[ale] VLM & LUKS

Scott Castaline skotchman at gmail.com
Tue Feb 9 15:31:25 EST 2010


On 02/09/2010 12:11 PM, Brian Pitts wrote:
> On 02/08/2010 11:23 PM, Scott Castaline wrote:
>> I am in the process of changing out a 500GB for a 1TB. When I had
>> originally installed Fedora 12 I created three volume groups, using LUKS
>> on all 3. I had also created 2 swap files as LUKS logical volumes split
>> between 1st and 2nd VG. The hdd change is the 3rd VG and it only has 1
>> lv. I had removed the original 500gb from LVM and then did the physical
>> switching around the drives. I have now recreated the 3rd VG with 1 LV
>> on the new 1TB.
>>
>> I had first ran smartctl short and long on it and now I'm running
>> mkfs.ext4 -c -c on it. Once that is done what do I need to do to enable
>> it as a LUKS volume? I would also like to use my global passphrase for
>> my other LUKS volumes, is that possible after the fact?
>
> Usually the dm-crypt (aka LUKS) layer sits below the LVM layer. EG you
> set up a single, large partition with cryptsetup, then make it a lvm
> physical volume, the set up your volume groups and logical volumes on
> it, then create fileysystems. That's why you can use one passphrase to
> unlock all your filesystems. Did you have it set up differently before?
>
> There might be relevant info at
>
> http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS
>
Basically I created the original volumes when I installed Fedora 12. The 
process done at the time does not make it very obvious as to what is 
actually happening. The GUI install part for setting up a custom HDD 
partition setup  goes through selecting each physical device available. 
I had 4 500GB hdds, I only setup 3 of them. The 1st hdd has a non-LVM 
non encrypted /boot ext4 partition of about 300MB. I used the remainder 
for the 1st VG called ncc1701_01 which is encrypted. I then created 
several LVs for /, /tmp, /opt, /var, /home, 2 others under /pub and 
swap01 which is also encrypted within the encrypted VG. Swap01 is 1/2 of 
my total swap. The 2nd VG, ncc1701_02 is also encrypted contains 2 LVs 
mounted under /pub/ and swap02 which is also encrypted the same as 
swap01. The 3rd VG, ncc1701_03, was also encrypted and contained 1 LV 
that took up the entire VG.

I needed a whole lot of room for the 3rd VG and with the price coming 
down for higher capacity drives, I decided to get a new 1TB hdd for the 
3rd VG (I paid less for the new 1TB then I did for my 1st 500GB). I 
deleted LVs and then the LG (ncc1701_03 only) when I went to switch the 
1TB for the 500GB. I didn't do anything from the LUKS end of it not 
realizing how that part worked. I didn't even know about crypttab, so I 
don't know if I created potential future conflicts. I think I now have a 
better idea of what's involved but not totally sure if I did cause any 
damage and what I need to correct it.

The link you provided is a good how to but doesn't include LVM 
situations. I have also been conversing with someone on the fedora 
forums who had done a couple howtos for disk enryption in fedora 12 and 
adding a new encrypted volume to an existing VG. So between the 3 I 
think I should be able to be able to figure it out or further blow it 
up. At least I have the most critical stuff backed up. As my wife says, 
I'm not happy until I blow something up at least every couple of months.


More information about the Ale mailing list