On 27/03/2022 21:13, Dale wrote:
Wol wrote:
On 27/03/2022 20:17, Dale wrote:
Howdy,
I sort of started this on another thread but wanted to nail a few things
down first. I'm wanting to encrypt some parts of my data on /home.
This is what I got hard drive wise.
root@fireball / # pvs
PV VG Fmt Attr PSize PFree
/dev/sda7 OS lvm2 a-- <124.46g 21.39g
/dev/sdb1 Home2 lvm2 a-- <5.46t 0
/dev/sdc1 Home2 lvm2 a-- <7.28t 0
/dev/sdd1 Home2 lvm2 a-- <7.28t 0
/dev/sde1 backup lvm2 a-- 698.63g 0
root@fireball / #
One big piece of missing information. What does fdisk say about
sd[b,c,d]1? And can you add sdf1?
I have the entire drive as one large partition for each drive. I could
have done it as a whole device but I wanted partitions to give a hint
that the drive is in use, if booted from other medium for example.
I have enough extra space that I can remove either a 6TB or a 8TB
drive. Once that is done, I can start to encrypt and move data around.
This is some additional info from df for /home:
/dev/mapper/Home2-Home2 20T 8.7T 12T 45% /home
If I remove a 8TB drive, I'd still have enough room for my data. I
could then rebuild /home starting with the 8TB drive just freed up.
Then as I move data, I could expand them one at a time encrypting as I
go. I'd rather not have to buy a hard drive right now. Tight budget
given other things I got going on. I do have backups, more than one in
a couple important data spots.
Do you need to shrink your fs first though?
My three 3TB partitions are raided, and /dev/md/home is my PV. I've only
allocated the space to LVs that they need, so I could probably shrink
the PV and remove a drive without needing to mess about with my LVs at
all. I get the impression you may have allocated all your space, not a
good idea.
My attitude is my data is backed up, expanding an LV/FS is low risk,
I'll just grow stuff as I need to ... my /home partition contains proper
home drives, things like videos may be in /home/videos, but they're
actually a separate partition, etc etc.
I'm guessing you've got three 8TB drives? Or is it two 8s and a 6? Can
you get a third 8TB? And if you're encrypting *parts* of /home ...
what parts?
I've done some checking on sizes of things I want to encrypt and am
weighing options. I use LVM which should help make things easier. I've
downloaded and printed some howtos regarding shrinking the file system
and LVM thingys. It seems I need to shrink the file system while my
/home partition is unmounted. Then move the data off whichever drive I
want to remove and then remove the drive itself. After that I can
encrypt the just removed drive and start moving files over, using rsync
is my plan. I think that is the basic steps.
Not necessarily.
My question now comes to this. When I encrypt one of the drives, can I
then expand that drive with it being encrypted or is that not a option?
I plan to encrypt two of the drives as one volume group and leave one
other volume group as normal. I just want to be sure whether or not I
can expand a encrypted LVM drive the same as a normal LVM since both
uses LVM. I use cryptsetup commands to accomplish the encryption if
that matters. So as a example, I start with one 7TB drive encrypted,
move some data to it, then want to add either the 5TB or 7TB drive. Can
I just expand it like a normal LVM or does it being encrypted change
things?
Thoughts? My remove steps look sensible? Expanding encrypted LVM
possible?
If you are using LVM to do the encryption, then I can't see any
problems adding a new PV to an encrypted VG.
Dale
Personally, I'd use dm-crypt to encrypt the drive, and then the whole
lot is encrypted, and put plain LVM over that. I've got dedicated
layers for everything.
It looks like your home2 is 6TB+8TB+8TB. I'd get a new 8TB, put
dm-crypt on it, and add it. Now I can remove the first 8TB, dm-crypt
it and re-add it. Same with the second 8TB. Now remove the 6TB and
there you are ...
My layout's rather different from yours, so I don't think I ought to
say too much :-)
Cheers,
Wol
What is the advantage of dm-crypt over cryptsetup? I've learned how to
use cryptsetup with my external drive so was hoping to stick with what I
already know. Unless there is a advantage to dm-crypt.
I don't know either. I'm just far more familiar with the dm/md layer
because I run md-raid over dm-integrity. Hence dm-crypt.
Is cryptsetup a layer in its own right, or part of lvm? I prefer the
Unix "use several tools each of which does one thing well", other people
prefer a swiss army knife like ZFS or btrfs. I don't know where
cryptsetup lies on that spectrum, and I don't know your preferences on
that spectrum.
Cheers,
Wol
