B. Alexander wrote:
[snip]
The fix is probably simple, but I haven't found the right combination of
secret sauce to get all drives decrypted before the system issues vgchange
-a y, which results in a panic or other Bad Things.
I'd say the design of your setup is the problem. Obviously, this doesn't
answer your question, but consider encrypting the logical volume instead of
the physical volumes. It makes much more sense to me.
Does anyone know the right way to get the drives decrypted first?
The fun might take place in your init scripts or in your initramfs,
depending on your configuration. Unfortunately, things are currently moving
in this domain, and I'm not sure about Debian's position here -- thus I
cannot recommend you a hack over any other. Maybe someone can.
I (very) quickly overviewed the initscripts, it looks like the same code in
/lib/cryptsetup/cryptdisks.functions is called twice by cryptdisks-early
(before lvm2), and then by cryptdisks (after lvm2). Supposedly, the -early
script can't decrypt some devices, I just don't know why. By the looks of
it all, I wouldn't be surprised if there were some dependency problems for
unusual setups; is the problematic device a raid volume or something?
If you mount your filesystems in your initramfs (which should really be done
only for the root fs), you might be able to put some hooks in
/etc/initramfs-tools. I'm not really comfortable with it, so you should
read the initramfs-tools(8) manual page or wait for more help.
-thib
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4bf02141.50...@stammed.net
