[SOLVED] Adding a new disk to an encrypted LVM?

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

[SOLVED] Adding a new disk to an encrypted LVM?

Postby daudi » Wed Jul 04, 2012 9:15 pm

Hi,

I have a little HP Proliant microserver running ubuntu server and when I installed it I used encrypted LVM. I now want to add a new 2TB disk. I have added the disk to the box and can see it with fdisk -l.

The next thing I want to do is add it to the existing volume group so I have one big drive (I'll make backups on an external device using unison as not much will change each day).

The LVM commands seem straight forward (pvcreate, followed by vgextend I think), but what I'm not sure about is how to handle encryption. Do I run cryptsetup first then the LVM commands? Do I use the same password as for the current harddrive and do they figure out they are working together or will I need to enter the password twice?

Can someone help?

Thanks.
Last edited by daudi on Sat Jul 07, 2012 6:35 pm, edited 1 time in total.
daudi
 
Posts: 59
Joined: Sat Dec 16, 2006 11:00 pm
Location: Maidstone, Kent, UK

Partial success: 2Tb added, then borked my system. Help?!

Postby daudi » Fri Jul 06, 2012 7:28 pm

I made a backup which took hours to copy, used cryptsetup with the same password as the original disk, then pvcreate etc. to create the physical volume and add the new drive. Then I used resize2fs while the system was mounted and ended up with my 2Tb added to my system. It all went completely smoothly and I started questioning myself for wasting hours doing the backup.

Then I rebooted. Ah. I was prompted to enter the password of the original drive as usual but then got a message saying:

Code: Select all
Couldn't find devive with uuid xxxxxetc
Found volume group "jua" using metadata type lvm2
Refusing activation of partial LV group root.


Then it drops me out to busybox.

I've clearly missed a step somewhere. I think I need a way of telling my system to prompt for the password of the second (new) disk. But I don't know where to add this from within the busybox environment.

Can anyone help me to get started?

Thanks.
daudi
 
Posts: 59
Joined: Sat Dec 16, 2006 11:00 pm
Location: Maidstone, Kent, UK

Postby daudi » Fri Jul 06, 2012 9:12 pm

Baby steps... I booted from a live distro, used
Code: Select all
cryptsetup luksOpen <device>
to unlock both drives, then
Code: Select all
apt-get install lvm2
and was able to see the physical volumes, logical volumes and volume groups. I tried to mount the main volume group and it was not recognised. Then I noticed that it was marked as "not available". Using
Code: Select all
vgchange -a y <device>
I made it available and was then able to mount it and see all the files on it.

So the next thing to figure out is how to get a prompt at boot to open the new disk. I think I need to play with crypttab but that will have to wait until tomorrow. At least I feel I can sleep tonight.
daudi
 
Posts: 59
Joined: Sat Dec 16, 2006 11:00 pm
Location: Maidstone, Kent, UK

Postby daudi » Sat Jul 07, 2012 7:43 am

Nope, adding a line to crypttab doesn't help. I still only get asked for the password to the first disk, I think because this is listed as the root in the boot parameters in grub.conf.

I tried adding a keyfile hoping that at boot it would be possible for both discs to access the same file, but again the path to the keyfile is specified in the boot parameters in grub.conf

So then I thought about backing out of this and removing the new disk. But pvdisplay shows that all extents are in use and there is not enough space on the original disk to use pvmove (even though most of the disk is actually free, there are few files on it).

I've sure learnt a lot over the last 24 hours about crypsetup and lvm! But I don't know what to try next, other than to wipe the drives, reinstall from scratch and restore my backup of /home.

I think that the answer to my original question is: lvm over encryption does not work for the root filesystem. I think I'll need to use the new disk only for /home.
daudi
 
Posts: 59
Joined: Sat Dec 16, 2006 11:00 pm
Location: Maidstone, Kent, UK

Postby nelz » Sat Jul 07, 2012 11:15 am

I prefer to do it the other way round, LVM on unencrypted devices then encrypted filesystems on the LVM volumes. It's simpler and you can save overhead by not encrypting filesystems that don't need it.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8577
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby daudi » Sat Jul 07, 2012 11:55 am

That sounds promising. I have it this way round because that is how it happened with the ubuntu server install. I'll read up about doing the other way around, it does sound easier to manage (and surprises me that ubuntu doesn't do it this way).


Thanks.
daudi
 
Posts: 59
Joined: Sat Dec 16, 2006 11:00 pm
Location: Maidstone, Kent, UK

Postby daudi » Sat Jul 07, 2012 6:28 pm

Having done a complete backup I decided to have a little play with my system. I couldn't remove the new disk because there were extents in use and insufficient space on the original drive for pvmove, so I decided to try to shrink the logical volume, move it, then remove the disk from the volume group... and it worked! This is what I did (based on http://www.linuxquestions.org/questions/linux-newbie-8/removing-physical-disk-from-lvm-via-pvmove-707477/):
Code: Select all
e2fsck -f /dev/mapper/jua-root
resize2fs /dev/mapper/jua-root 100G
lvreduce /dev/mapper/jua-root -L 110G
resize2fs /dev/mapper/jua-root
pvmove /dev/mapper/wd (I think)
vgreduce jua /dev/mapper/wd

where jua is the volume group, wd is the luksOpened new disk.

I rebooted, entered my password and now have my original system back again. Linux is truly amazing.

Tomorrow I'll resize my original system back up to 250Gb and then add the new drive a /home.
daudi
 
Posts: 59
Joined: Sat Dec 16, 2006 11:00 pm
Location: Maidstone, Kent, UK


Return to Help!

Who is online

Users browsing this forum: No registered users and 3 guests