LVM, LUKS : pros and cons

Tonus · 05-14-2016, 04:33 PM

Hi all,

As I just ordered a new ssd for my laptop I'm wondering if I should switch for a lvm installation.

I read the docs but haven't found any reason not to.

Do you fellow slackware users could provide any advice or warning ?

Thanks

Richard Cranium · 05-14-2016, 07:52 PM

Been happy with it. I still have around 98G unallocated.

Code:

root@hp635:~# lsblk 
NAME                   MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                      8:0    0 232.9G  0 disk  
|-sda1                   8:1    0   512M  0 part  /boot
`-sda2                   8:2    0 232.4G  0 part  
  `-lukssda2           253:0    0 232.4G  0 crypt 
    |-cryptvg-rootlv   253:1    0     6G  0 lvm   /
    |-cryptvg-optlv    253:2    0     4G  0 lvm   /opt
    |-cryptvg-usrlv    253:3    0    16G  0 lvm   /usr
    |-cryptvg-varlv    253:4    0    16G  0 lvm   /var
    |-cryptvg-varloglv 253:5    0    16G  0 lvm   /var/log
    |-cryptvg-swaplv   253:6    0    16G  0 lvm   [SWAP]
    |-cryptvg-tmplv    253:7    0    16G  0 lvm   /tmp
    |-cryptvg-homelv   253:8    0    28G  0 lvm   /home
    `-cryptvg-cplv     253:9    0    16G  0 lvm   
sr0                     11:0    1  1024M  0 rom   
root@hp635:~# cat /proc/scsi/scsi 
Attached devices:
Host: scsi0 Channel: 00 Id: 00 Lun: 00
  Vendor: ATA      Model: Samsung SSD 850  Rev: 2B6Q
  Type:   Direct-Access                    ANSI  SCSI revision: 05
Host: scsi1 Channel: 00 Id: 00 Lun: 00
  Vendor: hp       Model: DVDRAM GT50N     Rev: MP00
  Type:   CD-ROM                           ANSI  SCSI revision: 05
root@hp635:~# smartctl -a /dev/sda
smartctl 6.4 2015-06-04 r4109 [x86_64-linux-4.4.10] (local build)
Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family:     Samsung based SSDs
Device Model:     Samsung SSD 850 EVO 250GB
Serial Number:    S2R5NXAH341620E
LU WWN Device Id: 5 002538 d40bcc284
Firmware Version: EMT02B6Q
User Capacity:    250,059,350,016 bytes [250 GB]
Sector Size:      512 bytes logical/physical
Rotation Rate:    Solid State Device
Form Factor:      2.5 inches
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ACS-2, ATA8-ACS T13/1699-D revision 4c
SATA Version is:  SATA 3.1, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is:    Sat May 14 19:42:28 2016 CDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

[blah blah blah]

moesasji · 05-15-2016, 01:57 AM

Quote:

Originally Posted by Tonus

As I just ordered a new ssd for my laptop I'm wondering if I should switch for a lvm installation.

As it is a laptop that you likely carry around I would think you should encrypt your harddisk, for which you need to use LVM. I do this consistently for laptops and works without problems.

GazL · 05-15-2016, 05:48 AM

I'm still on old fashioned spinning metal, but I've been a strong advocate for using LVM for years.

Advice:

Learn the concepts and commands, don't just follow some lvm install guide and think 'job done'.
Leave some unallocated space in your volume group to meet any future demands (like Richard has done).
Give your VGs and LVs consistent and meaningful names and don't use something like "vg00/lv00" (which I've actually seen from time to time -- I think it might be the default in certain distros installers).
If you do decide to use LUKS, backup the header and put it somewhere safe. You don't want to lose an entire disk simply because one sector gets corrupted.

Pros:

It's very flexible and adds an extra layer of abstraction (which can be useful.. i.e. device name independence).

Cons:

It adds an extra layer of abstraction (which you need to understand).

