3

I have a server running Ubuntu Server 20.04 and I want to launch a script as soon as a known USB Encrypted (LUKS) device is plugged in into the server.

For launching the script, I already have the script and a systemd service that starts the service after the drive is mounted:

/etc/systemd/system/mybackup.service

[Unit]
Description=Backup
Requires=mnt-encrypted.mount
After=mnt-encrypted.mount

[Service]
ExecStart=/path/to/script.sh

For the external USB Encrypted drive, I have an entry into /etc/crypttab

encrypted UUID=<UUID> /path/to/key luks,noauto

And a service into /etc/systemd/system/mnt-encrypted.mount

[Unit]
Description=Mount unit for backup

[Mount]
What=/dev/mapper/encrypted
Where=/mnt/encrypted
Options=defaults

However, I know that the mnt-encrypted.mount Unit is incomplete. It has to run after the generated file by systemd-cryptsetup-generator, so the volume has been decrypted and can be mounted.

How can I do that? or, what is missing in my mnt-encrypted.mount file?

Edit

After reading different posts here and there (added at the end) I finally understood that systemd does not mount your drive automatically when you plugin the drive. It is udev the one that will trigger the mounting, and you can indicate to do it through systemd.

Things that have to be done:

  • Add an entry to /etc/crypttab if the disk is encrypted
  • Modify /etc/fstab with an entry for the external drive. This will generate a systemd unit for the mount
  • Copy the `systemd`` service that will start the backup when the disk is mounted
  • Create an udev rules that will start the systemd service when the disk is plugged in

For example:

[Unit]
Description=Backup service
Requires=mnt-human-readable-label.mount
After=mnt-human-readable-label.mount

[Service]
ExecStart=/path/to/backup-script.sh
User=your-user
Group=your-group


[Install]
WantedBy=mnt-human-readable-label.mount

/etc/crypttab

human-readable-label UUID=your-disk-uuid /path/to/key luks,noauto,nofail

/etc/fstab

/dev/mapper/human-readable-label /mnt/human-readable-label ext4     defaults,noauto,nofail,x-systemd.automount,x-systemd.device-timeout=15s,x-systemd.idle-timeout=30 0 0

/etc/udev/rules.d/99-my-usb-dribe.rules (Use lsusb for getting the Product id)

SUBSYSTEM=="usb", ACTION=="add", ATTRS{idProduct}=="id-product", ENV{SYSTEMD_WANTS}="external-backup.service", TAG+="systemd"

Then:

# Copy the systemd service that will start the backup script to the right place
sudo cp external-drive/external-backup.service /etc/systemd/system/external-backup.service

Reload file system services for creating mount services for the external drive


sudo systemctl restart local-fs.target
sudo systemctl restart remote-fs.target


Enable the backup service


sudo systemctl enable external-backup.service


Reload the UDEV ruls


sudo udevadm control --reload-rules


Reload systemd daemon


sudo systemctl daemon-reload

Different sources I used:

Manuel
  • 938
  • 11
  • 20

1 Answers1

2

I know this is an old enough question and problem probably already resolved, but mounts, as all other systemd units, should support dependencies

The common configuration items are configured in the generic [Unit] and [Install] sections.

So adding following [Install] section should be enough:

[Install]
After = systemd-cryptsetup-generator.service

(i'm not sure if systemd-cryptsetup-generator is a service, but if it's anything else, changing extension should be enough)

Etki
  • 121
  • 4
  • Thanks for you answer Etki. I already solved my issue and learnt a lot during the process. I'll update my answer with the key things that I was missing. – Manuel Dec 29 '20 at 16:48