In Debian with systemd, I use zfs and lxc. My zfs datasets are encrypted and their keys can be loaded from a network host via my
/etc/zfs/zfs-load-key.sh script. My LXC containers are started by
Loading the keys requires the network up and running (otherwise I get the error “no route to host”) but lxc.service requires the keys to be loaded.
Sounds trivial, but isn’t. I created this file
(Unit) Description=Load %I encryption keys from network host DefaultDependencies=no Before=zfs-mount.service lxc.service After=zfs-import.target network-online.target Requires=zfs-import.target Wants=network-online.target (Service) Type=oneshot RemainAfterExit=yes ExecStart=/etc/zfs/zfs-load-key.sh %I (Install) WantedBy=zfs-mount.service lxc.service
and enabled them via:
systemctl enable email@example.com systemctl enable firstname.lastname@example.org
For for some reason, my LXC containers do not start because the keys were not yet loaded, ALTHOUGH I have
Why does this service not run at the right time, i.e. after the network is up and before lxc?
How to fix it?