LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-17-2013, 01:48 PM   #1
blenderfox
LQ Newbie
 
Registered: Apr 2013
Location: London, UK
Distribution: Debian, Ubuntu, Linux Mint, Fedora
Posts: 24

Rep: Reputation: Disabled
Shrinking a crypted FS


I'm experimenting with a crypted fs, trying to make sure I understand how it works before I use it for any data storage. I can create, delete, add and grow a crypted FS, but I cannot seem to be able to reliably shrink it.

I have my test crypted fs inside a LVM (if that makes a difference), but I have it setup so that it is called "CryptTesting", and I unlock it using a key I created:

Code:
cryptsetup luksOpen --key-file=~/crypttest.key /dev/mapper/HitachiVG-CryptTesting DecryptedTest
I can see the status of my crypt:

Code:
# cryptsetup status DecryptedTest/dev/mapper/DecryptedTest is active.
  type:    LUKS1
  cipher:  aes-cbc-plain
  keysize: 256 bits
  device:  /dev/mapper/HitachiVG-CryptTesting
  offset:  4096 sectors
  size:    20967424 sectors
  mode:    read/write
The crypt volume is 10G, and I want to resize it to 1G, which is around 2097152 sectors, so from what I know, the command should be:

Code:
# cryptsetup --verbose resize DecryptedTest -b 2097152
Command successful.
See, I get a "successful" reply, and the status reflects that:
Code:
# cryptsetup status DecryptedTest/dev/mapper/DecryptedTest is active.
  type:    LUKS1
  cipher:  aes-cbc-plain
  keysize: 256 bits
  device:  /dev/mapper/HitachiVG-CryptTesting
  offset:  4096 sectors
  size:    2097152 sectors
  mode:    read/write
# cryptsetup status DecryptedTest
But when I close and reopen the crypted volume, the change isn't kept, and the sectors go back to what they were previously. If I want to resize the LV that contains the crypted fs, then LVM warns me I might lose data.

Question I have is how to I properly shrink the crypted fs? Everything I've found on the web so far all tells me to use cryptsetup resize, but it doesn't seem to stick...
 
Old 08-05-2013, 11:55 PM   #2
biodded
LQ Newbie
 
Registered: Dec 2012
Distribution: Knoppix, Xubuntu
Posts: 6

Rep: Reputation: Disabled
One thing you could try would be to issue the resize command, then imediately change the /etc/fstab to reflect the smaller volume.

This would work if the resize command does work (it sounds like it does), but does not modify how the kernel re-opens the file system. The kernel would then consult fstab, which does not show any change because the resize command does not actually change fstab.

Are you sure that the system has the room to shrink the volume to 10% of what it is now? I would also think that the encrypted verson takes more space than a not-encrypted verson.

And finally, the ever existant BACKUP YOUR DATA is nessicary here. Perhaps even more so. It sounds like you do not have anything on the encrypted volume, but if you do, BACKUP. Also, editing fstab at all can turn any computer in to a very expensive paper-weight. Proceeding carefully is a very good idea.
 
Old 08-06-2013, 12:13 AM   #3
blenderfox
LQ Newbie
 
Registered: Apr 2013
Location: London, UK
Distribution: Debian, Ubuntu, Linux Mint, Fedora
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by biodded View Post
One thing you could try would be to issue the resize command, then imediately change the /etc/fstab to reflect the smaller volume.

This would work if the resize command does work (it sounds like it does), but does not modify how the kernel re-opens the file system. The kernel would then consult fstab, which does not show any change because the resize command does not actually change fstab.

Are you sure that the system has the room to shrink the volume to 10% of what it is now? I would also think that the encrypted verson takes more space than a not-encrypted verson.

And finally, the ever existant BACKUP YOUR DATA is nessicary here. Perhaps even more so. It sounds like you do not have anything on the encrypted volume, but if you do, BACKUP. Also, editing fstab at all can turn any computer in to a very expensive paper-weight. Proceeding carefully is a very good idea.
I'm sure fstab doesn't specify the size of the filesystem it mounts, so I don't think your suggestion would work. Besides, according to the Google Code page, LUKS partitions do not store the size of the filesystem anywhere.

As for backups, I'm only doing this as a learning experiment - I have no important data in the partition to lose.

Finally, as for room, the 10G partition has only one file - 1G in size, so I'm sure there's enough room to resize.
 
