Hi, i want to set up automatic encryption key loading for my datasets.
I could write my own systemd service but i checked zfs-load-keys.service first and there already is such a unit on my Ubuntu server (zfs-2.2.2-0ubuntu9.1). But it’s masked and symlinks to /dev/null:
root@server:~# ls -l /usr/lib/systemd/system/zfs-load-key.service
lrwxrwxrwx 1 root root 9 Sep 5 2024 /usr/lib/systemd/system/zfs-load-key.service -> /dev/null
What does this mean? Did the package maintainer set this up? Why? Should i remove this if i want to set up my own service or generally speaking how should i move forward?
Thank you for reading.
This is normal. What you need is zfs-load-key@.service located at /etc/systemd/system/zfs-load-key@.service.
You just do this for every key you need to load: systemctl enable zfs-load-key@FILESYSTEM.service where FILESYSTEM is the one you want to load the key for. It will load the key based on keylocation and keyformat properties. Then zfs-mount.service will be able to mount encrypted filesystems automatically at boot.
1 Like
Got it. I assume i can use the unit file from here: How to auto load-key and mount natively encrypted ZFS Pool (no luks) - Guides - openmediavault
But why should i do it that way instead of writing a custom-zfs-load-key.service unit that executes zfs load-key -a?
I’m gonna follow your advice but i’m curious and want to understand.