Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Mar 2013 14:37:24 +0100
From:      Fabian Keil <freebsd-listen@fabiankeil.de>
To:        Stephan Schindel <sts@tp1.rub.de>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Attaching GELI device on boot
Message-ID:  <20130324143724.61268ca2@fabiankeil.de>
In-Reply-To: <514D98BF.7090202@tp1.rub.de>
References:  <514D98BF.7090202@tp1.rub.de>

next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/MQdrupzwj385m4N4SLKpiTU
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Stephan Schindel <sts@tp1.rub.de> wrote:

> i've got a problem attaching a geli device on boot. My setup:
>=20
> ada0 and ada1 full geli setup (no partition schemes). ZFS on both. ada0
> is my root device. I can boot into the system there is no problem with
> it. But now I want to attach ada1 on boot as well using a single
> keyfile. My rc.conf looks like this:
>=20
> ...
> geli_autodetach=3D"NO"
> geli_devices=3D"ada1"
> geli_ada1_flags=3D"-p -k /root/ada1.key"
> ...
>=20
> The problem is that geli does not want to attach the device at first. It
> claims about (missing?) metadata and inappropriate file format (I dont
> know where geli logs this). It tries to attach the device 3 times which
> is the default option with no success.

Are you sure that "It" is the geli rc script and not the kernel
itself which could happen if the BOOT flag was set on ada1.

You can increase the geli log level with kern.geom.eli.debug.
For details see "man geli".

> BUT once the system is booted up and I can login, I can manually start
>=20
> /etc/rc.d/geli onestart
>=20
> and it will successfully attach the device.

Does this result in the "Configuring Disk Encryption for ..." message?

>                                             So configuration seems to be
> fine, only the order the services started seems to be wrong (e.g. devd
> is being started AFTER geli tries to attach the device, why??)

devd is supposed to be started between geli and geli2:

fk@r500 ~ $rcorder /etc/rc.d/* | egrep devd\|geli
/etc/rc.d/geli
/etc/rc.d/devd
/etc/rc.d/geli2

> Also there is a problem with sabnzbd which is being started before the
> network is set-up, which is wrong as well.

That seems to be an unrelated problem so probably it belongs
in a different thread. I don't use sabnzbd and thus have no
opinion on this.

Fabian

--Sig_/MQdrupzwj385m4N4SLKpiTU
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlFPAZkACgkQBYqIVf93VJ1UqACeO05887w2ZN3pOqPBhVCQwr7d
QhwAoJJo0oTGRhE8fF4BeUedhkAikj81
=109Z
-----END PGP SIGNATURE-----

--Sig_/MQdrupzwj385m4N4SLKpiTU--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130324143724.61268ca2>