Thu 02 of Sep, 2010 [15:27 UTC]
ResizeLUKSPartitions
|
How to resize a LUKS-encrypted partition created over LVM2
|
|
English |
WARNING: The method described below for resizing a LUKS container definitely doesn't work on Ubuntu 7.10 Gutsy with cryptsetup 1.0.5:
Update 3/17/2008 bodhi.zazen : I posted a detailed how to on the Ubuntu Forums:
http://ubuntuforums.org/showthread.php?p=4530641
In a nutshell, cryptsetup resize by default expands the crypt to fill all available space.
To UPSIZE
"cryptsetup resize crypt"
To DOWNSIZE you need to be more specific.
Use "cryptsetup status crypt" to show you the details of the LUKS container, including offset.
Then :
"cryptsetup -o 2056 -b 11800000 resize crypt1"
-o = offset (get this from the status command)
-b = new size in sectors.
To answer your question about data loss, it should go without saying that resizing an encrypted partition is a major undertaking and you should back up your data first.
To the maintainer of this wiki page : Sorry to use this page as a Q & A session and post a link to the Ubuntu Forums, it is not my intention to "spam" this page / site. I would be happy to update or make changes to this page if you would like (PM me on the Ubuntu Forums).
This is an example of creating an LVM2 physical volume, a volume group on that physical volume, a logical volume on that volume group, a LUKS-encrypted mapping on that logical volume, and finally an ext3fs filesystem over the encrypted mapping. The filesystem is then expanded, which involves dismounting it, growing the LV, growing the encrypted mapping, and then growing the filesystem. Omitted from this example are copying some files into the original and grown filesystem and then comparing them to make sure that things really are working---though presumably the fsck would explode if they weren't.
Note that the manpage for cryptsetup-luks, at least as of the version shipped with 1:1.0.1-0ubuntu4 in Ubuntu Breezy 5.10 (I can't be more specific because cryptsetup, at least then, didn't have a --version switch) is incorrect: it claims that "cryptsetup resize" requires --size, but in my case, omitting it worked correctly and filled the underlying (LVM2) partition. (The manpage also doesn't say what a "sector" is supposed to be, so if I -had- had to say --size, I'd have had to guess).
It is important to note that under some circumstances (especially when using XFS) omitting --size can lead to some problems. When implementing mkfs.xfs on a LUKS partition that is larger than 2gb, a mkfs.xfs input/output error will result if --size is not specificed for the underlying LUKS partition (via cryptsetup resize).
~# pvcreate /dev/hdd
Physical volume "/dev/hdd" successfully created
~# vgcreate testvg /dev/hdd
Volume group "testvg" successfully created
~# lvcreate -l10 -ntestlv testvg
Logical volume "testlv" created
~# cryptsetup --verbose --verify-passphrase luksFormat /dev/testvg/testlv
WARNING!
========
This will overwrite data on /dev/testvg/testlv irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: testing
Verify passphrase: testing
~# cryptsetup luksOpen /dev/testvg/testlv testfs
Enter LUKS passphrase: testing
key slot 0 unlocked.
~# mke2fs -v -j -m 1 -T largefile /dev/mapper/testfs
mke2fs 1.38 (30-Jun-2005)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
64 inodes, 10111 blocks
101 blocks (1.00%) reserved for the super user
First data block=0
1 block group
32768 blocks per group, 32768 fragments per group
64 inodes per group
Writing inode tables: done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 26 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
~# tune2fs -c -1 -i 0 /dev/mapper/testfs
tune2fs 1.38 (30-Jun-2005)
Setting maximal mount count to -1
Setting interval between checks to 0 seconds
~# mkdir /testfs
~# mount -v /dev/mapper/testfs /testfs
mount: you didn't specify a filesystem type for /dev/mapper/testfs
I will try type ext3
/dev/mapper/testfs on /testfs type ext3 (rw)
~# umount /testfs
~# fsck.ext2 -f /dev/mapper/testfs
e2fsck 1.38 (30-Jun-2005)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/testfs: 11/64 files (0.0% non-contiguous), 1037/10111 blocks
~# cryptsetup luksClose testfs
~# lvextend -l+10 /dev/testvg/testlv
Extending logical volume testlv to 80.00 MB
Logical volume testlv successfully resized
~# cryptsetup luksOpen /dev/testvg/testlv testfs
Enter LUKS passphrase: testing
key slot 0 unlocked.
