Attaching GELI device on boot

Fabian Keil freebsd-listen at fabiankeil.de
Sun Mar 24 13:42:58 UTC 2013 

Stephan Schindel <sts at tp1.rub.de> wrote:

> i've got a problem attaching a geli device on boot. My setup:
> 
> ada0 and ada1 full geli setup (no partition schemes). ZFS on both. ada0
> is my root device. I can boot into the system there is no problem with
> it. But now I want to attach ada1 on boot as well using a single
> keyfile. My rc.conf looks like this:
> 
> ...
> geli_autodetach="NO"
> geli_devices="ada1"
> geli_ada1_flags="-p -k /root/ada1.key"
> ...
> 
> The problem is that geli does not want to attach the device at first. It
> claims about (missing?) metadata and inappropriate file format (I dont
> know where geli logs this). It tries to attach the device 3 times which
> is the default option with no success.

Are you sure that "It" is the geli rc script and not the kernel
itself which could happen if the BOOT flag was set on ada1.

You can increase the geli log level with kern.geom.eli.debug.
For details see "man geli".

> BUT once the system is booted up and I can login, I can manually start
> 
> /etc/rc.d/geli onestart
> 
> and it will successfully attach the device.

Does this result in the "Configuring Disk Encryption for ..." message?

>                                             So configuration seems to be
> fine, only the order the services started seems to be wrong (e.g. devd
> is being started AFTER geli tries to attach the device, why??)

devd is supposed to be started between geli and geli2:

fk at r500 ~ $rcorder /etc/rc.d/* | egrep devd\|geli
/etc/rc.d/geli
/etc/rc.d/devd
/etc/rc.d/geli2

> Also there is a problem with sabnzbd which is being started before the
> network is set-up, which is wrong as well.

That seems to be an unrelated problem so probably it belongs
in a different thread. I don't use sabnzbd and thus have no
opinion on this.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20130324/06e48052/attachment.sig>

More information about the freebsd-questions mailing list