www.thorko.de Thorsten Kohlhepp - Systems administrator | Encrypted filesystem on a LVM

 

Create and extend and encrypted filesystem in a LVM container

Create the logical volume

thorko-laptop:~# lvcreate -L5G -n secure local
  Logical volume "secure" created
thorko-laptop:~# lvdisplay 
    --- Logical volume ---
  LV Name                /dev/local/secure
  VG Name                local
  LV UUID                JmyG3y-4NXf-zh73-ydhe-LjCK-R3wv-qMm5c2
  LV Write Access        read/write
  LV Status              available
  # open                 0
  LV Size                5.00 GiB
  Current LE             1280
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           254:7

create the encrypted filesystem

thorko-laptop:~# cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 /dev/local/secure

WARNING!
========
This will overwrite data on /dev/local/secure irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 
thorko-laptop:~# cryptsetup luksOpen /dev/local/secure secure
Enter passphrase for /dev/local/secure: 
thorko-laptop:~# mkfs.ext3 -m0 /dev/mapper/secure 
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
327680 inodes, 1310463 blocks
0 blocks (0.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736

This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

mount this container

thorko-laptop:~# mkdir /mnt/secure
thorko-laptop:~# mount /dev/mapper/secure /mnt/secure/
thorko-laptop:~# cd /mnt/secure/
thorko-laptop:/mnt/secure# ls
lost+found
thorko-laptop:/mnt/secure# touch test1 test2

 

Now we are going to extend this LVM container

thorko-laptop:/mnt/secure# cd ..
thorko-laptop:/mnt# umount /mnt/secure 
thorko-laptop:/mnt# cryptsetup luksClose /dev/mapper/secure
thorko-laptop:/mnt# lvextend -L +5G /dev/secure
  Extending logical volume secure to 10.00 GiB
  Logical volume secure successfully resized
thorko-laptop:/mnt# cryptsetup luksOpen /dev/local/secure secure
Enter passphrase for /dev/local/secure: 
thorko-laptop:/mnt# resize2fs /dev/mapper/secure
resize2fs 1.41.12 (17-May-2010)
Please run 'e2fsck -f /dev/mapper/secure' first.
thorko-laptop:/mnt# e2fsck -f /dev/mapper/secure
e2fsck 1.41.12 (17-May-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/secure: 13/327680 files (0.0% non-contiguous), 55936/1310463 blocks
thorko-laptop:/mnt# resize2fs /dev/mapper/secure
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/mapper/secure to 2621183 (4k) blocks.
The filesystem on /dev/mapper/secure is now 2621183 blocks long.
thorko-laptop:/mnt# mount /dev/mapper/secure /mnt/secure
thorko-laptop:/mnt# cd secure/
thorko-laptop:/mnt/secure# ls
lost+found  test1  test2
thorko-laptop:/mnt/secure# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/secure    9.9G  140M  9.8G   2% /mnt/secure