From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from biostat.ucsf.edu (upstrm185.psg-ucsf.org [38.99.193.74]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 10 Sep 2014 22:36:53 +0200 (CEST) Date: Wed, 10 Sep 2014 13:36:50 -0700 From: Ross Boylan Message-ID: <20140910203650.GF8520@markov.biostat.ucsf.edu> References: <20140909215203.GG26856@markov.biostat.ucsf.edu> <20140910033131.GD8520@markov.biostat.ucsf.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] expanding encrypted volume/growing the volume List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Robert Nichols Cc: dm-crypt@saout.de On Wed, Sep 10, 2014 at 08:25:07AM -0500, Robert Nichols wrote: > On 09/09/2014 10:31 PM, Ross Boylan wrote: >> On Tue, Sep 09, 2014 at 08:59:03PM -0500, Robert Nichols wrote: >>> Easy. Create a new LV in that VG and use "--extents 100%FREE" as >>> its size. Fill that LV with whatever variety of random data you >>> choose, then delete that LV and use the space to expand your active >>> LV. >> >> Thanks; I wasn't aware of that syntax. >> >> But do the snapshots make that hazardous? If the maximum space I >> specified for them is pre-allocated it should be fine, but I thought >> the implementation grabbed blocks as needed. If that's the case, a >> snapshot could fail while I have grabbed all the "free" space. >> >> I suppose worst case I could do 90%Free and be good enough. > > The snapshot LV can increase its size only if you created it as thinly > provisioned, and even then it can grab extents only within the LV that > you set up as a "thin pool" LV. The space within that thin pool LV is > not "free" for the purposes of creating a new LV. Creating a new LV > with "--extents 100%FREE" will not affect expansion of your snapshot > LVs. > Good; I didn't do thin provisioning. Game Plan (for IMAP server and its spool): ## Verify that backups are OK ## randomize free space in LVM volume group turtle lvcreate -l 100%FREE -n tozero turtle cryptsetup open --type plain -d /dev/urandom /dev/turtle/tozero zero_crypt dd_rescue -w /dev/zero /dev/mapper/zero_crypt # free space ~ 100G--likely to take awhile. Hours? days? # if it's really slow I could allocate 2 LVs, one of which is the size # I need ~50G, and the other of which is filler. randomize the 50G; # free the space, and extend my volume. cryptsetup remove zero_crypt lvremove turtle/zero ## make encrypted spot to backup recent files # /usr/local/backup is not encrypted. Assume I create a small encrypted volume # and mount it at /usr/local/backup/crypt ## shutdown server ## backup current server state # do manual backup of selected server state # If possible make a backup of the directories the usual way. # Otherwise, as root cd /usr/local/backup/crypt # snapshots at 00:10 daily. Assume current day has not # been backed up yet. tar cjf cyrspool-recent.tar.bz2 --after-date 'Sep 9 00:09 -0800' /var/spool/cyrus ## take directory offline umount /var/spool/cyrus cryptsetup luksClose cyrspool_crypt # maybe close snapshot of turtle/cyrspool before extending? ## Actually grow things lvextend -L +20G turtle/cyrspool cryptsetup --key-file xxx luksOpen /dev/turtle/cyrspool cyrspool_crypt resize_reiserfs /dev/mapper/cryspool_crypt reiserfsck /dev/mapper/cyrspool_crypt mount /var/spool/cyrus ## restart IMAP server I took Arno's advice and did things offline. If anyone sees a problem, I'd love to know. Thanks. Ross