07.08.2018 22:33, Andrei Borzenkov пишет:
07.08.2018 11:52, Carlos E. R. пишет:
Hi,
On one machine (Leap 42.3) with encrypted home, when it boots and I'm not there it waits forever at the password prompt (not using plymouth).
By default systemd service that decrypts container has no timeout. You can change it in /etc/crypttab using timeout= option.
As it acts as my home server, this is incovenient:
/etc/crypttab:
cr_home /dev/disk/by-id/ata-KINGSTON... none none
/etc/fstab:
/dev/mapper/cr_home /home xfs lazytime,exec,nofail 1 2
On another machine (a laptop wit 15.0) if I don't type the password fast enough it goes into emergency mode, prompting me to repair or pressing control-D. It doesn't even wait 3 minutes:
/etc/crypttab:
cr_sda8 /dev/sda8
/etc/fstab:
LABEL=Home /home xfs lazytime 0 1
The difference is that in the former case systemd actually knows device name (/dev/mapper/cr_home) and this device name has explicit dependency on systemd-cryptsetup service which means job to mount filesystem is not even started. While in the latter case there is no connection between LABEL=Home and encrypted container (you need to decrypt it first to know label) so mount job is started in parallel to decrypt job, times out and triggers emergency mode. If you use same configuration in both case they also behave identically (i.e. Leap 15 will wait indefinitely just as well).
It was not quite correct. systemd cryptsetup generator explicitly disables start timeout for /dev/mapper/<device name>, so in the former case it waits indefinitely for device to appear. In the latter case it times out waiting for device with LABEL=Home because this device has no connection to /dev/mapper/cr_sda8 (no way to scan for labels before it is decrypted).
...>
I don't know how to control these timings decissions.
timeout= option in /etc/crypttab. Sometimes I wonder why people even bother to write manual pages if nobody reads them anyway ...
Note that is does not work with Plymouth. Passphrase query screen remains stuck and neither X11 GUI appears nor can I switch to text login (I just get empty terminal). I believe this is plymouth bug - there is job to stop plymouth at the end of boot sequence and it has infinite timeout and it probably fails to properly stop plymouth in this state.