Translation(s): English - Français

(!) ?Discussion


LVM is a Logical Volume Manager for the Linux operating system.

Presentation

Logical volume management provides a higher-level view of the disk storage on a computer system than the traditional view of disks and partitions. This gives the system administrator much more flexibility in allocating storage to applications and users.

Storage volumes created under the control of the logical volume manager can be resized and moved around almost at will.

Definitions

An example:

||-------------------------------OS---------------------------------||
||-Non-LVM-||-------------------------LVM---------------------------||
||  /boot  ||   LV-1 (/)  | LV-2 (swap)|  LV 3 (/home) | LV-4 (/tmp)|| Logical Volumes(LV)
||         ||------------------------------------------|------------||
||         ||                  VG 1                    |    VG 2    || Volume Groups(VG)
||         ||------------------------------------------|------------||
||/dev/sda1|| /dev/sda2 |     /dev/sda3    | /dev/sdb2 | /dev/sdd4  || Physical Volumes(PV)
||---------||-------------------------------------------------------||

Good to know

Encrypted LVM

When formatting a LVM volume, you can choose between encrypted LVM or not encrypted LVM. To protect the confidentiality of your valuable data, for instance in the event of the loss or theft of your computer or storage, such as volume, solid state disk, or hard drive, when formatting a LVM volume it is suggested to consider formatting it using the encrypted LVM option.

<!> If you choose the encrypted LVM option, it is suggested to consider creating backup passwords. So that recovery is quick and easy :) Otherwise it the event that somehow your password is not working, you risk permanently loosing all your valuable data. It is surprisingly frequent that people loose all their data because somehow their password is no longer working, and they did not created backup passwords. Encrypted LVM is very strong, so if somehow you locked yourself out, unless you have backup passwords it is likely that you would be permanently locked out :(

Backup passwords

Creating backup passwords is a two steps process. First you add backup passwords, second you backup those passwords.

Steps

  1. Add backup passwords
    1. Run the following command in Terminal as Root

      cryptsetup luksChangeKey <device> -S <slot>
      • Notes
        • Where -S means you want to edit a specific key-slot. You need to change <slot> for a number ranging from zero to 7. This number will identify which key-slot you want to edit. There are 8 key-slots total available. Ranging from zero to 7. You need to replace <device> with the path to your encrypted LVM volume. For example /dev/sda.

    2. It is suggested to create at least 3 backup passwords. If you want to add an additional backup password simply run the same command, but change the <slot> number to your liking. For example:

      cryptsetup luksChangeKey /dev/sda -S 2
  2. Backup passwords
    1. Run the following command in Terminal as Root

      cryptsetup luksHeaderBackup <device> --header-backup-file <file>
      • Notes
        • Where <device> is the location to save your backup to, for example /dev/sda. And <file> is the name of your backup file, for example /media/jenn/2017-05-18_luks_sda_backup. This command backup all height key-slots.

        • It is suggested to store that backup file into a secured, off-line, and different location. So that in the unlikely event that your computer is damage or stolen you would still be able to recover and access your backup data if any.
        • Source and official LUKS wiki documentation

Restore passwords

  1. Restore passwords backup
    1. Run the following command in Terminal as Root

      cryptsetup luksHeaderRestore <device> --header-backup-file <file>
      • Notes
        • <!> This command will delete all present height passwords slots, then restore all your backup passwords. Before running this command, it is suggested to double check this command is correctly configured and you really need to proceed. There is no undo ;)

        • You need to change <device> for the path to your encrypted LVM volume, for example /dev/sda. You need to change <file> to the path to your backup file, for example /media/jenn/2017-05-18_luks_sda_backup.

        • Source and official LUKS wiki documentation

Note: The password(s) of a encrypted LVM volume are stored inside its Linux Unified Key Setup (LUKS) header(s). Creating backup passwords is important because if in the future somehow you first password is no longer working, or you simply forget your password, or you do remember your password but something unexpected happens such as a bug after a kernel update and somehow the password is no longer working, then without backup password(s) you risk to permanently loose all your valuable data stored into that encrypted LVM storage.

Encrypted LVM swap partition

When an encrypted LVM partition is used, the encryption key is stored in memory (RAM). Since retrieving this key allows the decryption of the data, it is of recommended to avoid leaving a copy of this key that would be accessible to the possible thief of the computer or volume, or to a maintenance technician. This is however something that can easily occur with a laptop, since when hibernating the contents of RAM is stored on the swap partition. If this partition isn't encrypted, the thief may access the key and use it to decrypt the data from the encrypted partitions. This is why, when you use LVM encrypted partitions, it is recommended to also encrypt the swap partition. The Debian installer will warn you or the users if they try to make an LVM encrypted partition while the swap partition is not encrypted. Source.

Labels

You should use labels for Logical Volume (LV) identification in /etc/fstab, instead of UUIDs or the kernel naming rules (/dev/sda) in order to avoid conflicts with the restoration of volume snapshots.

/boot

Grub and ?LiLo are not compatible with LVM, so /boot should be outside the storage disk managed by LVM.

LVM2 snapshots and udev on Debian

There are some caveats when creating LVM snapshots on Debian with udev, see 343671

Installation

All tools to manage an LVM volume are available in lvm2 package

sudo apt-get install lvm2

Then start the lvm service:

sudo service lvm2 start

If needed, you can install system-config-lvm, it's a utility for graphically configuring Logical Volumes.

sudo apt-get install system-config-lvm

List of LVM commands

Physical Volumes (PV)

Create a PV

To declare the /dev/sda2 as a physical volume available for the LVM:

sudo pvcreate /dev/sda2

Remove a PV

In order to remove the Physical Volume (PV) on /dev/sda2 all data must be moved off it. To do this, make sure other physical volumes containing the same volume group have enough free space and then issue this command:

pvmove /dev/sda2

After the data is moved off the disk, remove it from the volume group (in this case, the one named myVirtualGroup1:

sudo vgreduce myVirtualGroup1 /dev/sda2

And after these preparations finally:

sudo pvremove /dev/sda2

PV commands list

Volume Groups (VG)

Create a volume group of physical volume

sudo vgcreate myVirtualGroup1 /dev/sda2

Extend a volume group

Declare another physical volume:

sudo pvcreate /dev/sda3

Then add the new PV to the VG that already exists:

sudo vgextend myVirtualGroup1 /dev/sda3

Verify VG configuration

Simply run this command:

sudo vgdisplay 

VG commands list

Logical Volumes (LV)

Create an LV

<!> Don't forget to check that you have enough space: naturally, an LV of 100 GB (Giga Bytes) doesn't fit in a 10 GB Virtual Group.

Create a logical volume in a volume group:

sudo lvcreate -n myLogicalVolume1 -L 10g myVirtualGroup1

Format the logical volume to the filesystem you want (ext4,xfs...)

sudo mkfs -t ext4 /dev/myVirtualGroup1/myLogicalVolume1

You can test to see if it's working:

mkdir /test
sudo mount /dev/myVirtualGroup1/myLogicalVolume1 /test
df -h

You also can check your logical volumes with:

sudo lvdisplay

Remove a LV

To remove a logical volume, make sure it is not in use anymore. Then simply issue this command to remove the logical volume myLogicalVolume1 in volume group myVirtualGroup1:

sudo lvremove myVirtualGroup1/myLogicalVolume1

You might get asked if you really want to remove an active logical volume. If so, confirm it.

LV commands

See also: