Start with systemd on encrypted disk

I installed Syncthing v0.12.2 with apt-get on Ubuntu 15.10 and setup the systemd service as explained here. I used the system version with my account benoit, since I wanted Syncthing to be started on boot without the need to log in:

systemctl enable syncthing@benoit.service

Then I started it:

systemctl start syncthing@benoit.service

Everything worked fine… until the system reboots. On every boot, Syncthing recreates the whole configuration, including the localhost device id. Logs show that Syncthing tries several times to recreate the certificate but can’t save it because of a lack of access right. Finally Syncthing starts, but with a different device id on every boot. Here is the logs at boot:

Nov 11 16:42:54 lang syncthing[671]: [start] INFO: Generating RSA key and certificate for syncthing...
Nov 11 16:43:01 lang syncthing[671]: [start] FATAL: save cert: open /home/benoit/.config/syncthing/cert.pem: permission denied
Nov 11 16:43:01 lang systemd[1]: syncthing@benoit.service: Main process exited, code=exited, status=1/FAILURE
Nov 11 16:43:01 lang systemd[1]: syncthing@benoit.service: Unit entered failed state.
Nov 11 16:43:01 lang systemd[1]: syncthing@benoit.service: Failed with result 'exit-code'.
Nov 11 16:43:01 lang systemd[1]: syncthing@benoit.service: Service hold-off time over, scheduling restart.
Nov 11 16:43:01 lang syncthing[1307]: [start] INFO: Generating RSA key and certificate for syncthing...
Nov 11 16:43:03 lang syncthing[1307]: [start] FATAL: save cert: open /home/benoit/.config/syncthing/cert.pem: permission denied
Nov 11 16:43:03 lang systemd[1]: syncthing@benoit.service: Main process exited, code=exited, status=1/FAILURE
Nov 11 16:43:03 lang systemd[1]: syncthing@benoit.service: Unit entered failed state.
Nov 11 16:43:03 lang systemd[1]: syncthing@benoit.service: Failed with result 'exit-code'.
Nov 11 16:43:03 lang systemd[1]: syncthing@benoit.service: Service hold-off time over, scheduling restart.
Nov 11 16:43:03 lang syncthing[1365]: [start] INFO: Generating RSA key and certificate for syncthing...
Nov 11 16:43:06 lang syncthing[1365]: [start] FATAL: save cert: open /home/benoit/.config/syncthing/cert.pem: permission denied
Nov 11 16:43:06 lang systemd[1]: syncthing@benoit.service: Main process exited, code=exited, status=1/FAILURE
Nov 11 16:43:06 lang systemd[1]: syncthing@benoit.service: Unit entered failed state.
Nov 11 16:43:06 lang systemd[1]: syncthing@benoit.service: Failed with result 'exit-code'.
Nov 11 16:43:06 lang systemd[1]: syncthing@benoit.service: Service hold-off time over, scheduling restart.
Nov 11 16:43:06 lang syncthing[1376]: [start] INFO: Generating RSA key and certificate for syncthing...
Nov 11 16:43:08 lang syncthing[1376]: [CWKS3] INFO: syncthing v0.12.2 "Beryllium Bedbug" (go1.4.3 linux-amd64 default) unknown-user@build2.syncthing.net 2015-11-09 13:23:26 UTC
Nov 11 16:43:08 lang syncthing[1376]: [CWKS3] INFO: My ID: CWKS3KC-NHPWZBI-L4BFPWF-3T5QLRU-7N4KVQZ-SDGT2EI-6X4YOAU-IC3XXAV
Nov 11 16:43:09 lang syncthing[1376]: [CWKS3] INFO: Single thread hash performance is ~172 MB/s
Nov 11 16:43:09 lang syncthing[1376]: [CWKS3] OK: Ready to synchronize share-home (read-write)
Nov 11 16:43:09 lang syncthing[1376]: [CWKS3] INFO: Completed initial scan (rw) of folder share-home
Nov 11 16:43:09 lang syncthing[1376]: [CWKS3] INFO: Device CWKS3KC-NHPWZBI-L4BFPWF-3T5QLRU-7N4KVQZ-SDGT2EI-6X4YOAU-IC3XXAV is "lang" at [dynamic]
Nov 11 16:43:09 lang syncthing[1376]: [CWKS3] INFO: Device JDTUO3M-DBJYRV3-WJCX4KL-HD2S3C3-ZEKZYSQ-5K6MDXK-Q4S3PB4-FDRPXAT is "lang" at [dynamic]
Nov 11 16:43:09 lang syncthing[1376]: [CWKS3] INFO: Device SNLBCKW-7NEZOHL-NS44HVE-K3LSYRK-PRDLTAM-X5Z3RRI-PESEMNH-DKBT3AG is "lang" at [dynamic]
Nov 11 16:43:09 lang syncthing[1376]: [CWKS3] INFO: API listening on 127.0.0.1:8384
Nov 11 16:43:09 lang syncthing[1376]: [CWKS3] INFO: GUI URL is https://127.0.0.1:8384/

You notice the 3 devices named lang (my ubuntu localhost) generated on last system boots. I checked that syncthing runs with user benoit as expected, so I can’t figure out why there is permission problems.

Any help would be appreciated !

Check the permissions on the directory where the config goes. Also, if you are using encrypted home directories, it might not be decrypted at the time syncthing starts causing this issue.

1 Like

I checked permissions on the directory: my user can write in config directory. But my disk is actually encrypted, so it could be the explanation.

I am a newbie with systemd, but as far as I understand, I must give a target in the serviced config file that ensure that my home directory is mounted. In the synchting@.service file there is this line:

After=network.target

and the critical chain for this unit shows that network.target comes after local-fs.target. So my home directory must already be mounted when Syncthing starts… I don’t know which target put in After property to ensure that my home directory is decrypted. But it’s no more a problem related to Syncthing.

Anyway, thank you for the hint !

If you have a home dir encryption (not full system encryption), than (afaik) it will only decrypted when you log in.

Well it makes sense. Syncthing started only when I logged on my machine to see log file.

So I will use the user service of systemd that will be launched when user logs in.

Thank you for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.