1

I have LUKS on LVM (LVM Partitions created first, then each partition is encrypted separately, following this guide on Arch Wiki).

I am using two volume groups, and each is isolated to a drive. This is because I have one SSD and one platter, and I knew I would want to replace the platter down the road.

I'm now down the road, and want to replace the platter.

Current layout

Here is what I have:

========================

/dev/sda - small SSD

------------------------

/dev/sda1   /boot   unencrypted, GRUB
/dev/sda2   PV, vgssd

------------------------

houses:
LV       VG     Decrypted to => Mounted to
root     vgssd  /dev/mapper/vgssdd-root_crypt => /
swap     vgssd  swap
usrlocal vgssd  /dev/mapper/vgssdd-usrlocal_crypt => /usr/local

========================

/dev/sdb - large platter HDD

------------------------

/dev/sdb1   PV, vghdd

------------------------

houses:
LV       VG     Decrypted to => Mounted to
home     vghdd  /dev/mapper/vghdd-home_crypt => /home
tmp      vghdd  /dev/mapper/vghdd-tmp_crypt => /tmp
varlog   vghdd  /dev/mapper/vghdd-varlog_crypt => /var/log

========================

What I tried

Given that the crypts are set up inside of (and isolated to) the partitions, I thought that I should be able to simply do:

  • Add the new drive via external case (lists as /dev/sdd)

  • Mark it as a Physical Volume for LVM

    pvcreate /dev/sdd

  • Add it to the vghdd Volume Group

    vgextend vghdd /dev/sdd

  • Move the extents from the old drive to the new drive

    vgmove /dev/sdb1 /dev/sdd

  • Remove the old drive from the Volume Group

    vgreduce vghdd /dev/sdb1

All of that went well. I then assumed, probably incorrectly, that nothing would need to be adjusted in crypttab, GRUB, or initramfs.

So, I shut down, swapped out the old and new drive, and turned on the system to find a nice little white cursor flashing at me, rather than GRUB.

Recovery note:I then put the old drive back in and was able to boot, but the partitions that had been on it were obviously not there; I reversed the above, moving the PEs from the new drive to the old, and then was able to boot normally.

Crypt & fstab notes

Anyway, now I'm left with wondering what else I would need to do to migrate. I've found a lot of help about spanning disks with LUKS on LVM, but that's not really what I'm after.

  • My crypttab had UUIDs; I didn't catch that ahead of time, but this shouldn't prevent GRUB from loading, as it loaded and booted OK when the HDD disk was present but empty.
  • My fstab points to /var/mapper/blahs; these shouln't need to be modified, unless I missed something.
  • Does GRUB and/or initramfs care about the PV GUID or the LV guids?

Questions

  1. Do I need to rebuild GRUB?
  2. Do I need to rerun initramfs?
  3. Is there something else I'm missing?
  4. What is the proper order of steps AFTER the vgmove?
Damon
  • 131
  • 8
  • Maybe start with a pvdisplay to get the uid from the old drive and run a find to see what references it? Just a long shot but it might give you something to work with – Gravy Feb 13 '15 at 01:51

1 Answers1

0

Here is something that might help... Even though the partition size is staying the same, you may still need to "resize" your encrypted volume.

      cryptsetup --verbose resize cryptroot

This is based on:

http://www.ms.unimelb.edu.au/~trice/linux/tricks/luksresize/

Although from what I've read, It seems like most recommend encrypting at the physical level with luks and building your vg's and lv's on top of that.

Gravy
  • 770
  • 1
  • 5
  • 17
  • I'll give it a shot. The reason I went the other way around is because with LUKS on LVM, you're supposed to be able to span disks. I'm not using Arch, but I followed [this guide](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LUKS_on_LVM). They [later talk](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Expanding_LVM_on_multiple_disks) about spanning disks and mention resizing the crypt and the partition; I didn't think I would need to do that, but it's worth a shot. – Damon Feb 13 '15 at 02:48
  • hopefully it will work out, keep me posted, i'll keep looking as i have time for more information – Gravy Feb 13 '15 at 03:29
  • I was hoping to give this a shot over the weekend, but that didn't work out. I'll keep you posted. And that link you shared is similar enough to what I'm doing so I think will help. – Damon Feb 16 '15 at 20:43