Difference between revisions of "Shrink An Encrypted LUKS Partition"

From Nearline Storage
Jump to navigation Jump to search
m
m
Line 20: Line 20:
 
My guidance for this came from http://ubuntuforums.org/showthread.php?p=4530641
 
My guidance for this came from http://ubuntuforums.org/showthread.php?p=4530641
  
Boot from Knoppix DVD, open a console and become root
+
Boot from Knoppix DVD, open a console and become root.
<br />Make a clone backup of the entire disk, just in case
+
<br />Make a clone backup of the entire disk, just in case:
 
   dd_rescue /dev/sda /dev/sdb
 
   dd_rescue /dev/sda /dev/sdb
 
Decrypt the LUKS partition:
 
Decrypt the LUKS partition:
Line 32: Line 32:
 
   resize2fs -p /dev/mapper/vg_dlkw500-lv_root -3255688s
 
   resize2fs -p /dev/mapper/vg_dlkw500-lv_root -3255688s
 
   e2fsck -f /dev/mapper/vg_dlkw500-lv_root
 
   e2fsck -f /dev/mapper/vg_dlkw500-lv_root
Shrink the volume group
+
Shrink the volume group:
 
   lvdisplay
 
   lvdisplay
 
   lvreduce /dev/mapper/vg_dlkw500-lv_root -L -3255688s
 
   lvreduce /dev/mapper/vg_dlkw500-lv_root -L -3255688s
 
   lvdisplay
 
   lvdisplay
Shrink the LVM physical volume
+
Shrink the LVM physical volume:
 
   pvs    # To see how much free space exists in the physical volume so that we can calculate the new size
 
   pvs    # To see how much free space exists in the physical volume so that we can calculate the new size
 
   pvresize -setphysicalvolumesize 464G /dev/mapper/crypt1
 
   pvresize -setphysicalvolumesize 464G /dev/mapper/crypt1
 
   pvdisplay
 
   pvdisplay
Shrink the encrypted disk area
+
Shrink the encrypted disk area:
 
   cryptsetup status crypt1                        # Make note of the offset
 
   cryptsetup status crypt1                        # Make note of the offset
 
   cryptsetup -o 4040 -b 973107816 resize crypt1    # 4040 is the offset, values are in 512B sectors
 
   cryptsetup -o 4040 -b 973107816 resize crypt1    # 4040 is the offset, values are in 512B sectors
Unmount the LVM and the encrypted area of the disk
+
Unmount the LVM and the encrypted area of the disk:
 
   vgchange -an
 
   vgchange -an
 
   cryptsetup luksClose crypt1
 
   cryptsetup luksClose crypt1
Move the /dev/sda2 partition data from where it is now to the end of the disk.  Start the copy from the end of the partition space and copy in reverse, from back to front.
+
Move the /dev/sda2 partition data from where it is now to the end of the disk.  Start the copy from the end of the partition space and copy in reverse, from back to front:
 
   dd_rescue -s 973517479b -S 976773167b -m 973107816b -r /dev/sda /dev/sda
 
   dd_rescue -s 973517479b -S 976773167b -m 973107816b -r /dev/sda /dev/sda
Use parted to redo the partition table to match the new /dev/sda2 start and end.  Also change /dev/sda1 so that it uses the free space.  (We don't use fdisk because it cannot handle partitions that start at the beginning of cylinder 1 / sector 63 as /dev/sda1 must)
+
Use parted to redo the partition table to match the new /dev/sda2 start and end.  Also change /dev/sda1 so that it uses the free space.  (We don't use fdisk because it cannot handle partitions that start at the beginning of cylinder 1 / sector 63 as /dev/sda1 must.)
 
