LVM
From Blue-IT.org Wiki
Contents
HowTo - shrink and resize encrypted LUKS volumes
LVM and LUKS are often used together within a standard encrypted setup. The best HowTo I could find for Ubuntu which really sums up the essential tasks in a very good manner is on Ubuntu forums. Written in 2008 but the procedures are and will remain the same. The scenarios are to e.g. shrink an existing ubuntu installation to fit on another disk (move from bigger hdd to a smaller sdd) or vice versa.
It decribes the procedure using a life disk. If you are using you PC which is also encrypted you should read the Troubleshooting section.
Install necessary apps
E.g. on a rescue disc ...
apt-get install cryptsetup
Open encryted lvm partition
Be arefulat this step!
If this is the root device, you will need to use exactly the _ SAME NAME _ for the crypt (in our example: sda5_crypt for ${my_crpyt_name}) like in your destination Ubuntu environment. If not, you will not be able to boot your device, because the system will be configured using the wrong name for your mapper name which is written down in /etc/crypttab (don't change this!).
# Please edit acccording to your entry in /etc/crypttab of your destination installation # If you don't now it yet, see the troubleshooting section next. my_crypt_name=sda5_crypt cryptsetup luksOpen /dev/sda5 ${my_crpyt_name}
Troubleshooting
If you are unsure about the name of ${my_crpyt_name} which is used within your destination setup, you have to look into its /etc/crypttab. To to this: decrypt your device, mount it, have a look into the /etc/crypttab, unmount, uncrypt and start over again with the right name:
cryptsetup luksOpen /dev/sda5 test_crypt mount /dev/mapper/vg-somename-root /mnt/test
nano /mnt/test/etc/crypttab > sda5_crypt UUID=def346a0-6e33-4523-b99c-d7777b980b34 none luks,discard
umount /mnt/test crpytsetup luksClose test_crypt
BUT: If you try to encrypt a system from within an encrypted system, which uses the _SAME_ crypt name as the destination system this will _NOT WORK_. Then the only way is to use a life cd or another PC with an uncrypted installation !!!
Mount existing volume groups
sudo apt-get install lvm2 sudo modprobe dm-mod
sudo vgchange -a y > 2 logical volume(s) in volume group "vg-whatever" now active
ls /dev/mapper > control sda5_crypt vg--whatever--root vg--whatever--swap
# Please edit my_root=/mnt/whatever_root my_vg=vg--whatever--root my_boot_device=/dev/sda1
# Mount /root and /boot mkdir ${my_root} mount /dev/mapper/${my_vg} ${my_root} mount ${my_boot_device} ${my_root}/boot
# Chroot mount -o bind /dev ${my_root}/dev; \ mount -o bind /run ${my_root}/run; \ mount -t proc /proc ${my_root}/proc; \ mount -t sysfs /sys ${my_root}/sys chroot ${my_root}
Umount existing volume groups and close encrypted container
sudo umount ${my_root}/* sudo umount /dev/mapper/${my_vg} sudo vgchange -a n sudo cryptsetup luksClose ${my_crpyt}