I have a server running Ubuntu Server 20.04 and I want to launch a script as soon as a known USB Encrypted (LUKS) device is plugged in into the server.
For launching the script, I already have the script and a systemd service that starts the service after the drive is mounted:
/etc/systemd/system/mybackup.service
[Unit]
Description=Backup
Requires=mnt-encrypted.mount
After=mnt-encrypted.mount
[Service]
ExecStart=/path/to/script.sh
For the external USB Encrypted drive, I have an entry into /etc/crypttab
encrypted UUID=<UUID> /path/to/key luks,noauto
And a service into /etc/systemd/system/mnt-encrypted.mount
[Unit]
Description=Mount unit for backup
[Mount]
What=/dev/mapper/encrypted
Where=/mnt/encrypted
Options=defaults
However, I know that the mnt-encrypted.mount Unit is incomplete. It has to run after the generated file by systemd-cryptsetup-generator, so the volume has been decrypted and can be mounted.
How can I do that? or, what is missing in my mnt-encrypted.mount file?
Edit
After reading different posts here and there (added at the end) I finally understood that systemd does not mount your drive automatically when you plugin the drive. It is udev the one that will trigger the mounting, and you can indicate to do it through systemd.
Things that have to be done:
- Add an entry to
/etc/crypttabif the disk is encrypted - Modify
/etc/fstabwith an entry for the external drive. This will generate asystemdunit for the mount - Copy the `systemd`` service that will start the backup when the disk is mounted
- Create an
udevrules that will start thesystemdservice when the disk is plugged in
For example:
[Unit]
Description=Backup service
Requires=mnt-human-readable-label.mount
After=mnt-human-readable-label.mount
[Service]
ExecStart=/path/to/backup-script.sh
User=your-user
Group=your-group
[Install]
WantedBy=mnt-human-readable-label.mount
/etc/crypttab
human-readable-label UUID=your-disk-uuid /path/to/key luks,noauto,nofail
/etc/fstab
/dev/mapper/human-readable-label /mnt/human-readable-label ext4 defaults,noauto,nofail,x-systemd.automount,x-systemd.device-timeout=15s,x-systemd.idle-timeout=30 0 0
/etc/udev/rules.d/99-my-usb-dribe.rules (Use lsusb for getting the Product id)
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idProduct}=="id-product", ENV{SYSTEMD_WANTS}="external-backup.service", TAG+="systemd"
Then:
# Copy the systemd service that will start the backup script to the right place
sudo cp external-drive/external-backup.service /etc/systemd/system/external-backup.service
# Reload file system services for creating mount services for the external drive
sudo systemctl restart local-fs.target
sudo systemctl restart remote-fs.target
# Enable the backup service
sudo systemctl enable external-backup.service
# Reload the UDEV ruls
sudo udevadm control --reload-rules
# Reload systemd daemon
sudo systemctl daemon-reload
Different sources I used:
- http://jasonwryan.com/blog/2014/01/20/udev/
- https://withblue.ink/2020/01/19/auto-mounting-encrypted-drives-with-a-remote-key-on-linux.html
- https://unix.stackexchange.com/questions/246935/set-systemd-service-to-execute-after-fstab-mount
- How to run a script when a specific flash-drive is mounted?
- https://serverfault.com/questions/766506/automount-usb-drives-with-systemd
- https://unix.stackexchange.com/a/570987
