Bug 1477757

Summary: [RFE] allow cryptsetup block device units to appear after networking comes up
Product: Red Hat Enterprise Linux 7 Reporter: Nathaniel McCallum <npmccallum>
Component: systemdAssignee: systemd-maint
Status: CLOSED ERRATA QA Contact: Frantisek Sumsal <fsumsal>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.5CC: dpal, fsumsal, harald, jjaburek, jsynacek, lpol, mthacker, npmccallum, systemd-maint-list, tbowling
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: systemd-219-47.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 11:21:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1475406    

Description Nathaniel McCallum 2017-08-02 20:33:08 UTC 
Currently, systemd generates cryptsetup unit files directly from /etc/crypttab. Due to dependencies, these unit files are always started before networking comes up.

In some cases, clevis can answer the systemd-ask-password prompts for these block devices automatically. But in most of those cases, network access is required. In attempting to properly order this setup, a circular dependency arises.

We have a few options.

First, we could try to auto-detect the clevis policy dependencies from the disk. This is doable via udev. The problem is that units are generated from /etc/crypttab whether the disks or present or not. This creates a race-condition when devices aren't connected to the system before the generation of unit files. This solution would be more comprehensive, but would also be more work.

Second, we could implement a _netdev like option in /etc/crypttab. This would be less featureful and less dynamic, but would also help iSCSI people. For an existing RFE, see: https://github.com/systemd/systemd/issues/4642
Comment 1 Nathaniel McCallum 2017-08-02 20:34:41 UTC 
This is also related: https://github.com/systemd/systemd/issues/5182
Comment 13 Lukáš Nykrýn 2017-09-26 07:47:13 UTC 
fix merged to upstream staging branch -> https://github.com/lnykryn/systemd-rhel/pull/141 -> post
Comment 16 Nathaniel McCallum 2017-10-12 21:00:54 UTC 
This is apparently an incomplete fix. See this for more detail:

https://github.com/systemd/systemd/pull/7078
Comment 18 Lukáš Nykrýn 2017-10-31 09:30:12 UTC 
fix merged to staging branch -> https://github.com/lnykryn/systemd-rhel/pull/166 -> post
Comment 20 Lukáš Nykrýn 2017-11-01 14:24:35 UTC 
fix merged to staging branch -> https://github.com/lnykryn/systemd-rhel/pull/167 -> post
Comment 25 errata-xmlrpc 2018-04-10 11:21:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0711