[dm-crypt] expanding encrypted volume/growing the volume

Ross Boylan ross at biostat.ucsf.edu
Wed Sep 10 22:36:50 CEST 2014


On Wed, Sep 10, 2014 at 08:25:07AM -0500, Robert Nichols wrote:
> On 09/09/2014 10:31 PM, Ross Boylan wrote:
>> On Tue, Sep 09, 2014 at 08:59:03PM -0500, Robert Nichols wrote:
>>> Easy.  Create a new LV in that VG and use "--extents 100%FREE" as
>>> its size.  Fill that LV with whatever variety of random data you
>>> choose, then delete that LV and use the space to expand your active
>>> LV.
>>
>> Thanks; I wasn't aware of that syntax.
>>
>> But do the snapshots make that hazardous?  If the maximum space I
>> specified for them is pre-allocated it should be fine, but I thought
>> the implementation grabbed blocks as needed.  If that's the case, a
>> snapshot could fail while I have grabbed all the "free" space.
>>
>> I suppose worst case I could do 90%Free and be good enough.
>
> The snapshot LV can increase its size only if you created it as thinly
> provisioned, and even then it can grab extents only within the LV that
> you set up as a "thin pool" LV.  The space within that thin pool LV is
> not "free" for the purposes of creating a new LV.  Creating a new LV
> with "--extents 100%FREE" will not affect expansion of your snapshot
> LVs.
>

Good; I didn't do thin provisioning.

Game Plan (for IMAP server and its spool):
## Verify that backups are OK

## randomize free space in LVM volume group turtle
lvcreate -l 100%FREE -n tozero turtle
cryptsetup open --type plain -d /dev/urandom /dev/turtle/tozero zero_crypt
dd_rescue -w /dev/zero /dev/mapper/zero_crypt
# free space ~ 100G--likely to take awhile. Hours? days?
# if it's really slow I could allocate 2 LVs, one of which is the size
# I need ~50G, and the other of which is filler.  randomize the 50G;
# free the space, and extend my volume.
cryptsetup remove zero_crypt
lvremove turtle/zero

## make encrypted spot to backup recent files
# /usr/local/backup is not encrypted.  Assume I create a small encrypted volume
# and mount it at /usr/local/backup/crypt

## shutdown server

## backup current server state
# do manual backup of selected server state
# If possible make a backup of the directories the usual way.
# Otherwise, as root
cd /usr/local/backup/crypt
# snapshots at 00:10 daily.  Assume current day has not 
# been backed up yet.
tar cjf cyrspool-recent.tar.bz2 --after-date 'Sep 9 00:09 -0800' /var/spool/cyrus

## take directory offline
umount /var/spool/cyrus
cryptsetup luksClose cyrspool_crypt
# maybe close snapshot of turtle/cyrspool before extending?

## Actually grow things
lvextend -L +20G turtle/cyrspool
cryptsetup --key-file xxx luksOpen  /dev/turtle/cyrspool cyrspool_crypt
resize_reiserfs /dev/mapper/cryspool_crypt
reiserfsck /dev/mapper/cyrspool_crypt
mount /var/spool/cyrus

## restart IMAP server

I took Arno's advice and did things offline.
If anyone sees a problem, I'd love to know.

Thanks.
Ross


More information about the dm-crypt mailing list