     Device Boot      Start        End      Blocks  Id  System
 
     Device Boot      Start        End      Blocks  Id  System
 
   /dev/sda1  *          63    3662109    1831023+  83  Linux
 
   /dev/sda1  *          63    3662109    1831023+  83  Linux
 
   /dev/sda2        3665352  976773167  486553908  83  Linux
 
   /dev/sda2        3665352  976773167  486553908  83  Linux
Reboot while praying  (This is why you make that clone copy of the disk at the beginning.  Use dd_rescue to put the disk back the way it was if you need to.)
+
Reboot while praying. (This is why you make that clone copy of the disk at the beginning.  Use dd_rescue to put the disk back the way it was if you need to.)
<br />Expand the /boot partition to fill the available space.  This can be done on a live partition as long as it's ext3, otherwise you'd have to boot back into Knoppix.
+
<br />Expand the /boot partition to fill the available space.  This can be done on a live partition as long as it's ext3, otherwise you'd have to boot back into Knoppix:
 
   sudo resize2fs /dev/sda1
 
   sudo resize2fs /dev/sda1

Revision as of 02:29, 9 May 2011

I needed to shrink my root ("/") partition in order to make my "/boot" partition larger so that could run the preupgrade utility to update from F13 to F14. My disk geometry was:

    Device Boot      Start         End      Blocks   Id  System
 /dev/sda1   *          63      409662      204799+  83  Linux
 /dev/sda2          409663   976773167   488181752   83  Linux

/dev/sda1 contains "/boot" as a native ext3 partition /dev/sda2 is a LUKS encrypted partition, home to a Logical Volume Group which contains a logical swap partition and a logical partition which contains my root ("/") ext3 filesystem.

My steps were:

  1. Shrink the root partition
  2. Shrink the volume group that contains it
  3. Shrink the LUKS encrypted partition
  4. Shrink /dev/sda2
  5. Move /dev/sda2 to the end of the physical disk
  6. Expand /dev/sda1
  7. Expand the /boot filesystem

My guidance for this came from http://ubuntuforums.org/showthread.php?p=4530641

Boot from Knoppix DVD, open a console and become root.
Make a clone backup of the entire disk, just in case:

 dd_rescue /dev/sda /dev/sdb

Decrypt the LUKS partition:

 cryptsetup luksOpen /dev/sda5 crypt1

Activate the LVM partitions:

 vgscan --mknodes
 vgchange -ay

Shrink the root filesystem:

 e2fsck -f /dev/mapper/vg_dlkw500-lv_root
 resize2fs -p /dev/mapper/vg_dlkw500-lv_root -3255688s
 e2fsck -f /dev/mapper/vg_dlkw500-lv_root

Shrink the volume group:

 lvdisplay
 lvreduce /dev/mapper/vg_dlkw500-lv_root -L -3255688s
 lvdisplay

Shrink the LVM physical volume:

 pvs     # To see how much free space exists in the physical volume so that we can calculate the new size
 pvresize -setphysicalvolumesize 464G /dev/mapper/crypt1
 pvdisplay

Shrink the encrypted disk area:

 cryptsetup status crypt1                         # Make note of the offset
 cryptsetup -o 4040 -b 973107816 resize crypt1    # 4040 is the offset, values are in 512B sectors

Unmount the LVM and the encrypted area of the disk:

 vgchange -an
 cryptsetup luksClose crypt1

Move the /dev/sda2 partition data from where it is now to the end of the disk. Start the copy from the end of the partition space and copy in reverse, from back to front:

 dd_rescue -s 973517479b -S 976773167b -m 973107816b -r /dev/sda /dev/sda

Use parted to redo the partition table to match the new /dev/sda2 start and end. Also change /dev/sda1 so that it uses the free space. (We don't use fdisk because it cannot handle partitions that start at the beginning of cylinder 1 / sector 63 as /dev/sda1 must.)

    Device Boot      Start         End      Blocks   Id  System
 /dev/sda1   *          63     3662109     1831023+  83  Linux
 /dev/sda2         3665352   976773167   486553908   83  Linux

Reboot while praying. (This is why you make that clone copy of the disk at the beginning. Use dd_rescue to put the disk back the way it was if you need to.)
Expand the /boot partition to fill the available space. This can be done on a live partition as long as it's ext3, otherwise you'd have to boot back into Knoppix:

 sudo resize2fs /dev/sda1