On Sat, Sep 25, 2021 at 1:48 PM antlists <antli...@youngman.org.uk> wrote: [...]
> Bear in mind, integritysetup is not in my initrd, so ... > I think you would need to put it in your initrd. > It looks to me like grub switches to the real root partition read-only > before firing stuff off, so if I tell my integritysetup.service to run > before local-fs.target, does that mean everything should be working > before systemd runs fstab? > > Bear in mind dm-integrity is on my raw partitions, and I'm running lvm > and md-raid, I'm guessing they're part of local-fs-pre.target? So I > really need to run dm-integrity before that? Or preferably add > dm-integrity TO that - how do I do that? > > The problem is this isn't all that discoverable - even digging around > /etc/systemd, it's hard to find clues ... > As Rich already mentioned it, noauto != remove mount point from fstab. That's the first thing. Then you need to specify that home.mount should run *after* md/LVM, which in turn runs after your integrity setup service. The problem is: you have root (/) on md/LVM too; I know they are different RAIDs/volumes, but there is one *service* for RAID and LVM, at least out-of-the-box, in systemd. You could try to split different instances using templates (the units with @ in their names), but the simplest solution is to put your integrity logic in the initrd (with the added benefit that you can mount it in emergencies if something goes wrong with root). If you have the integrity logic in early boot, then your integrity setup service should have: Before=mdmonitor.service lvm2-lvmetad.service And I think that should be enough? The home.mount unit depends on the underlying device being available, and that will happen only after md and LVM have done it's thing. Regards. -- Dr. Canek Peláez Valdés Profesor de Carrera Asociado C Departamento de Matemáticas Facultad de Ciencias Universidad Nacional Autónoma de México