Old 08-06-2013, 01:12 AM   #4
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 835

Rep: Reputation: 165Reputation: 165
I use LUKS-encrypted LVM, and I recently had to reduce my /home logical volume (/dev/vg00/home) to make room for another swap file. Basic procedure is to unmount the logical volume, check the filesystem for errors, shrink the filesystem to the desired size, reduce the underlying logical volume, then check results and remount the logical volume.

This is what I did to shrink /dev/vg00/home from 26G to 25G:

Code:
# telinit 1
# umount /home
# lvscan -vvvv &> lvscan.txt
# e2fsck -f /dev/vg00/home
# resize2fs -p /dev/vg00/home 25G
# lvreduce -L 25G /dev/vg00/home

Run fsck again to make sure all is well, and also resize2fs without a size to 
verify the current size is as expected.
# e2fsck -f /dev/vg00/home
# resize2fs -p /dev/vg00/home

# mount /dev/vg00/home /home
 
Old 08-06-2013, 02:50 AM   #5
blenderfox
LQ Newbie
 
Registered: Apr 2013
Location: London, UK
Distribution: Debian, Ubuntu, Linux Mint, Fedora
Posts: 24

Original Poster
Rep: Reputation: Disabled
I presume /dev/vg00/home is the crypted volume? If so, then don't you get a warning about potentially losing data at the step?

Code:
lvreduce -L 25G /dev/vg00/home
The steps you have listed are pretty much the same as the ones I have taken but I am concerned about the warning regarding data loss - even though there didn't appear to be any.
 
Old 08-06-2013, 11:49 AM   #6
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 835

Rep: Reputation: 165Reputation: 165
Yes, I got a message to that effect when I issued the lvreduce command. I believe the message is always issued as a warning when you reduce the logical volume size because of the potential for data loss. It doesn't mean you necessarily will lose data. If you were to issue lvreduce to shrink the logical volume before you shrank the filesystem built within it, you could lose data or break the filesystem. So shrink the filesystem first, then reduce the logical volume.
 
Old 08-06-2013, 12:09 PM   #7
blenderfox
LQ Newbie
 
Registered: Apr 2013
Location: London, UK
Distribution: Debian, Ubuntu, Linux Mint, Fedora
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Z038 View Post
Yes, I got a message to that effect when I issued the lvreduce command. I believe the message is always issued as a warning when you reduce the logical volume size because of the potential for data loss. It doesn't mean you necessarily will lose data. If you were to issue lvreduce to shrink the logical volume before you shrank the filesystem built within it, you could lose data or break the filesystem. So shrink the filesystem first, then reduce the logical volume.
But what about the crypted fs? We can shrink the decrypted filesystem (resize2fs), but what about the crypted filesystem? How do we handle that one? Do we do nothing?
 
Old 08-06-2013, 01:03 PM   #8
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 835

Rep: Reputation: 165Reputation: 165
Well ... I didn't issue the cryptsetup resize command. That was an oversight on my part, a failure in my research prior to doing the reduction. But the process worked anyway.

I don't think that resizing the crypt is required unless you are doing it to an online mounted partition. If I were going to do it again, I would just do a cryptsetup luksClose before the lvreduce, and a cryptsetup luksOpen afterwards.

See this: http://serverfault.com/questions/394...crypted-volume
 
Old 08-06-2013, 01:16 PM   #9
blenderfox
LQ Newbie
 
Registered: Apr 2013
Location: London, UK
Distribution: Debian, Ubuntu, Linux Mint, Fedora
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Z038 View Post
Well ... I didn't issue the cryptsetup resize command. That was an oversight on my part, a failure in my research prior to doing the reduction. But the process worked anyway.

I don't think that resizing the crypt is required unless you are doing it to an online mounted partition. If I were going to do it again, I would just do a cryptsetup luksClose before the lvreduce, and a cryptsetup luksOpen afterwards.

See this: http://serverfault.com/questions/394...crypted-volume
Ironically, that's also where I was looking. Notably the instructions did not include a cryptsetup resize, but it did mention it at the end.

I'm going to experiment some more....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
View crypted password in openldap vignesh_murali2003 Linux - Newbie 4 07-17-2013 03:11 PM
Crypted root on LVM does not boot funboy Slackware 19 09-18-2012 07:50 PM
extend crypted lvm volume imitis Linux - General 4 06-12-2010 07:55 AM
data recovery from dm-crypted partition carlitoco Linux - Software 5 10-19-2009 08:15 AM
dm-crypted root with filesystem checking /y0shi Slackware 3 02-16-2008 07:55 AM


All times are GMT -5. The time now is 06:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration