ZFS rc.d/zfskeys runs twice on boot, how?

B

Brian Cully

this isn't a problem by itself, but i want to know what the mechanism for it is, as i can't tell just by reading the rc script itself.

the reason i want to know is that i have a custom rc script which i use to mount a usb thumb drive, containing my zfs keys, on boot, before the zfskeys rc script, and then after zfskeys is run, i want to unmount the thumb drive.

i do have this working, but it only runs once, right before and after the first invocation of zfskeys. a bit after that the rc system remounts everything (i don't know why, but i assume this is a two-stage thing where critical filesystems are mounted, then at some point later all filesystems are mounted).

for the remount zfskeys is invoked again somehow, but my rc scripts which are supposed to run around zfskeys do not run and the second zfskeys invocation throws an error about being unable to load keys from my thumb drive.

as it turns out, everything still works because all the filesystems i need are needed during that first mounting when zfskeys can load things from the thumb drive, but i'd like my scripts to be more robust and i don't like having errors during boot.

this is the mounting script:
sh: 
#!/bin/sh

# PROVIDE: zkeysmount
# REQUIRE: zpool
# BEFORE:  zfskeys

. /etc/rc.subr

name="zkeysmount"
desc="mount removable storage with zfs keys"
rcvar="zkeysmount_enable"
required_modules="zfs"

start_cmd="mount_zkeys"
stop_cmd=":"

: ${zkeysmount_device:='/dev/gpt/zkey'}
: ${zkeysmount_fstype:='msdos'}
: ${zkeysmount_options:=''}
: ${zkeysmount_mountpoint:='/zkey'}

mount_zkeys()
{
    logger -t $name "mounting ${zkeysmount_device} on ${zkeysmount_mountpoint}"
    mount -t "${zkeysmount_fstype}" ${zkeysmount_options} "${zkeysmount_device}" "${zkeysmount_mountpoint}"
}

load_rc_config $name
run_rc_command "$1"

and the unmounting script:
sh: 
#!/bin/sh

# PROVIDE: zkeyunmount
# REQUIRE: zkeysmount zfskeys
# BEFORE:  LOGIN

. /etc/rc.subr

name="zkeysunmount"
desc="unmount removable storage with zfs keys"
rcvar="zkeysmount_enable"
required_modules="zfs"

start_cmd="unmount_zkeys"
stop_cmd=":"

: ${zkeysmount_device:='/dev/gpt/zkey'}
: ${zkeysmount_fstype:='msdos'}
: ${zkeysmount_options:=''}
: ${zkeysmount_mountpoint:='/zkey'}

unmount_zkeys()
{
    logger -t $name "unmounting ${zkeysmount_mountpoint}"
    umount "${zkeysmount_mountpoint}"
}

load_rc_config $name
run_rc_command "$1"
 
If you grep for zfskeys in rc.d/, you will find it's also run from rc.d/zfs:

zfs_poststart()
{
# Some of the keys to decrypt datasets are potentially stored on ZFS
# datasets that just got mounted. Let's try to load those keys and
# mount the datasets.
if checkyesno zfskeys_enable; then
/etc/rc.d/zfskeys start
zfs_start
fi
}
Click to expand...
 
ah, thank you. that's unfortunate. i wonder if there's more general interest in a setup like mine and if it'd be worth trying to submit a patch to integrate upstream. otherwise i'd have to maintain a local copy of that rc script which is a big "no, thanks" from me
 
bob2112 said:
Why not just umount after zfs? I can't see how it makes a significant difference.
Click to expand...

the issue here is that when the "mounting local filesystems" step is done, the existing mount for the usb key is wiped out. i'm currently not using the unmount rc script at all as a result.
 
You must log in or register to reply here.
Back
Top