Problem:
I have a service,seafile.service, that automatically starts a Seafile server after boot. However, this service is failing to start on my Ubuntu server that has an encrypted /home partition. The service requires access to the /home/sfadmin/seafile/seafile-server-latest/seafile.sh as shown in this guide.
The service fails to automatically start the Seafile server even after manual decryption of the /home partition. When I manually start the service by doing sudo systemctl start seafile.service, it works, however, I am asked for decryption passphrase for /home partition even though the partition is already decrypted and mounted. Even if I input a wrong passphrase, the service will start without issues.
Background:
- I am running Ubuntu 16.04.4 LTS server with an encrypted
/homepartition. The/homepartition is encrypted using DMCrypt (cryptsetup). I used this guide to encrypt my/homepartition. - My
/etc/fstabis configured withnofaildirective for my/homepartition as follows:/dev/mapper/data-home /home ext4 defaults,nofail 0 2 - My
/etc/crypttabis configured as follows:data UUID=myuuidhere none luks,discard,noearly,nofail - Decryption of my
/homepartition is done manually. After every boot, I remotely decrypt the/homepartition using SSH with the commandsudo cryptsetup luksOpen /dev/sda3 data. - After decryption, Ubuntu automatically mounts the
/homepartition.
Attempted solution
Since the Seafile service (/etc/systemd/system/seafile.service) requires access to the /home partition, I used the follow directives for my service configuration: ConditionPathExists, Requires, and After. Below is my exact service definition.
[Unit]
Description=Seafile
ConditionPathExists=/home/sfadmin
Requires=home.mount
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target mysql.service home.mount
[Service]
Type=forking
ExecStart=/home/sfadmin/seafile/seafile-server-latest/seafile.sh start
ExecStop=/home/sfadmin/seafile/seafile-server-latest/seafile.sh stop
User=sfadmin
Group=sfadmin
[Install]
WantedBy=multi-user.target
Issue:
After the Ubuntu server is rebooted, I remotely login using SSH and manually decrypt the /home partition. I confirmed that the /home partition is automatically mounted, however, the seafile.service still fails to start due to dependencies.
When I manually try to start the seafile.service using the command sudo systemctl start seafile.service, I get prompted for passphrase to decrypt the /home partition even though it is already decrypted. When asked for the passphrase, I leave it blank and press enter, and I don't get another prompt. When I check the status of the seafile.service, it is now started and active.
I think the possible culprit of seafile.service not being able to start could be related to the system asking for a passphrase to decrypt the /home partition even though it is already decrypted.
Why is the system asking for the passphrase when starting seafile.service manually when /home partition is already decrypted?
See the steps below:
$ sudo cryptsetup luksOpen /dev/sda3 data
Enter passphrase for /dev/sda3:
$ sudo systemctl status seafile.service
● seafile.service - Seafile
Loaded: loaded (/etc/systemd/system/seafile.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Mar 10 04:14:02 VM-SERVER systemd[1]: Dependency failed for Seafile.
Mar 10 04:14:02 VM-SERVER systemd[1]: seafile.service: Job seafile.service/start failed with result 'dependency'.
$ sudo systemctl start seafile.service
Please enter passphrase for disk data!
$ sudo systemctl status seafile.service
● seafile.service - Seafile
Loaded: loaded (/etc/systemd/system/seafile.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-03-10 04:36:46 EST; 11s ago
Process: 1589 ExecStart=/home/sfadmin/seafile/seafile-server-latest/seafile.sh start (code=exited, status=0/SUCCESS)
Tasks: 15
Memory: 21.2M
CPU: 528ms
CGroup: /system.slice/seafile.service
├─1614 /home/sfadmin/seafile/seafile-server-6.2.5/seafile/bin/seafile-controller -c /home/sfadmin/seafile/ccnet -d /home/sfadmin/seafile/seafile-data -F /home/sfadmin/seafile/conf
├─1616 ccnet-server -F /home/sfadmin/seafile/conf -c /home/sfadmin/seafile/ccnet -f /home/sfadmin/seafile/logs/ccnet.log -d -P /home/sfadmin/seafile/pids/ccnet.pid
└─1618 seaf-server -F /home/sfadmin/seafile/conf -c /home/sfadmin/seafile/ccnet -d /home/sfadmin/seafile/seafile-data -l /home/sfadmin/seafile/logs/seafile.log -P /home/sfadmin/seafile/pids/seaf-server.pid
Mar 10 04:36:42 VM-SERVER systemd[1]: Starting Seafile...
Mar 10 04:36:43 VM-SERVER seafile.sh[1589]: [03/10/18 04:36:43] ../common/session.c(132): using config file /home/sfadmin/seafile/conf/ccnet.conf
Mar 10 04:36:43 VM-SERVER seafile.sh[1589]: Starting seafile server, please wait ...
Mar 10 04:36:46 VM-SERVER systemd[1]: Started Seafile.
