Difference between revisions of "LVM"
From Blue-IT.org Wiki
(Created page with "== Open encryted lvm partition == cryptsetup luksOpen /dev/sda5 my-crypt == Mount existing volume groups == sudo apt-get install lvm2 sudo modprobe dm-mod sudo vgchange...") |
(→Troubleshooting) |
||
(39 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | == HowTo - shrink and resize LUKS-encrypted LVM volumes == | ||
+ | LVM and LUKS are often used together within a standard encrypted setup. Sometimes we need to to e.g. shrink an existing Ubuntu installation to fit on another disk (move from bigger hdd to a smaller sdd) or vice versa. | ||
+ | |||
+ | Shrinking or sizing up is not such a big task. For most people the part of actually shrinking the ''partition of the harddrive'' is the most scary part! But, if using the right toolls and just calculate using a few GB of buffer size (which is really not a big thing in times where harddrive space is cheap), you don't have to deal with calculations of exact sector of offset sizes in fdisk or parted (but you can). | ||
+ | |||
+ | The best howtos I could find for Ubuntu which really sum up the essential tasks in a very good manner are on Ubuntuforums and on Archwiki. I mainly follow the Ubuntuforum article but when it comes to finally resize the ''harddrive partition'', the archwiki is more instructable using ''parted'' (in my opinion). Both describe the procedure using a '''life disk'''. If you are using your PC which is also encrypted hooked up with the destination harddrive you should read the [[LVM#Troubleshooting]] section about the correct name of the ''cryptdisk''. | ||
+ | |||
+ | * [http://ubuntuforums.org/showthread.php?t=726724 ubuntuforums.org thread (3/2008): How to Resize a LUKS Encrypted File System] | ||
+ | * [https://wiki.archlinux.org/index.php/Resizing_LVM-on-LUKS Arch-Wiki: REsizing LVM on LUKS] | ||
+ | |||
+ | == Install necessary apps == | ||
+ | |||
+ | E.g. on a rescue disc ... | ||
+ | |||
+ | apt-get install cryptsetup | ||
+ | |||
== Open encryted lvm partition == | == Open encryted lvm partition == | ||
− | cryptsetup luksOpen /dev/sda5 | + | |
+ | Be arefulat this step! | ||
+ | |||
+ | If this is the root device, you will need to '''use exactly the _ SAME NAME _ for the crypt''' (in our example: ''sda5_crypt'' for ''${my_crpyt_name}'') like in your destination Ubuntu environment. | ||
+ | If not, you will not be able to boot your device, because the system will be configured using the wrong name for your mapper name which is written down in ''/etc/crypttab'' (don't change this!). | ||
+ | |||
+ | # Please edit acccording to your entry in /etc/crypttab of your destination installation | ||
+ | # If you don't now it yet, see the troubleshooting section next. | ||
+ | |||
+ | my_crypt_name=sda5_crypt | ||
+ | cryptsetup luksOpen /dev/sda5 '''${my_crpyt_name}''' | ||
+ | |||
+ | === Troubleshooting === | ||
+ | '''Name of the cryptdisk is important''' | ||
+ | |||
+ | If you try to encrypt a system from within an encrypted system, which uses the _SAME_ crypt name as the destination system this will _NOT WORK_. Then the only way is to use a life cd or another PC with an uncrypted installation !!! | ||
+ | |||
+ | If you are unsure about the name of ''${my_crpyt_name}'' which is used within your destination setup, you have to look into its ''/etc/crypttab''. | ||
+ | To to this: decrypt your device, mount it, have a look into the ''/etc/crypttab'', unmount, uncrypt and start over again with the right name: | ||
+ | |||
+ | cryptsetup luksOpen /dev/sda5 test_crypt | ||
+ | mount /dev/mapper/vg-somename-root /mnt/test | ||
+ | |||
+ | '''nano /mnt/test/etc/crypttab''' | ||
+ | > '''sda5_crypt''' UUID=def346a0-6e33-4523-b99c-d7777b980b34 none luks,discard | ||
