| 1 |
On 27/03/2022 21:13, Dale wrote: |
| 2 |
> Wol wrote: |
| 3 |
>> On 27/03/2022 20:17, Dale wrote: |
| 4 |
>>> Howdy, |
| 5 |
>>> |
| 6 |
>>> I sort of started this on another thread but wanted to nail a few things |
| 7 |
>>> down first. I'm wanting to encrypt some parts of my data on /home. |
| 8 |
>>> This is what I got hard drive wise. |
| 9 |
>>> |
| 10 |
>>> |
| 11 |
>>> root@fireball / # pvs |
| 12 |
>>> PV VG Fmt Attr PSize PFree |
| 13 |
>>> /dev/sda7 OS lvm2 a-- <124.46g 21.39g |
| 14 |
>>> /dev/sdb1 Home2 lvm2 a-- <5.46t 0 |
| 15 |
>>> /dev/sdc1 Home2 lvm2 a-- <7.28t 0 |
| 16 |
>>> /dev/sdd1 Home2 lvm2 a-- <7.28t 0 |
| 17 |
>>> /dev/sde1 backup lvm2 a-- 698.63g 0 |
| 18 |
>>> root@fireball / # |
| 19 |
>>> |
| 20 |
>> One big piece of missing information. What does fdisk say about |
| 21 |
>> sd[b,c,d]1? And can you add sdf1? |
| 22 |
> |
| 23 |
> I have the entire drive as one large partition for each drive. I could |
| 24 |
> have done it as a whole device but I wanted partitions to give a hint |
| 25 |
> that the drive is in use, if booted from other medium for example. |
| 26 |
> |
| 27 |
> I have enough extra space that I can remove either a 6TB or a 8TB |
| 28 |
> drive. Once that is done, I can start to encrypt and move data around. |
| 29 |
> This is some additional info from df for /home: |
| 30 |
> |
| 31 |
> |
| 32 |
> /dev/mapper/Home2-Home2 20T 8.7T 12T 45% /home |
| 33 |
> |
| 34 |
> |
| 35 |
> If I remove a 8TB drive, I'd still have enough room for my data. I |
| 36 |
> could then rebuild /home starting with the 8TB drive just freed up. |
| 37 |
> Then as I move data, I could expand them one at a time encrypting as I |
| 38 |
> go. I'd rather not have to buy a hard drive right now. Tight budget |
| 39 |
> given other things I got going on. I do have backups, more than one in |
| 40 |
> a couple important data spots. |
| 41 |
> |
| 42 |
Do you need to shrink your fs first though? |
| 43 |
|
| 44 |
My three 3TB partitions are raided, and /dev/md/home is my PV. I've only |
| 45 |
allocated the space to LVs that they need, so I could probably shrink |
| 46 |
the PV and remove a drive without needing to mess about with my LVs at |
| 47 |
all. I get the impression you may have allocated all your space, not a |
| 48 |
good idea. |
| 49 |
|
| 50 |
My attitude is my data is backed up, expanding an LV/FS is low risk, |
| 51 |
I'll just grow stuff as I need to ... my /home partition contains proper |
| 52 |
home drives, things like videos may be in /home/videos, but they're |
| 53 |
actually a separate partition, etc etc. |
| 54 |
> |
| 55 |
>> |
| 56 |
>> I'm guessing you've got three 8TB drives? Or is it two 8s and a 6? Can |
| 57 |
>> you get a third 8TB? And if you're encrypting *parts* of /home ... |
| 58 |
>> what parts? |
| 59 |
>>> |
| 60 |
>>> I've done some checking on sizes of things I want to encrypt and am |
| 61 |
>>> weighing options. I use LVM which should help make things easier. I've |
| 62 |
>>> downloaded and printed some howtos regarding shrinking the file system |
| 63 |
>>> and LVM thingys. It seems I need to shrink the file system while my |
| 64 |
>>> /home partition is unmounted. Then move the data off whichever drive I |
| 65 |
>>> want to remove and then remove the drive itself. After that I can |
| 66 |
>>> encrypt the just removed drive and start moving files over, using rsync |
| 67 |
>>> is my plan. I think that is the basic steps. |
| 68 |
>> |
| 69 |
>> Not necessarily. |
| 70 |
>>> |
| 71 |
>>> My question now comes to this. When I encrypt one of the drives, can I |
| 72 |
>>> then expand that drive with it being encrypted or is that not a option? |
| 73 |
>>> I plan to encrypt two of the drives as one volume group and leave one |
| 74 |
>>> other volume group as normal. I just want to be sure whether or not I |
| 75 |
>>> can expand a encrypted LVM drive the same as a normal LVM since both |
| 76 |
>>> uses LVM. I use cryptsetup commands to accomplish the encryption if |
| 77 |
>>> that matters. So as a example, I start with one 7TB drive encrypted, |
| 78 |
>>> move some data to it, then want to add either the 5TB or 7TB drive. Can |
| 79 |
>>> I just expand it like a normal LVM or does it being encrypted change |
| 80 |
>>> things? |
| 81 |
>>> |
| 82 |
>>> Thoughts? My remove steps look sensible? Expanding encrypted LVM |
| 83 |
>>> possible? |
| 84 |
>> |
| 85 |
>> If you are using LVM to do the encryption, then I can't see any |
| 86 |
>> problems adding a new PV to an encrypted VG. |
| 87 |
>>> |
| 88 |
>>> Dale |
| 89 |
>>> |
| 90 |
>> Personally, I'd use dm-crypt to encrypt the drive, and then the whole |
| 91 |
>> lot is encrypted, and put plain LVM over that. I've got dedicated |
| 92 |
>> layers for everything. |
| 93 |
>> |
| 94 |
>> It looks like your home2 is 6TB+8TB+8TB. I'd get a new 8TB, put |
| 95 |
>> dm-crypt on it, and add it. Now I can remove the first 8TB, dm-crypt |
| 96 |
>> it and re-add it. Same with the second 8TB. Now remove the 6TB and |
| 97 |
>> there you are ... |
| 98 |
>> |
| 99 |
>> My layout's rather different from yours, so I don't think I ought to |
| 100 |
>> say too much :-) |
| 101 |
>> |
| 102 |
>> Cheers, |
| 103 |
>> Wol |
| 104 |
>> |
| 105 |
>> |
| 106 |
> |
| 107 |
> |
| 108 |
> What is the advantage of dm-crypt over cryptsetup? I've learned how to |
| 109 |
> use cryptsetup with my external drive so was hoping to stick with what I |
| 110 |
> already know. Unless there is a advantage to dm-crypt. |
| 111 |
> |
| 112 |
I don't know either. I'm just far more familiar with the dm/md layer |
| 113 |
because I run md-raid over dm-integrity. Hence dm-crypt. |
| 114 |
|
| 115 |
Is cryptsetup a layer in its own right, or part of lvm? I prefer the |
| 116 |
Unix "use several tools each of which does one thing well", other people |
| 117 |
prefer a swiss army knife like ZFS or btrfs. I don't know where |
| 118 |
cryptsetup lies on that spectrum, and I don't know your preferences on |
| 119 |
that spectrum. |
| 120 |
|
| 121 |
Cheers, |
| 122 |
Wol |
Archives