~# cryptsetup --verbose resize testfs
~# mount -v /dev/mapper/testfs /testfs
mount: you didn't specify a filesystem type for /dev/mapper/testfs
I will try type ext3
/dev/mapper/testfs on /testfs type ext3 (rw)
~# umount /testfs
~# fsck.ext2 -f /dev/mapper/testfs
e2fsck 1.38 (30-Jun-2005)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/testfs: 15/64 files (0.0% non-contiguous), 9905/10111 blocks
~# resize2fs /dev/mapper/testfs
resize2fs 1.38 (30-Jun-2005)
Resizing the filesystem on /dev/mapper/testfs to 20351 (4k) blocks.
The filesystem on /dev/mapper/testfs is now 20351 blocks long.
~# fsck.ext2 -f /dev/mapper/testfs
e2fsck 1.38 (30-Jun-2005)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/testfs: 15/64 files (0.0% non-contiguous), 9905/20351 blocks
Computer Science Project
~# mount -v /dev/mapper/testfs /testfs
mount: you didn't specify a filesystem type for /dev/mapper/testfs
I will try type ext3
/dev/mapper/testfs on /testfs type ext3 (rw)
Helpful links:
online casino
Custom Dissertation Writing
Hosting A wiki resource for webmasters
jump higher A wiki for training
gymnastics leotard A wiki for fitness workouts
otimizacao de sites A wiki for website designs
grow taller A wiki for health
Acompanhantes and Desentupidora wiki´s for webmasters
Grafica and Relogio de ponto Wiki´s for universities
- Calling "cryptsetup resize" without specifying "--size" doesn't complain, but doesn't perform any action either (LUKS container size as displayed by "cryptsetup status" remains the same)
- Calling "cryptsetup resize" with "--size" systematically produces an error "Command failed: device-mapper: reload ioctl failed: Invalid argument".
- Further googling on the subject show some reports that "crytpsetup resize" or "cryptsetup reload" could cause serious data corruption on LUKS containers.
- I would appreciate any further input about whether or not a LUKS container can be resized, the solution described here doesn't work for me anyway.
Update 3/17/2008 bodhi.zazen : I posted a detailed how to on the Ubuntu Forums:
http://ubuntuforums.org/showthread.php?p=4530641In a nutshell, cryptsetup resize by default expands the crypt to fill all available space.
To UPSIZE
"cryptsetup resize crypt"
To DOWNSIZE you need to be more specific.
Use "cryptsetup status crypt" to show you the details of the LUKS container, including offset.
Then :
"cryptsetup -o 2056 -b 11800000 resize crypt1"
-o = offset (get this from the status command)
-b = new size in sectors.
To answer your question about data loss, it should go without saying that resizing an encrypted partition is a major undertaking and you should back up your data first.
To the maintainer of this wiki page : Sorry to use this page as a Q & A session and post a link to the Ubuntu Forums, it is not my intention to "spam" this page / site. I would be happy to update or make changes to this page if you would like (PM me on the Ubuntu Forums).
This is an example of creating an LVM2 physical volume, a volume group on that physical volume, a logical volume on that volume group, a LUKS-encrypted mapping on that logical volume, and finally an ext3fs filesystem over the encrypted mapping. The filesystem is then expanded, which involves dismounting it, growing the LV, growing the encrypted mapping, and then growing the filesystem. Omitted from this example are copying some files into the original and grown filesystem and then comparing them to make sure that things really are working---though presumably the fsck would explode if they weren't.
Note that the manpage for cryptsetup-luks, at least as of the version shipped with 1:1.0.1-0ubuntu4 in Ubuntu Breezy 5.10 (I can't be more specific because cryptsetup, at least then, didn't have a --version switch) is incorrect: it claims that "cryptsetup resize" requires --size, but in my case, omitting it worked correctly and filled the underlying (LVM2) partition. (The manpage also doesn't say what a "sector" is supposed to be, so if I -had- had to say --size, I'd have had to guess).
