On 27/03/2022 20:17, Dale wrote:
Howdy,
I sort of started this on another thread but wanted to nail a few things
down first. I'm wanting to encrypt some parts of my data on /home.
This is what I got hard drive wise.
root@fireball / # pvs
PV VG Fmt Attr PSize PFree
/dev/sda7 OS lvm2 a-- <124.46g 21.39g
/dev/sdb1 Home2 lvm2 a-- <5.46t 0
/dev/sdc1 Home2 lvm2 a-- <7.28t 0
/dev/sdd1 Home2 lvm2 a-- <7.28t 0
/dev/sde1 backup lvm2 a-- 698.63g 0
root@fireball / #
One big piece of missing information. What does fdisk say about
sd[b,c,d]1? And can you add sdf1?
I'm guessing you've got three 8TB drives? Or is it two 8s and a 6? Can
you get a third 8TB? And if you're encrypting *parts* of /home ... what
parts?
I've done some checking on sizes of things I want to encrypt and am
weighing options. I use LVM which should help make things easier. I've
downloaded and printed some howtos regarding shrinking the file system
and LVM thingys. It seems I need to shrink the file system while my
/home partition is unmounted. Then move the data off whichever drive I
want to remove and then remove the drive itself. After that I can
encrypt the just removed drive and start moving files over, using rsync
is my plan. I think that is the basic steps.
Not necessarily.
My question now comes to this. When I encrypt one of the drives, can I
then expand that drive with it being encrypted or is that not a option?
I plan to encrypt two of the drives as one volume group and leave one
other volume group as normal. I just want to be sure whether or not I
can expand a encrypted LVM drive the same as a normal LVM since both
uses LVM. I use cryptsetup commands to accomplish the encryption if
that matters. So as a example, I start with one 7TB drive encrypted,
move some data to it, then want to add either the 5TB or 7TB drive. Can
I just expand it like a normal LVM or does it being encrypted change
things?
Thoughts? My remove steps look sensible? Expanding encrypted LVM
possible?
If you are using LVM to do the encryption, then I can't see any problems
adding a new PV to an encrypted VG.
Dale
Personally, I'd use dm-crypt to encrypt the drive, and then the whole
lot is encrypted, and put plain LVM over that. I've got dedicated layers
for everything.
It looks like your home2 is 6TB+8TB+8TB. I'd get a new 8TB, put dm-crypt
on it, and add it. Now I can remove the first 8TB, dm-crypt it and
re-add it. Same with the second 8TB. Now remove the 6TB and there you
are ...
My layout's rather different from yours, so I don't think I ought to say
too much :-)
Cheers,
Wol