+ | |||
+ | umount /mnt/test | ||
+ | crpytsetup luksClose test_crypt | ||
+ | |||
+ | |||
+ | '''Resizing the disk partition table with tools like fdisk or parted'''. | ||
+ | |||
+ | Actually resizing the partition does not hurt anything on the filessystem! It just marks the space for the So be not afraid! Normally the partition table of an encrypted LUKS linux system looks like this: | ||
+ | |||
+ | /dev/sdx1 5G 83 Linux (this is /boot) | ||
+ | /dev/sdx2 115G 5 Extented | ||
+ | └─/dev/sdd5 115G 83 Linux | ||
+ | |||
+ | What we - after shrinking - want to achieve is something like this: | ||
+ | |||
+ | /dev/sdx1 5G 83 Linux (this is /boot) | ||
+ | /dev/sdx2 75G 5 Extented | ||
+ | └─/dev/sdd5 75G 83 Linux | ||
+ | Free space 40G | ||
+ | |||
+ | |||
+ | I am using ''parted'' (as shown in link to the the Arch-Wiki article above), but you also can use fdisk to do this. I just do the following: first resize the outer (extended partition no. 2), then resize the containing LUKS partition (here logical partition no. 5), remount LUKS, and check: | ||
+ | |||
+ | * resize to the minimal Size (in GB) | ||
+ | |||
+ | parted | ||
+ | resizepart 5 | ||
+ | [120GB]? 80GB | ||
+ | Warning ... | ||
+ | Yes? Yes | ||
+ | |||
+ | resizepart 2 | ||
+ | [120GB]? 80GB | ||
+ | Warning ... | ||
+ | Yes? Yes | ||
+ | |||
+ | * remount cryptdisk (luksOpen) | ||
+ | * scan for the volumes (vgchange -ay) | ||
+ | * check the filesystem (e2fsck -f /dev/mapper/volume-root | ||
+ | |||
+ | If the e2fsck went ok, everything is ok. | ||
+ | |||
+ | If something goes wrong here: | ||
+ | |||
+ | * vgchange -an (get rid of volumes) | ||
+ | * luksClose ... | ||
+ | * parted: give a few more space (often 1-2GB are enough) | ||
+ | * mount and recheck as shown above | ||
== Mount existing volume groups == | == Mount existing volume groups == | ||
Line 6: | Line 94: | ||
sudo apt-get install lvm2 | sudo apt-get install lvm2 | ||
sudo modprobe dm-mod | sudo modprobe dm-mod | ||
+ | |||
sudo vgchange -a y | sudo vgchange -a y | ||
+ | > 2 logical volume(s) in volume group "vg-whatever" now active | ||
+ | |||
+ | ls /dev/mapper | ||
+ | > control sda5_crypt '''vg--whatever--root''' vg--whatever--swap | ||
+ | |||
+ | # Please edit | ||
+ | my_root=/mnt/whatever_root | ||
+ | my_vg='''vg--whatever--root''' | ||
+ | my_boot_device=/dev/sda1 | ||
+ | |||
+ | # Mount /root and /boot | ||
+ | mkdir ${my_root} | ||
+ | mount /dev/mapper/${my_vg} ${my_root} | ||
+ | mount ${my_boot_device} ${my_root}/boot | ||
+ | |||
+ | # Chroot | ||
+ | mount -o bind /dev ${my_root}/dev; \ | ||
+ | mount -o bind /run ${my_root}/run; \ | ||
+ | mount -t proc /proc ${my_root}/proc; \ | ||
+ | mount -t sysfs /sys ${my_root}/sys | ||
+ | chroot ${my_root} | ||
+ | |||
+ | == Umount existing volume groups and close encrypted container == | ||
+ | |||
+ | sudo umount ${my_root}/* | ||
+ | sudo umount /dev/mapper/${my_vg} | ||
+ | sudo vgchange -a n | ||
+ | sudo cryptsetup luksClose ${my_crpyt} |
Latest revision as of 19:22, 20 June 2016
Contents
HowTo - shrink and resize LUKS-encrypted LVM volumes
LVM and LUKS are often used together within a standard encrypted setup. Sometimes we need to to e.g. shrink an existing Ubuntu installation to fit on another disk (move from bigger hdd to a smaller sdd) or vice versa.
Shrinking or sizing up is not such a big task. For most people the part of actually shrinking the partition of the harddrive is the most scary part! But, if using the right toolls and just calculate using a few GB of buffer size (which is really not a big thing in times where harddrive space is cheap), you don't have to deal with calculations of exact sector of offset sizes in fdisk or parted (but you can).
