Shrink An Encrypted LUKS Partition

From Nearline Storage
Jump to navigation Jump to search

I needed to shrink my root ("/") partition in order to make my "/boot" partition larger so that could run the preupgrade utility to update from F13 to F14. My disk geometry was:

    Device Boot      Start         End      Blocks   Id  System
 /dev/sda1   *          63      409662      204799+  83  Linux
 /dev/sda2          409663   976773167   488181752   83  Linux

/dev/sda1 contains "/boot" as a native ext3 partition.
/dev/sda2 is a LUKS encrypted partition, home to a Logical Volume Group which contains a logical swap partition and a logical partition which contains my root ("/") ext3 filesystem.

My steps were:

  1. Shrink the root partition
  2. Shrink the volume group that contains it
  3. Shrink the LUKS encrypted partition
  4. Shrink /dev/sda2
  5. Move /dev/sda2 to the end of the physical disk
  6. Expand /dev/sda1
  7. Expand the /boot filesystem

My guidance for this came from

Boot from Knoppix DVD, open a console and become root.
Make a clone backup of the entire disk, just in case. (In my case /dev/sdb was a USB disk of the same size as /dev/sda.)

 dd_rescue /dev/sda /dev/sdb

Decrypt the LUKS partition:

 cryptsetup luksOpen /dev/sda5 crypt1

Activate the LVM partitions:

 vgscan --mknodes
 vgchange -ay

Shrink the root filesystem:

 e2fsck -f /dev/mapper/vg_dlkw500-lv_root
 resize2fs -p /dev/mapper/vg_dlkw500-lv_root -3255688s
 e2fsck -f /dev/mapper/vg_dlkw500-lv_root

Shrink the volume group:

 lvreduce /dev/mapper/vg_dlkw500-lv_root -L -3255688s

Shrink the LVM physical volume:

 pvs     # To see how much free space exists in the physical volume so that we can calculate the new size
 pvresize -setphysicalvolumesize 464G /dev/mapper/crypt1

Shrink the encrypted disk area:

 cryptsetup status crypt1                         # Make note of the offset
 cryptsetup -o 4040 -b 973107816 resize crypt1    # 4040 is the offset, values are in 512B sectors

Unmount the LVM and the encrypted area of the disk:

 vgchange -an
 cryptsetup luksClose crypt1

Move the /dev/sda2 partition data from where it is now to the end of the disk. Start the copy from the end of the partition space and copy in reverse, from back to front. This avoids overwriting the existing data until after we've copied it. You only get one shot to get this right.

 dd_rescue -s 973517479b -S 976773167b -m 973107816b -r /dev/sda /dev/sda

Use parted to redo the partition table to match the new /dev/sda2 start and end. Also change /dev/sda1 so that it uses the free space. (We don't use fdisk because it cannot handle partitions that start at the beginning of cylinder 1 / sector 63 as /dev/sda1 must in order for the system to boot.)

    Device Boot      Start         End      Blocks   Id  System
 /dev/sda1   *          63     3662109     1831023+  83  Linux
 /dev/sda2         3665352   976773167   486553908   83  Linux

Reboot while praying. (This is why you make that clone copy of the disk at the beginning. Use dd_rescue to put the disk back the way it was if you need to.)

Expand the /boot partition to fill the available space. This can be done on a live partition as long as it's ext3, otherwise you'd have to boot back into Knoppix:

 sudo resize2fs /dev/sda1