zfs-multi-unlock
Imports, unlocks and optionally mounts several ZFS datasets while asking for the encryption passphrase as rarely as possible. If the same encryption passphrase is used on several datasets, it will ask once.
This script can be used in a systemd service to unlock encrypted datasets during boot. Practical if using several datasets with the same passphrase.
Fork
Originally created by Pawel Ginalski https://github.com/gbytedev/zfs-multi-mount. This fork brings several improvements/changes to the upstream repo:
- tries to import the referenced pools first
- swaps the default mounting behaviour by replacing
-n/--no-mount
with-m/--mount
- improved script robustness
Installation
Just drop the script in any of your $PATH
directories, e.g. /usr/local/sbin
:
sudo wget -O /usr/local/sbin/zfs-multi-unlock https://raw.githubusercontent.com/msladek/zfs-multi-unlock/master/zfs-multi-unlock.sh
sudo chmod +x /usr/local/sbin/zfs-multi-unlock
Usage
Unlock all already imported datasets
zfs-multi-unlock
Import and unlock specific datasets
zfs-multi-unlock poolA/dataset1 poolA/dataset2 poolB/dataset3
Unlock all already imported datasets and mount them
zfs-multi-unlock --mount
Use within systemd context (in a systemd service)
zfs-multi-unlock --systemd
Example of a systemd service file using this script to unlock ZFS datasets
/etc/systemd/system/zfs-multi-unlock.service
[Unit]
Description=Unlock all datasets
DefaultDependencies=no
Before=zfs-mount.service
Before=systemd-user-sessions.service
After=zfs-import.target
OnFailure=emergency.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/zfs-multi-unlock --systemd
[Install]
WantedBy=zfs-mount.service