The best howtos I could find for Ubuntu which really sum up the essential tasks in a very good manner are on Ubuntuforums and on Archwiki. I mainly follow the Ubuntuforum article but when it comes to finally resize the harddrive partition, the archwiki is more instructable using parted (in my opinion). Both describe the procedure using a life disk. If you are using your PC which is also encrypted hooked up with the destination harddrive you should read the LVM#Troubleshooting section about the correct name of the cryptdisk.
- ubuntuforums.org thread (3/2008): How to Resize a LUKS Encrypted File System
- Arch-Wiki: REsizing LVM on LUKS
Install necessary apps
E.g. on a rescue disc ...
apt-get install cryptsetup
Open encryted lvm partition
Be arefulat this step!
If this is the root device, you will need to use exactly the _ SAME NAME _ for the crypt (in our example: sda5_crypt for ${my_crpyt_name}) like in your destination Ubuntu environment. If not, you will not be able to boot your device, because the system will be configured using the wrong name for your mapper name which is written down in /etc/crypttab (don't change this!).
# Please edit acccording to your entry in /etc/crypttab of your destination installation # If you don't now it yet, see the troubleshooting section next. my_crypt_name=sda5_crypt cryptsetup luksOpen /dev/sda5 ${my_crpyt_name}
Troubleshooting
Name of the cryptdisk is important
If you try to encrypt a system from within an encrypted system, which uses the _SAME_ crypt name as the destination system this will _NOT WORK_. Then the only way is to use a life cd or another PC with an uncrypted installation !!!
If you are unsure about the name of ${my_crpyt_name} which is used within your destination setup, you have to look into its /etc/crypttab. To to this: decrypt your device, mount it, have a look into the /etc/crypttab, unmount, uncrypt and start over again with the right name:
cryptsetup luksOpen /dev/sda5 test_crypt mount /dev/mapper/vg-somename-root /mnt/test
nano /mnt/test/etc/crypttab > sda5_crypt UUID=def346a0-6e33-4523-b99c-d7777b980b34 none luks,discard
umount /mnt/test crpytsetup luksClose test_crypt
Resizing the disk partition table with tools like fdisk or parted.
Actually resizing the partition does not hurt anything on the filessystem! It just marks the space for the So be not afraid! Normally the partition table of an encrypted LUKS linux system looks like this:
/dev/sdx1 5G 83 Linux (this is /boot) /dev/sdx2 115G 5 Extented └─/dev/sdd5 115G 83 Linux
What we - after shrinking - want to achieve is something like this:
/dev/sdx1 5G 83 Linux (this is /boot) /dev/sdx2 75G 5 Extented └─/dev/sdd5 75G 83 Linux Free space 40G
I am using parted (as shown in link to the the Arch-Wiki article above), but you also can use fdisk to do this. I just do the following: first resize the outer (extended partition no. 2), then resize the containing LUKS partition (here logical partition no. 5), remount LUKS, and check:
- resize to the minimal Size (in GB)
parted resizepart 5 [120GB]? 80GB Warning ... Yes? Yes resizepart 2 [120GB]? 80GB Warning ... Yes? Yes
- remount cryptdisk (luksOpen)
- scan for the volumes (vgchange -ay)
- check the filesystem (e2fsck -f /dev/mapper/volume-root
If the e2fsck went ok, everything is ok.
If something goes wrong here:
- vgchange -an (get rid of volumes)
- luksClose ...
- parted: give a few more space (often 1-2GB are enough)
- mount and recheck as shown above
Mount existing volume groups
sudo apt-get install lvm2 sudo modprobe dm-mod
sudo vgchange -a y > 2 logical volume(s) in volume group "vg-whatever" now active
ls /dev/mapper > control sda5_crypt vg--whatever--root vg--whatever--swap
# Please edit my_root=/mnt/whatever_root my_vg=vg--whatever--root my_boot_device=/dev/sda1
# Mount /root and /boot mkdir ${my_root} mount /dev/mapper/${my_vg} ${my_root} mount ${my_boot_device} ${my_root}/boot
# Chroot mount -o bind /dev ${my_root}/dev; \ mount -o bind /run ${my_root}/run; \ mount -t proc /proc ${my_root}/proc; \ mount -t sysfs /sys ${my_root}/sys chroot ${my_root}
Umount existing volume groups and close encrypted container
sudo umount ${my_root}/* sudo umount /dev/mapper/${my_vg} sudo vgchange -a n sudo cryptsetup luksClose ${my_crpyt}