LVM

From Blue-IT.org Wiki

Revision as of 19:16, 20 June 2016 by Apos (talk | contribs) (Open encryted lvm partition)

HowTo - shrink and resize LUKS-encrypted LVM volumes

LVM and LUKS are often used together within a standard encrypted setup. Sometimes we need to to e.g. shrink an existing Ubuntu installation to fit on another disk (move from bigger hdd to a smaller sdd) or vice versa.

Shrinking or sizing up is not such a big task. For most people the part of actually shrinking the partition of the harddrive is the most scary part! But, if using the right toolls and just calculate using a few GB of buffer size (which is really not a big thing in times where harddrive space is cheap), you don't have to deal with calculations of exact sector of offset sizes in fdisk or parted (but you can).

The best howtos I could find for Ubuntu which really sum up the essential tasks in a very good manner are on Ubuntuforums and on Archwiki. I mainly follow the Ubuntuforum article but when it comes to finally resize the harddrive partition, the archwiki is more instructable using parted (in my opinion). Both describe the procedure using a life disk. If you are using your PC which is also encrypted hooked up with the destination harddrive you should read the LVM#Troubleshooting section about the correct name of the cryptdisk.

Install necessary apps

E.g. on a rescue disc ...

apt-get install cryptsetup

Open encryted lvm partition

Be arefulat this step!

If this is the root device, you will need to use exactly the _ SAME NAME _ for the crypt (in our example: sda5_crypt for ${my_crpyt_name}) like in your destination Ubuntu environment. If not, you will not be able to boot your device, because the system will be configured using the wrong name for your mapper name which is written down in /etc/crypttab (don't change this!).

# Please edit acccording to your entry in /etc/crypttab of your destination installation
# If you don't now it yet, see the troubleshooting section next.

my_crypt_name=sda5_crypt
cryptsetup luksOpen /dev/sda5 ${my_crpyt_name}

Troubleshooting

Name of the cryptdisk is important

If you try to encrypt a system from within an encrypted system, which uses the _SAME_ crypt name as the destination system this will _NOT WORK_. Then the only way is to use a life cd or another PC with an uncrypted installation !!!

If you are unsure about the name of ${my_crpyt_name} which is used within your destination setup, you have to look into its /etc/crypttab. To to this: decrypt your device, mount it, have a look into the /etc/crypttab, unmount, uncrypt and start over again with the right name:

cryptsetup luksOpen /dev/sda5 test_crypt
mount /dev/mapper/vg-somename-root /mnt/test
nano /mnt/test/etc/crypttab
> sda5_crypt UUID=def346a0-6e33-4523-b99c-d7777b980b34 none luks,discard
umount /mnt/test
crpytsetup luksClose test_crypt


Resizing the disk partition table with tools like fdisk or parted.

Actually resizing the partition does not hurt anything on the filessystem! It just marks the space for the So be not afraid! Normally the partition table of an encrypted LUKS linux system looks like this:

/dev/sdx1          5G        83 Linux (this is /boot)           
/dev/sdx2          115G       5 Extented
 └─/dev/sdd5       115G      83 Linux

What we - after shrinking - want to achieve is something like this:

/dev/sdx1          5G        83 Linux (this is /boot)           
/dev/sdx2          75G        5 Extented
 └─/dev/sdd5       75G       83 Linux
Free space         40G


I am using parted (as shown in link to the the Arch-Wiki article above), but you also can use fdisk to do this. I just do the following:

  • resize to the minimal Size (in GB)
parted
  resizepart 5
  [120GB]? 80GB
  Warning ...
  Yes? Yes 
  resizepart 2
  [120GB]? 80GB
  Warning ...
  Yes? Yes 
  • remount cryptdisk (luksOpen)
  • scan for the volumes (vgchange -ay)
  • check the filesystem (e2fsck -f /dev/mapper/volume-root

If something goes wrong here:

  • vgchange -an (get rid of volumes)
  • luksClose ...
  • parted: give a few more space (often 1-2GB are enough)
  • mount and recheck as shown above

Mount existing volume groups

sudo apt-get install lvm2
sudo modprobe dm-mod
sudo vgchange -a y
> 2 logical volume(s) in volume group "vg-whatever" now active
ls /dev/mapper
> control sda5_crypt vg--whatever--root  vg--whatever--swap
# Please edit
my_root=/mnt/whatever_root
my_vg=vg--whatever--root
my_boot_device=/dev/sda1
# Mount /root and /boot
mkdir ${my_root}
mount /dev/mapper/${my_vg} ${my_root}
mount ${my_boot_device} ${my_root}/boot
# Chroot
mount -o bind /dev ${my_root}/dev; \
mount -o bind /run ${my_root}/run; \
mount -t proc /proc ${my_root}/proc; \
mount -t sysfs /sys ${my_root}/sys
chroot ${my_root}

Umount existing volume groups and close encrypted container

sudo umount ${my_root}/*
sudo umount /dev/mapper/${my_vg}
sudo vgchange -a n
sudo cryptsetup luksClose ${my_crpyt}