Some Acronyms
-
VG= Volume Group (an object that binds LVs and PVs which are exclusive to a particular VG)
-
PV= Physical Volume (a real drive or something that looks real to LVM)
-
LV= Logical Volume (a mountable device which can contain filesystems in an LVM setup)
-
PE= Physical Extents (arbitary PV chunks used for accounting by LVM, same size for all PVs in VG)
-
LE= Logical Extent (arbitrary LV chunks, same size for all LVs in VG)
Preparing System for LVM
Kernel Setup
Need to enable device mapper.
Device Drivers --->
Multi-device support (RAID and LVM) --->
[*] Multiple devices driver support (RAID and LVM)
<*> Device mapper support
And this looks fun! If you want dm-crypt support, do this.
<*> Crypt target support
User Utilities
Get user utilities if not already present.
emerge sys-fs/device-mapper sys-fs/lvm2 emerge sys-fs/cryptsetup-luks # Very optional.
Physical Volume Managemnt
Paranoid?
If you’re going to set up a crypto filesystem and you’re really serious about entropy, now is a good time fill the drive with random crap.
dd if=/dev/urandom of=/dev/sdb bs=4096
Partitioning
Set up a Linux LVM partition with fdisk, type 8e.
Preparing Drives
Prevent LVM from scanning dumb things by adding a filter in the /etc/lvm/lvm.conf. This keeps lvm confined to drive b.
filter = [ "a/dev/sdb.*", "r/.*/" ]
It’s not unwise to break up the physical disk into a few partitions. The idea is that if for some reason you need a non LVM partition, you can get it. Once LVM is working, the multiple partitions won’t be noticeable anyway. Here’s an example:
Disk /dev/sdb: 80.0 GB, 80000000000 bytes 255 heads, 63 sectors/track, 9726 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdb1 1 2433 19543041 8e Linux LVM /dev/sdb2 2434 4866 19543072+ 8e Linux LVM /dev/sdb3 4867 7299 19543072+ 8e Linux LVM /dev/sdb4 7300 9726 19494877+ 8e Linux LVM
Creating Physical Volumes (PV)
Let LVM know what it has to work with by creating pysical volumes.
# pvcreate /dev/sdb[1234]
Physical volume "/dev/sdb1" successfully created
Physical volume "/dev/sdb2" successfully created
Physical volume "/dev/sdb3" successfully created
Physical volume "/dev/sdb4" successfully created
Finding out about Physical Volumes (PV)
pvdisplay - for each PV, shows VG, the PV size (i.e. hard drive’s actual manufacturer specified size), PE size in bytes, Total PE (which should be similar, but not exactly the PV size), Free PE, Allocated PE (TotalPE - FreePE).
So to find how much drive is unused, multiply "Free PE" by "PE Size" (FPE PES * 1e6 / =⇒ answer in GB).
|
Note
|
This seems to only work after creating a volume group. |
Volume Group Management
Creating and Extending Volume Groups (VG)
After telling LVM what real hardware there is to work with, some of that can get added to a "volume group" which will then be like a virtual drive that is a lot nicer to work with than a crusty real one. This creates a VG called xed_vg with the first 2 sdb partitions.
vgcreate xed_vg /dev/sdb[12]
To make your VG bigger by adding more physical volumes:
vgextend xed_vg /dev/sdb[34]
Finding out about Volume Groups (VG)
To get statistics about the virtual drive, i.e. the volume group, use:
vgdisplay xed_vg
Removing a Physical Volume from a VG
This takes the device /dev/hdb3 out of the pool of physical resources for the_cool_vol_group.
pvreduce the_cool_vol_group /dev/hdb3
Logical Volume Management
Creating Logical Volumes
To create a 256MB device which can be used as a swap partition:
lvcreate -L 15G -n xed_MonThuBackup xed_vg
lvcreate -L 15G -n xed_TueFriBackup xed_vg
lvcreate -L 15G -n xed_WedSatBackup xed_vg
lvcreate -L 15G -n xed_SunBackup xed_vg
The default size spec with -L is in MB, but G,K,T can be used. An even more sophisticated way to establish the size of LV is to specify the size in LE which is the natural chunk size for the VG:
lvcreate -L 256 -n xed.swap xed_vg
Once the logical volumes are created, you can format or otherwise use them like normal partitions.
