My PC has 2 500GB hard discs, Windows 8 on sda and Centos 6 with disc encryption on sdb with Centos as the boot manager.
I am freeing up space on sda and I will have 200GB + available which I want to add to Centos. I have already done some reading and it seems I should do the following.
pvcreate /dev/sda3
vgextend vg_CentOS6 /dev/sda3
lvcreate -l 100%FREE -n lv_share vg_CentOS6
The first question is with pvcreate, the next partition will be sda3 as sda currently has 2 NTFS volumes on partitions sda1 and sda2, will pvcreate only use free space available.
The second question is will the new lv be encrypted as well, I'm assuming it will be because it will be part of the existing vg.
Thanks, Lloyd.
Adding partition to existing encrypted system
Adding partition to existing encrypted system
Before you run pvcreate, you will need to run fdisk or parted or some other tool that creates partitions. Once you have created /dev/sda3, then you can run pvcreate on it. The entirety of /dev/sda3, however big you make that, will then be added to the volume group.
The one time I've resized an encrypted volume, it appears I followed this guide http://www.gigahype.com/resize-luks-encryped-lvm-partition/
The one time I've resized an encrypted volume, it appears I followed this guide http://www.gigahype.com/resize-luks-encryped-lvm-partition/
Re: Adding partition to existing encrypted system
Thanks Trevor but it is not exactly what I am looking at doing, I want to extend the vg but add a new lv.
After more reading I am probably more confused but the way I understand things there are two ways that luks is used.
a) You can encrypt an entire partition and create a vg on that encrypted partition and the lv's are then created as happens when you install Centos and tick the encrypt hard disk at the beginning of the installation.
b) You can install Centos without encryption and then encrypt lv's after the installation as one of the Centos How To's explains.
From that I believe that extending a vg will be different in those two scenarios, in the first the new partition would have to be a luks partition before the vg is extended whereas in the second scenario the vg would be extended over a standard partition and then an existing luks lv could be extended or a new lv could be created with luks, please correct me if I am wrong.
In my situation I ticked the encrypt hard disk option at the beginning of the installation so extending my vg will have to be over a new luks partition which doesn't look like an easy thing to do and wiil I be prompted twice for the paraphrase, I found the link below which talks about that.
http://forums.opensuse.org/english/get-technical-help-here/install-boot-login/481497-adding-physical-volumes-existing-luks-encrypted-lvm-expand-size.html
I am also thinking now that extending a vg across two disks carries risks, in my case if I lose disc 1 I lose everything, both Windows and Centos. Maybe a better way for me is to create luks partition on the free space, create a new vg and create a lv in that space, I always wanted the free space to be a separate lv.
I have an old "utility" PC that I use to test things and it currently has a similar config to my main PC so I can try things on that but one solution for me might be to backup everything to a USB disc and install Centos again from scratch. This PC is running downloads for the next few days so when it is free I will have a play and post what I find.
After more reading I am probably more confused but the way I understand things there are two ways that luks is used.
a) You can encrypt an entire partition and create a vg on that encrypted partition and the lv's are then created as happens when you install Centos and tick the encrypt hard disk at the beginning of the installation.
b) You can install Centos without encryption and then encrypt lv's after the installation as one of the Centos How To's explains.
From that I believe that extending a vg will be different in those two scenarios, in the first the new partition would have to be a luks partition before the vg is extended whereas in the second scenario the vg would be extended over a standard partition and then an existing luks lv could be extended or a new lv could be created with luks, please correct me if I am wrong.
In my situation I ticked the encrypt hard disk option at the beginning of the installation so extending my vg will have to be over a new luks partition which doesn't look like an easy thing to do and wiil I be prompted twice for the paraphrase, I found the link below which talks about that.
http://forums.opensuse.org/english/get-technical-help-here/install-boot-login/481497-adding-physical-volumes-existing-luks-encrypted-lvm-expand-size.html
I am also thinking now that extending a vg across two disks carries risks, in my case if I lose disc 1 I lose everything, both Windows and Centos. Maybe a better way for me is to create luks partition on the free space, create a new vg and create a lv in that space, I always wanted the free space to be a separate lv.
I have an old "utility" PC that I use to test things and it currently has a similar config to my main PC so I can try things on that but one solution for me might be to backup everything to a USB disc and install Centos again from scratch. This PC is running downloads for the next few days so when it is free I will have a play and post what I find.
Re: Adding partition to existing encrypted system
Ok I've spent some time trying to get what I wanted, I've had many problems but I finally have something working.
I first tried using luks at the partition level and then created the vg and lv, they manually mounted fine. I created a keyfile in /root and added them to crypttab and fstab and did a mount -a and all was good but when I rebooted I was left at a command prompt because it had not mounted. What was wrong was it was trying to access the keyfile before /root was mounted, I removed the keyfile entry in crypttab and replaced it with none but it dodn't prompt for the paraphrase and failed again.