Here's my layout (partial encryption):

Code:

NAME               MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                  8:0    0 931.5G  0 disk  
├─sda1               8:1    0   260M  0 part  
├─sda2               8:2    0   128M  0 part  
├─sda3               8:3    0 659.9G  0 part  
├─sda4               8:4    0   869M  0 part  
├─sda5               8:5    0  20.4G  0 part  
└─sda6               8:6    0   250G  0 part  
  ├─rootvg-lvroot  253:0    0    16G  0 lvm   /
  ├─rootvg-lvvar   253:1    0    16G  0 lvm   /var
  ├─rootvg-lvhome  253:2    0    32G  0 lvm   /home
  ├─rootvg-lvsrc   253:3    0     4G  0 lvm   /usr/src
  ├─rootvg-lvsrv   253:4    0   120G  0 lvm   /srv
  └─rootvg-lvcrypt 253:5    0    32G  0 lvm   
    └─crypt        253:6    0    32G  0 crypt /srv/crypt
sr0                 11:0    1  1024M  0 rom

Ignore sda2-5, that's Windows crap.

Certain user's 'Home directories' are actually stored under /srv/crypt/home and symlinked into place: dependent on whether the user is a "personal account" or something more functional which doesn't need encryption and just lives in /home (such as my 'build' user).

/tmp is on tmpfs.

Anyway, between what Richard and I have posted, I'm sure you can see the possibilities are endless and purely a matter of preference.

TLDR: LVM GOOD!

Tonus · 05-15-2016, 10:12 AM

Thanks for your feedback and the time you took for your answer !

I'm thinking of this kind of parts / lvm :

Code:

/boot part 1 not crypted 
/part 2
--/ crypted 
--/home crypted 
--/usr crypted 
--/var crypted 
--/var/run crypted 
--/var/log/crypted 
--/mnt/vm not crypted (img for vanilla slackware to test builds or Windows to run crap softs I can't have in slackware) 
--/mnt/data not crypted (repos, build env) 
--/mnt/multimedia not crypted (music, movies) 
--/mnt/photos crypted (personnal pics) 
--/mnt/backups crypted (phone and other backups 
--swap crypted 
--/tmp crypted 
--/tmp/SBo tmpfs
--/tmp/build tmpfs

I will start with the allocated space taken on my actual install to evaluate what's needed for each.

Still wondering how much I should allocate to tmpfs for compiling (got 6go of ram) and how it really works...

Swap might be at least 6go to have hibernation but still have to dig how it works since I read that hibernation uses compression (have to find what would be the better ratio and how to configure that).

Fotunately I have a week before the drive is delivered :-)

Any further advice still welcome !

Richard Twat · 05-15-2016, 02:38 PM

To be able to use trim on a encrypted disk one needs to add the --allow-discards option to cryptsetup.
Here is a little script that adds this to the initrd-tree which mkinitrd uses:

Code:

#!/bin/bash

DIR=/tmp/fixinit
rm -rf $DIR
mkdir -p $DIR
cd $DIR
tar -xf /usr/share/mkinitrd/initrd-tree.tar.gz
sed -i 's#/sbin/cryptsetup ${LUKSKEY}#/sbin/cryptsetup --allow-discards ${LUKSKEY}#' init
tar czf /usr/share/mkinitrd/initrd-tree.tar.gz .

It's only tested on Current though

Also don't forget to enable trim in lvm.conf.

Tonus · 05-15-2016, 06:01 PM

Thank you Richard, I might have missed that !

Richard Cranium · 05-15-2016, 06:04 PM

Quote:

Originally Posted by GazL

Pros:

It's very flexible and adds an extra layer of abstraction (which can be useful.. i.e. device name independence).

I'll add that lvm makes it very easy to swap out hard drives. Create the new physical volume, add it to the volume group, run pvmove while the system is running to migrate everything off the old drive, remove the old physical volume from the volume group when it's done.

If you have a bay such that you can access the drives, you don't even have to power down while doing all that. Pretty neat when you need it.