Finding out about Logical Volumes (LV)
lvdisplay /dev/xen_vg/dom0
Shows what VG it’s in. Shows the LV size in human readable format. Shows LE. And much, much more!
With no arguments, shows all LV summaries.
Fixing Unavailable Volumes
If the volumes turn up as "inactive" or "unavailable" (like after a reboot using a boot CD), you might need to tell the kernel’s mapper about the lv’s explicitly. You can do an lvscan and see the inactive ones:
livecd root # lvscan
ACTIVE '/dev/vg-spot/spot-swap' [64.00 MB] inherit
inactive '/dev/vg-spot/spot-tmp' [64.00 MB] inherit
inactive '/dev/vg-spot/spot-var' [64.00 MB] inherit
inactive '/dev/vg-spot/spot-root' [756.00 MB] inherit
To make active:
lvchange -a y /dev/vg-spot/spot-root
Deleting Logical Volumes
To get rid of a logical volume completely use the lvremove commandr. Note that you need to specify the complete path to the logical volume.
# lvremove /dev/test_vg/test_5G_lv
Do you really want to remove active logical volume test_5G_lv?
[y/n]: y
Logical volume "test_5G_lv" successfully removed
Activating LVs Already On the Drive
Let’s say you have a drive that already has had LVM setup the partitions. Now you can use pvdisplay, vgdisplay, and lvdisplay, but the devices listed are not there. You need to use this command:
lvchange -ay
Now you should be able to find the volumes listed by lvdisplay.
Extending a Logical Volume
If you have some space available, for example if you buy a new drive and add it to the system, this is how to enlarge a logical volume. I don’t know this for a fact, but it’s probably a good idea to unmount the thing before trying this trick.
Take a look at the free space using vgdisplay. Then
# lvextend -l +358 /dev/xen_vg/tempscratch
Here, 358 is the number of Free Physical Extents in the vg.
Encrypted Filesystems
LUKS stands for Linux Unified Key Setup and is a way to manage encryption of harddrive or other data volumes. The way it works generally is to create the infrastructure for encryption and when you want to use the encrypted volume, you open a virtual device that can communicate with it. Opening requires the key. When you close it, the underlying volume (which could also be virtual) is just a bunch of random stuff.
Create An Encrypted Partition
First you need a new virtual device that can be built over another virtual device. This lives in /dev/mapper when it’s open. When it’s not open, it’s just fuzz on the underlying partition. This command will hose anything already here, so this is a one-time only kind of operation. This can be done on top of LVM partitions as shown here.
cryptsetup --verbose --verify-passphrase luksFormat /dev/xed_vg/xed_SunBackup
Open, Use, And Close Encrypted Partition
Once you have the underlying volume configured for cyrpto, you need to open it by creating another higher level virtual device that you can actually interact with. You supply a passphrase here.
cryptsetup --verbose luksOpen /dev/xed_vg/xed_SunBackup xed_SunBackupCRYPT
Now you can use this volume like normal.
mke2fs -jv /dev/mapper/xed_SunBackupCRYPT # ONLY FOR NEW VOLUMES!!!!
mount /dev/mapper/xed_SunBackupCRYPT /mnt/B/
-- ADD SOME STUFF --
umount /mnt/B
Now you want to protect the partition from unauthorized use, close it. The paritition unnervingly disappears, but the underlying partition remains with your data encrypted.
cryptsetup --verbose luksClose xed_SunBackupCRYPT
Other Useful LUKS Tricks
To see if a partition is actually something that can be opened into a decrypted partition, use the isLuks command.
:-> [xed.ucsd.edu][~]$ cryptsetup isLuks /dev/xed_vg/xed_SunBackup
:-> [xed.ucsd.edu][~]$ # Notice return code is happy (true).
:-> [xed.ucsd.edu][~]$ cryptsetup isLuks /dev/xed_vg/xed_MonThuBackup
/dev/xed_vg/xed_MonThuBackup is not a LUKS partition
:-< [xed.ucsd.edu][~]$ # And return code is sad (false).
Resizing a crpyto partition over LVM (yikes!). It can be done: see here.