It is important to note that under some circumstances (especially when using XFS) omitting --size can lead to some problems. When implementing mkfs.xfs on a LUKS partition that is larger than 2gb, a mkfs.xfs input/output error will result if --size is not specificed for the underlying LUKS partition (via cryptsetup resize).
~# pvcreate /dev/hdd
Physical volume "/dev/hdd" successfully created
~# vgcreate testvg /dev/hdd
Volume group "testvg" successfully created
~# lvcreate -l10 -ntestlv testvg
Logical volume "testlv" created
~# cryptsetup --verbose --verify-passphrase luksFormat /dev/testvg/testlv
WARNING!
========
This will overwrite data on /dev/testvg/testlv irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: testing
Verify passphrase: testing
~# cryptsetup luksOpen /dev/testvg/testlv testfs
Enter LUKS passphrase: testing
key slot 0 unlocked.
~# mke2fs -v -j -m 1 -T largefile /dev/mapper/testfs
mke2fs 1.38 (30-Jun-2005)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
64 inodes, 10111 blocks
101 blocks (1.00%) reserved for the super user
First data block=0
1 block group
32768 blocks per group, 32768 fragments per group
64 inodes per group
Writing inode tables: done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 26 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
~# tune2fs -c -1 -i 0 /dev/mapper/testfs
tune2fs 1.38 (30-Jun-2005)
Setting maximal mount count to -1
Setting interval between checks to 0 seconds
~# mkdir /testfs
~# mount -v /dev/mapper/testfs /testfs
mount: you didn't specify a filesystem type for /dev/mapper/testfs
I will try type ext3
/dev/mapper/testfs on /testfs type ext3 (rw)
~# umount /testfs
~# fsck.ext2 -f /dev/mapper/testfs
e2fsck 1.38 (30-Jun-2005)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/testfs: 11/64 files (0.0% non-contiguous), 1037/10111 blocks
~# cryptsetup luksClose testfs
~# lvextend -l+10 /dev/testvg/testlv
Extending logical volume testlv to 80.00 MB
Logical volume testlv successfully resized
~# cryptsetup luksOpen /dev/testvg/testlv testfs
Enter LUKS passphrase: testing
key slot 0 unlocked.
~# cryptsetup --verbose resize testfs
~# mount -v /dev/mapper/testfs /testfs
mount: you didn't specify a filesystem type for /dev/mapper/testfs
I will try type ext3
/dev/mapper/testfs on /testfs type ext3 (rw)
~# umount /testfs
~# fsck.ext2 -f /dev/mapper/testfs
e2fsck 1.38 (30-Jun-2005)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/testfs: 15/64 files (0.0% non-contiguous), 9905/10111 blocks
~# resize2fs /dev/mapper/testfs
resize2fs 1.38 (30-Jun-2005)
Resizing the filesystem on /dev/mapper/testfs to 20351 (4k) blocks.
The filesystem on /dev/mapper/testfs is now 20351 blocks long.
~# fsck.ext2 -f /dev/mapper/testfs
e2fsck 1.38 (30-Jun-2005)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/testfs: 15/64 files (0.0% non-contiguous), 9905/20351 blocks
Computer Science Project
~# mount -v /dev/mapper/testfs /testfs
mount: you didn't specify a filesystem type for /dev/mapper/testfs
I will try type ext3
/dev/mapper/testfs on /testfs type ext3 (rw)
Helpful links:
online casino
Custom Dissertation Writing
Hosting A wiki resource for webmasters
jump higher A wiki for training
gymnastics leotard A wiki for fitness workouts
otimizacao de sites A wiki for website designs
grow taller A wiki for health
Acompanhantes and Desentupidora wiki´s for webmasters
Grafica and Relogio de ponto Wiki´s for universities
Created by: Blueshell last modification: Monday 30 of August, 2010 [15:20:14 UTC] by Anonymous
|
Page generated in: 0.10 seconds |
|
||||||||||||||
Login