap-unit. But after booting it still generates another swap.service which makes the new unit fail or run into a timeout. # systemctl | grep swap dev-mapper-swap.deviceloaded inactive dead start dev-mapper-swap.device systemd-...p@swap.service loaded active exited Cryptography Setup for swap swap.target loaded active active Swap oh my ... Glad to have enough RAM for now ;-) for the records: no swap-stuff in fstab ... Stefan
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
Am 23.09.2013 13:00, schrieb Tanstaafl: Man... watching this discussion just makes me want to avoid systemd like the plague/all the more... I understand that, yes ... it is unnecessary complex from my point of view as well. Swap that is encrypted from scratch everytime you boot up isn't the simplest thing ... but it is quite some fiddling, I agree ... Let's see if we can figure it out and document and/or patch it in a way that makes it easier for other users to use. This is still an early stage of systemd-adoption in gentoo linux ...
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
On Sep 23, 2013 3:22 AM, Stefan G. Weichinger li...@xunil.at wrote: Am 23.09.2013 10:00, schrieb Stefan G. Weichinger: Getting that unit-name right is quite annoying ... fiddling with understanding that strange escaping etc ... :-( I have now: # cat /etc/systemd/system/dev-disk-by\\x2did-dm\\x2dname\\x2dswap.swap [Unit] #After=systemd-cryptsetup.service After=systemd-cryptsetup@swap.service [Swap] What=/dev/disk/by-id/dm-name-swap see the comment, I tried both because the swap was not activated after boot but it is when I manually start it. I only have: # systemctl | grep cry cryptsetup.target loaded active activeEncrypted Volumes so I edited the dependency. This gave me encrypted swap once already after manually starting the swap-unit. But after booting it still generates another swap.service which makes the new unit fail or run into a timeout. # systemctl | grep swap dev-mapper-swap.deviceloaded inactive dead start dev-mapper-swap.device systemd-...p@swap.service loaded active exited Cryptography Setup for swap swap.target loaded active active Swap oh my ... Glad to have enough RAM for now ;-) for the records: no swap-stuff in fstab ... Did you read my next email? There is no need for the extra swap unit. I was missing a couple of kernel options and to compile LVM2 and cryptsetup with some USE flags. Everything works as expected; but you need to put the swap in fstab. Regards.
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
On Sep 23, 2013 6:01 AM, Tanstaafl tansta...@libertytrek.org wrote: Man... watching this discussion just makes me want to avoid systemd like the plague/all the more... Please don't top post. After I got LVM2, mdraid, and LUKS working with systemd, I just decided that, for me, neither LVM2, mdraid, nor LUKS are worth it. I don't think I will ever use them. To each his own. Regards.
Re: [gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
On 2013-09-23 10:37 AM, Canek Peláez Valdés can...@gmail.com wrote: On Sep 23, 2013 6:01 AM, Tanstaafl tansta...@libertytrek.org mailto:tansta...@libertytrek.org wrote: Man... watching this discussion just makes me want to avoid systemd like the plague/all the more... Please don't top post. Please don't be so pedantic... ;) Normally I don't top post - but sometimes it is appropriate...
