DescriptionNathaniel McCallum
2017-08-02 20:33:08 UTC
Currently, systemd generates cryptsetup unit files directly from /etc/crypttab. Due to dependencies, these unit files are always started before networking comes up.
In some cases, clevis can answer the systemd-ask-password prompts for these block devices automatically. But in most of those cases, network access is required. In attempting to properly order this setup, a circular dependency arises.
We have a few options.
First, we could try to auto-detect the clevis policy dependencies from the disk. This is doable via udev. The problem is that units are generated from /etc/crypttab whether the disks or present or not. This creates a race-condition when devices aren't connected to the system before the generation of unit files. This solution would be more comprehensive, but would also be more work.
Second, we could implement a _netdev like option in /etc/crypttab. This would be less featureful and less dynamic, but would also help iSCSI people. For an existing RFE, see: https://github.com/systemd/systemd/issues/4642
Comment 1Nathaniel McCallum
2017-08-02 20:34:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2018:0711