Difference between revisions of "Shrink An Encrypted LUKS Partition"

From Nearline Storage
Jump to navigation Jump to search
m
 
m
 
(10 intermediate revisions by the same user not shown)
Line 3: Line 3:
  
 
     Device Boot      Start        End      Blocks  Id  System
 
     Device Boot      Start        End      Blocks  Id  System
   /dev/sda1  *          63     3662109    1831023+  83  Linux
+
   /dev/sda1  *          63     409662      204799+  83  Linux
   /dev/sda2         3665352   976773167  486553908   83  Linux
+
   /dev/sda2         409663   976773167  488181752   83  Linux
  
/dev/sda1 contains "/boot" as a native ext3 partition
+
/dev/sda1 contains "/boot" as a native ext3 partition.
/dev/sda2 is a LUKS encrypted partition, home to a Logical Volume Group, which contains a logical swap partition and another partition which contains my root ("/") ext3 filesystem.
+
<br />/dev/sda2 is a LUKS encrypted partition, home to a Logical Volume Group which contains a logical swap partition and a logical partition which contains my root ("/") ext3 filesystem.
  
 
My steps were:
 
My steps were:
Line 20: Line 20:
 
My guidance for this came from http://ubuntuforums.org/showthread.php?p=4530641
 
My guidance for this came from http://ubuntuforums.org/showthread.php?p=4530641
  
#Boot from Knoppix DVD
+
Boot from [http://www.knoppix.net/ Knoppix DVD], open a console and become root.
#Decrypt the LUKS partition
+
<br />Make a clone backup of the entire disk, just in case.  (In my case /dev/sdb was a USB disk of the same size as /dev/sda.)
>sudo cryptsetup luksOpen /dev/sda5 crypt1
+
  dd_rescue /dev/sda /dev/sdb
#Activate the LVM partitions
+
Decrypt the LUKS partition:
>sudo vgscan --mknodes
+
  cryptsetup luksOpen /dev/sda5 crypt1
>sudo vgchange -ay
+
Activate the LVM partitions:
 +
  vgscan --mknodes
 +
  vgchange -ay
 +
Shrink the root filesystem:
 +
  e2fsck -f /dev/mapper/vg_dlkw500-lv_root
 +
  resize2fs -p /dev/mapper/vg_dlkw500-lv_root -3255688s
 +
  e2fsck -f /dev/mapper/vg_dlkw500-lv_root
 +
Shrink the volume group:
 +
  lvdisplay
 +
  lvreduce /dev/mapper/vg_dlkw500-lv_root -L -3255688s
 +
  lvdisplay
 +
Shrink the LVM physical volume:
 +
  pvs    # To see how much free space exists in the physical volume so that we can calculate the new size
 +
  pvresize -setphysicalvolumesize 464G /dev/mapper/crypt1
 +
  pvdisplay
 +
Shrink the encrypted disk area:
 +
  cryptsetup status crypt1                        # Make note of the offset
 +
  cryptsetup -o 4040 -b 973107816 resize crypt1    # 4040 is the offset, values are in 512B sectors
 +
Unmount the LVM and the encrypted area of the disk:
 +
  vgchange -an
 +
  cryptsetup luksClose crypt1
 +
Move the /dev/sda2 partition data from where it is now to the end of the disk.  Start the copy from the end of the partition space and copy in reverse, from back to front.  This avoids overwriting the existing data until after we've copied it.  You only get one shot to get this right.
 +
  dd_rescue -s 973517479b -S 976773167b -m 973107816b -r /dev/sda /dev/sda
 +
Use parted to redo the partition table to match the new /dev/sda2 start and end.  Also change /dev/sda1 so that it uses the free space.  (We don't use fdisk because it cannot handle partitions that start at the beginning of cylinder 1 / sector 63 as /dev/sda1 must in order for the system to boot.)
 +
    Device Boot      Start        End      Blocks  Id  System
 +
  /dev/sda1  *          63    3662109    1831023+  83  Linux
 +
  /dev/sda2        3665352  976773167  486553908  83  Linux
 +
Reboot while praying.  (This is why you make that clone copy of the disk at the beginning.  Use dd_rescue to put the disk back the way it was if you need to.)
 +
 