I tried luks at the volume level thinking that would be better but I couldn't get anything to work, the lv was busy all the time and wouldn't mount and I couldn't clear the problem.
I went back to luks at the partition again with the idea of maybe running a script to do the mount when I stumbled across /etc/rc.d/rc.local which seemed to answer my problems and it did. All the procedures I have done have been collected as pieces of many howto's.
Creating the partition, adding luks and creating the vg and lv.
[quote]# fdisk -c -u /dev/sda
# cryptsetup luksFormat /dev/sda3
# cryptsetup luksOpen /dev/sda3 crypt_share
# pvcreate /dev/mapper/crypt_share
# vgcreate -v vg_share /dev/mapper/crypt_share
# lvcreate -L 38G -n lv_share vg_share
# mkfs.ext4 -L WD -j /dev/vg_share/lv_share
# lvchange -an vg_share
# vgchange -an vg_share
# cryptsetup remove crypt_share[/quote]
Creating a random file and using it as a luks keyfile.
[quote] # dd if=/dev/urandom of=/root/keyfile1 bs=1024 count=4
# chmod 0400 /root/keyfile1 # ll /root/keyfile1
# cryptsetup luksAddKey /dev/sda3 /root/keyfile1[/quote]
Mounting the new partition manually and giving the user ownership.
[quote] # cryptsetup --key-file /root/keyfile1 luksOpen /dev/sda3 crypt_share
# vgscan --mknodes
# vgchange -ay
# mount /dev/mapper/vg_share-lv_share /home/username/VBShare
# chown -R username:username VBShare[/quote]
Unmounting the partition manually.
[quote] # umount /home/username/VBShare
# lvchange -an vg_share
# vgchange -an vg_share
# cryptsetup remove crypt_share[/quote]
With all of that working I added the following lines to /etc/rc.d/rc.local.
[quote] cryptsetup --key-file /root/keyfile1 luksOpen /dev/sda3 crypt_share
vgscan --mknodes
vgchange -ay
mount /dev/mapper/vg_share-lv_share /home/username/VBShare[/quote]
After a reboot the partition is mounted, I have done a bit of testing of copying and moving files and I am happy with the result.
I first tried using luks at the partition level and then created the vg and lv, they manually mounted fine. I created a keyfile in /root and added them to crypttab and fstab and did a mount -a and all was good but when I rebooted I was left at a command prompt because it had not mounted. What was wrong was it was trying to access the keyfile before /root was mounted, I removed the keyfile entry in crypttab and replaced it with none but it dodn't prompt for the paraphrase and failed again.
I tried luks at the volume level thinking that would be better but I couldn't get anything to work, the lv was busy all the time and wouldn't mount and I couldn't clear the problem.
I went back to luks at the partition again with the idea of maybe running a script to do the mount when I stumbled across /etc/rc.d/rc.local which seemed to answer my problems and it did. All the procedures I have done have been collected as pieces of many howto's.
Creating the partition, adding luks and creating the vg and lv.
[quote]# fdisk -c -u /dev/sda
# cryptsetup luksFormat /dev/sda3
# cryptsetup luksOpen /dev/sda3 crypt_share
# pvcreate /dev/mapper/crypt_share
# vgcreate -v vg_share /dev/mapper/crypt_share
# lvcreate -L 38G -n lv_share vg_share
# mkfs.ext4 -L WD -j /dev/vg_share/lv_share
# lvchange -an vg_share
# vgchange -an vg_share
# cryptsetup remove crypt_share[/quote]
Creating a random file and using it as a luks keyfile.
[quote] # dd if=/dev/urandom of=/root/keyfile1 bs=1024 count=4
# chmod 0400 /root/keyfile1 # ll /root/keyfile1
# cryptsetup luksAddKey /dev/sda3 /root/keyfile1[/quote]
Mounting the new partition manually and giving the user ownership.
[quote] # cryptsetup --key-file /root/keyfile1 luksOpen /dev/sda3 crypt_share
# vgscan --mknodes
# vgchange -ay
# mount /dev/mapper/vg_share-lv_share /home/username/VBShare
# chown -R username:username VBShare[/quote]
Unmounting the partition manually.
[quote] # umount /home/username/VBShare
# lvchange -an vg_share
# vgchange -an vg_share
# cryptsetup remove crypt_share[/quote]
With all of that working I added the following lines to /etc/rc.d/rc.local.
[quote] cryptsetup --key-file /root/keyfile1 luksOpen /dev/sda3 crypt_share
vgscan --mknodes
vgchange -ay
mount /dev/mapper/vg_share-lv_share /home/username/VBShare[/quote]
After a reboot the partition is mounted, I have done a bit of testing of copying and moving files and I am happy with the result.