[dm-crypt] expanding encrypted volume/growing the volume
ross at biostat.ucsf.edu
Wed Sep 10 22:36:50 CEST 2014
On Wed, Sep 10, 2014 at 08:25:07AM -0500, Robert Nichols wrote:
> On 09/09/2014 10:31 PM, Ross Boylan wrote:
>> On Tue, Sep 09, 2014 at 08:59:03PM -0500, Robert Nichols wrote:
>>> Easy. Create a new LV in that VG and use "--extents 100%FREE" as
>>> its size. Fill that LV with whatever variety of random data you
>>> choose, then delete that LV and use the space to expand your active
>> Thanks; I wasn't aware of that syntax.
>> But do the snapshots make that hazardous? If the maximum space I
>> specified for them is pre-allocated it should be fine, but I thought
>> the implementation grabbed blocks as needed. If that's the case, a
>> snapshot could fail while I have grabbed all the "free" space.
>> I suppose worst case I could do 90%Free and be good enough.
> The snapshot LV can increase its size only if you created it as thinly
> provisioned, and even then it can grab extents only within the LV that
> you set up as a "thin pool" LV. The space within that thin pool LV is
> not "free" for the purposes of creating a new LV. Creating a new LV
> with "--extents 100%FREE" will not affect expansion of your snapshot
Good; I didn't do thin provisioning.
Game Plan (for IMAP server and its spool):
## Verify that backups are OK
## randomize free space in LVM volume group turtle
lvcreate -l 100%FREE -n tozero turtle
cryptsetup open --type plain -d /dev/urandom /dev/turtle/tozero zero_crypt
dd_rescue -w /dev/zero /dev/mapper/zero_crypt
# free space ~ 100G--likely to take awhile. Hours? days?
# if it's really slow I could allocate 2 LVs, one of which is the size
# I need ~50G, and the other of which is filler. randomize the 50G;
# free the space, and extend my volume.
cryptsetup remove zero_crypt
## make encrypted spot to backup recent files
# /usr/local/backup is not encrypted. Assume I create a small encrypted volume
# and mount it at /usr/local/backup/crypt
## shutdown server
## backup current server state
# do manual backup of selected server state
# If possible make a backup of the directories the usual way.
# Otherwise, as root
# snapshots at 00:10 daily. Assume current day has not
# been backed up yet.
tar cjf cyrspool-recent.tar.bz2 --after-date 'Sep 9 00:09 -0800' /var/spool/cyrus
## take directory offline
cryptsetup luksClose cyrspool_crypt
# maybe close snapshot of turtle/cyrspool before extending?
## Actually grow things
lvextend -L +20G turtle/cyrspool
cryptsetup --key-file xxx luksOpen /dev/turtle/cyrspool cyrspool_crypt
## restart IMAP server
I took Arno's advice and did things offline.
If anyone sees a problem, I'd love to know.
More information about the dm-crypt