[gentoo-user] LVM2+mdraid5+LUKS+systemd (was Re: LVM2+mdraid+systemd)
OK, so I conducted another experiment, to see if I was able to make systemd *not* to work with an exotic combination of underlying storage. I did the following: - 4 drives, all of them in RAID5. - The resulting /dev/md127 was put in a Physical Volume, that in a Volume Group, and that split into 5 Logical Volumes: 1. /boot (unnecessary, but why not) 2. swap 3. / (root) 4. /usr 5. /home - The /home partition was encrypted, and so was the swap. Everything works, but now I did had to do something not intuitive. First the intuitive changes from my previous experiment: 1. I had to put this in /etc/default/grub: GRUB_PRELOAD_MODULES=lvm mdraid1x Basically that's it. The partitions again use labels, so I didn't had to touch fstab, except for the not intuitive change. The problem, that I believe Stefan and Frank hinted, is that the encrypted swap did not activated properly, sometimes resulting in huge boot times (in the order of 1 minute). But only if you specify the swap partition in fstab. The problem is, I think, that systemd tries to activate as soon as possible the swap partitions, even before systemd-cryptsetup activates the devices in /dev/mapper. The solution is to move the swap partition from fstab, and create a system unit for it which has to wait until systemd-cryptsetup does its job: lvm ~ # cat /etc/systemd/system/dev-disk-by\\x2did-dm\\x2dname\\x2dswap.swap [Unit] After=systemd-cryptsetup@swap.service [Swap] What=/dev/disk/by-id/dm-name-swap lvm ~ # cat /etc/crypttab home /dev/vg/vol5 swap /dev/vg/vol2 /dev/urandom swap lvm ~ # cat /etc/fstab LABEL=Boot /boot ext2 acl,noatime 0 2 LABEL=Root / ext4 acl,noatime 0 1 LABEL=User /usr ext4 acl,noatime 0 2 LABEL=Home /home ext4 acl,noatime 0 2 shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 tmpfs /tmp tmpfs defaults,nosuid,size=100% 0 0 Everything works; at boot time systemd asks for the passphrase for /home, and after a timeout continues the boot without mounting it. I haven't tried pam_mount. lvm ~ # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:01 1024M 0 rom vda 253:005G 0 disk └─vda1 253:105G 0 part └─md127 9:127 0 15G 0 raid5 ├─vg-vol1 (dm-0) 254:00 200M 0 lvm /boot ├─vg-vol3 (dm-1) 254:102G 0 lvm / ├─vg-vol4 (dm-2) 254:208G 0 lvm /usr ├─vg-vol2 (dm-3) 254:302G 0 lvm │ └─swap (dm-5) 254:502G 0 crypt └─vg-vol5 (dm-4) 254:40 2.8G 0 lvm └─home (dm-6) 254:60 2.8G 0 crypt /home vdb 253:16 05G 0 disk └─vdb1 253:17 05G 0 part └─md127 9:127 0 15G 0 raid5 ├─vg-vol1 (dm-0) 254:00 200M 0 lvm /boot ├─vg-vol3 (dm-1) 254:102G 0 lvm / ├─vg-vol4 (dm-2) 254:208G 0 lvm /usr ├─vg-vol2 (dm-3) 254:302G 0 lvm │ └─swap (dm-5) 254:502G 0 crypt └─vg-vol5 (dm-4) 254:40 2.8G 0 lvm └─home (dm-6) 254:60 2.8G 0 crypt /home vdc 253:32 05G 0 disk └─vdc1 253:33 05G 0 part └─md127 9:127 0 15G 0 raid5 ├─vg-vol1 (dm-0) 254:00 200M 0 lvm /boot ├─vg-vol3 (dm-1) 254:102G 0 lvm / ├─vg-vol4 (dm-2) 254:208G 0 lvm /usr ├─vg-vol2 (dm-3) 254:302G 0 lvm │ └─swap (dm-5) 254:502G 0 crypt └─vg-vol5 (dm-4) 254:40 2.8G 0 lvm └─home (dm-6) 254:60 2.8G 0 crypt /home vdd 253:48 05G 0 disk └─vdd1 253:49 05G 0 part └─md127 9:127 0 15G 0 raid5 ├─vg-vol1 (dm-0) 254:00 200M 0 lvm /boot ├─vg-vol3 (dm-1) 254:102G 0 lvm / ├─vg-vol4 (dm-2) 254:208G 0 lvm /usr ├─vg-vol2 (dm-3) 254:302G 0 lvm │ └─swap (dm-5) 254:502G 0 crypt └─vg-vol5 (dm-4) 254:40 2.8G 0 lvm └─home (dm-6) 254:60 2.8G 0 crypt /home lvm ~ # systemd-analyze blame 3.314s systemd-cryptsetup@home.service 803ms systemd-udev-trigger.service 198ms systemd-cryptsetup@swap.service 134ms systemd-fsck-root.service 123ms dhcpcd@enp0s3.service 121ms systemd-udev-settle.service 114ms systemd-logind.service 111ms sshd.service 109ms lvm2-activation-early.service 100ms systemd-modules-load.service 60ms lvm2-activation.service 58ms systemd-sysctl.service 58ms systemd-vconsole-setup.service 56ms mdadm.service 55ms dev-mqueue.mount 55ms dev-hugepages.mount 48ms sys-kernel-debug.mount 48ms systemd-random-seed-load.service 47ms systemd-fsck@dev-disk-by\x2dlabel-Boot.service 45ms systemd-tmpfiles-setup-dev.service 44ms