When ZFS became a first class citizen under Ubuntu, the issue of ZFS on Linux with LUKS not auto-mounting properly at startup was finally addressed in Xenial 16.04.
The following steps successfully produced a successful auto-mount on a nightly build of Xenial in VirtualBox:
- list disk devices using /dev/disk/by-id
sudo ls /dev/disk/by-id- identify the disk device for the LUKS container. Here, the example is a VirtualBox device:
ata-VBOX_HARDDISK_VBd5b297e5-009dc9f9
- create a key file
sudo dd if=/dev/urandom of=/root/key bs=1024 count=64- encrypt [using defaults here for simplicity] target block device with key file
sudo cryptsetup luksFormat /dev/disk/by-id/ata-VBOX_HARDDISK_VBd5b297e5-009dc9f9 /root/key- find the newly encrypted LUKS container uuid
sudo blkid-
the result should show the device with TYPE="crypto_LUKS" /dev/sdc: UUID="b7458a4d-2d45-42bc-8fe7-f392e0a0f85f" TYPE="crypto_LUKS"
-
open the LUKS container with key file and map it to a name, example here is mapped to "crypt-c"
sudo cryptsetup luksOpen UUID=b7458a4d-2d45-42bc-8fe7-f392e0a0f85f --key-file /root/key crypt-c- add a line for the new LUKS container under crypttab so it can be identified during startup
sudo nano /etc/crypttabcrypt-c UUID=b7458a4d-2d45-42bc-8fe7-f392e0a0f85f /root/key luks
- Identify the LUKS partition UUID
sudo ls /dev/disk/by-id- the result should show the device starting with dm-uuid-CRYPT:
dm-uuid-CRYPT-LUKS1-b7458a4d2d4542bc8fe7f392e0a0f85f-crypt-c
- create the zfs partition on top of the LUKS partition
sudo zpool create -o ashift=12 zfs-test-pool /dev/disk/by-id/dm-uuid-CRYPT-LUKS1-b7458a4d2d4542bc8fe7f392e0a0f85f-crypt-c-
nothing added under /etc/fstab
-
upon restarting, zfs-test-pool is auto-mounted and can be verified with zpool status
Reference links:
zfs-raid-and-luks-encryption-in-linux