1

I have a disk with this format:

sdc                          8:32   0   1,8T  0 disk  
└─sdc1                       8:33   0   1,8T  0 part  
  ├─vg-lv1 (dm-0)          254:0    0   900G  0 lvm   /media/lv1
  └─vg-lv2 (dm-1)          254:1    0   923G  0 lvm   
    └─lv2 (dm-9)           254:9    0   923G  0 crypt /media/lv2

lv2 is an ext4 filesystem, but the block device underneath it (the logical volume vg-lv2) is encrypted with dm-crypt.

What are the steps to safely grow this filesystem?

I have already enlarged the logical volume, and I know I will have to resize2fs, but I'm guessing I will have to do something at the dm-crypt layer.

I first created this filesystem with two steps (in pseudo-shellscript):

  • Sanitize the block device

    1. lvcreate vg-lv2
    2. $randompassword = $(pwgen)
    3. cryptsetup luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256 /dev/mapper/vg-lv2, with $randompassword as the key.
    4. cryptsetup luksOpen /dev/mapper/vg-lv2 sanitize
    5. nice -20 ionice -c 3 dd if=/dev/zero of=/dev/mapper/sanitize bs=1M
    6. cryptsetup remove sanitize

  • Prepare the block device for production use

    1. Pick a passphrase
    2. cryptsetup luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256 /dev/mapper/vg-lv2, with the new key.
    3. cryptsetup luksOpen /dev/mapper/vg-lv2 lv2
    4. mke2fs /dev/mapper/vg-lv2 (I don't remember the arguments, but there were probably none)

When ready for production use, the unencrypted block device was zeroed (effectively writing pseudo-random data in the encrypted device).

Now, since I want to grow the filesystem, I should also make the first step and sanitize it before use. This is what I don't how to do:

  1. I can just call the resize functions and I'll eventually use the whole space, but I'm not comfortable with this idea.
  2. I can shrink the logical volume to the size it was before, create a new one, do those steps in it, then delete it, grow again the LV, and hope that it occupies the space of the previously sanitized logical volume ("hope" is the reason I don't like this approach)
  3. I have to know, without a doubt, what the offsets on /dev/mapper/vg-lv2 are, and dd if=/dev/zero of=/dev/mapper/vg-lv2 bs=1M skip=$SKIPBLOCKS. I can not get this $SKIPBLOCKS variable wrong, so what I actually need to know is how can I know, given an already-existing filesystem, which is the first empty block after it, so I can randomize that space onwards.
Valmiky Arquissandas
  • 474
  • 1
  • 4
  • 16

1 Answers1

3

You can resize a dmcrypt volume with resize:

cryptsetup --help|grep -i resize
    resize <name> - resize active device

After that's completed, you can resize2fs.

As for you comment about the random data: you can also do that from within the file system. So, resize it, mount it and then fill up every last byte with a random file:

dd if=/dev/urandom of=/deleteme bs=1M

And then delete the file.

(for best results, use tune2fs to set the reserved block count to 0% (temporaliy))

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Halfgaar
  • 7,921
  • 5
  • 42
  • 81
  • 1
    Thanks for your answer. I forgot to add that it also matters to me that the random data I wrote in the block device should also be extended. I figure dm-crypt won't write anything, it will just adjust its metadata into knowing that it can write further, but the data in the new space will not be random. I'll update the question accordingly. – Valmiky Arquissandas Jul 18 '14 at 22:26
  • @ValmikyArquissandas: I updated the answer. – Halfgaar Jul 19 '14 at 15:11