 +
Expand the /boot partition to fill the available space.  This can be done on a live partition as long as it's ext3, otherwise you'd have to boot back into Knoppix:
 +
  sudo resize2fs /dev/sda1
 +
[[Category:Linux]]
 +
[[Category:Disks &amp; Storage]]

Latest revision as of 14:05, 31 December 2019

I needed to shrink my root ("/") partition in order to make my "/boot" partition larger so that could run the preupgrade utility to update from F13 to F14. My disk geometry was:

    Device Boot      Start         End      Blocks   Id  System
 /dev/sda1   *          63      409662      204799+  83  Linux
 /dev/sda2          409663   976773167   488181752   83  Linux

/dev/sda1 contains "/boot" as a native ext3 partition.
/dev/sda2 is a LUKS encrypted partition, home to a Logical Volume Group which contains a logical swap partition and a logical partition which contains my root ("/") ext3 filesystem.

My steps were:

  1. Shrink the root partition
  2. Shrink the volume group that contains it
  3. Shrink the LUKS encrypted partition
  4. Shrink /dev/sda2
  5. Move /dev/sda2 to the end of the physical disk
  6. Expand /dev/sda1
  7. Expand the /boot filesystem

My guidance for this came from http://ubuntuforums.org/showthread.php?p=4530641

Boot from Knoppix DVD, open a console and become root.
Make a clone backup of the entire disk, just in case. (In my case /dev/sdb was a USB disk of the same size as /dev/sda.)

 dd_rescue /dev/sda /dev/sdb

Decrypt the LUKS partition:

 cryptsetup luksOpen /dev/sda5 crypt1

Activate the LVM partitions:

 vgscan --mknodes
 vgchange -ay

Shrink the root filesystem:

 e2fsck -f /dev/mapper/vg_dlkw500-lv_root
 resize2fs -p /dev/mapper/vg_dlkw500-lv_root -3255688s
 e2fsck -f /dev/mapper/vg_dlkw500-lv_root

Shrink the volume group:

 lvdisplay
 lvreduce /dev/mapper/vg_dlkw500-lv_root -L -3255688s
 lvdisplay

Shrink the LVM physical volume:

 pvs     # To see how much free space exists in the physical volume so that we can calculate the new size
 pvresize -setphysicalvolumesize 464G /dev/mapper/crypt1
 pvdisplay

Shrink the encrypted disk area:

 cryptsetup status crypt1                         # Make note of the offset
 cryptsetup -o 4040 -b 973107816 resize crypt1    # 4040 is the offset, values are in 512B sectors

Unmount the LVM and the encrypted area of the disk:

 vgchange -an
 cryptsetup luksClose crypt1

Move the /dev/sda2 partition data from where it is now to the end of the disk. Start the copy from the end of the partition space and copy in reverse, from back to front. This avoids overwriting the existing data until after we've copied it. You only get one shot to get this right.

 dd_rescue -s 973517479b -S 976773167b -m 973107816b -r /dev/sda /dev/sda

Use parted to redo the partition table to match the new /dev/sda2 start and end. Also change /dev/sda1 so that it uses the free space. (We don't use fdisk because it cannot handle partitions that start at the beginning of cylinder 1 / sector 63 as /dev/sda1 must in order for the system to boot.)

    Device Boot      Start         End      Blocks   Id  System
 /dev/sda1   *          63     3662109     1831023+  83  Linux
 /dev/sda2         3665352   976773167   486553908   83  Linux

Reboot while praying. (This is why you make that clone copy of the disk at the beginning. Use dd_rescue to put the disk back the way it was if you need to.)

Expand the /boot partition to fill the available space. This can be done on a live partition as long as it's ext3, otherwise you'd have to boot back into Knoppix:

 sudo resize2fs /dev/sda1