Differences between revisions 28 and 29
Revision 28 as of 2017-05-19 02:35:42
Size: 13226
Editor: Francewhoa
Comment: Moved my note with other notes
Revision 29 as of 2017-05-19 02:38:58
Size: 13236
Editor: Francewhoa
Comment: Clarified <slot> parameter
Deletions are marked like this. Additions are marked like this.
Line 50: Line 50:
     1. It is suggested to create at least 3 backup passwords. If you want to add an additional backup password simply run the same command, but change the key-slot number to your liking. For example: {{{      1. It is suggested to create at least 3 backup passwords. If you want to add an additional backup password simply run the same command, but change the '''{{{<slot>}}}''' number to your liking. For example: {{{

Translation(s): English - Français

(!) Discussion


LVM is a Logical Volume Manager for the Linux operating system.

Presentation

Logical volume management provides a higher-level view of the disk storage on a computer system than the traditional view of disks and partitions. This gives the system administrator much more flexibility in allocating storage to applications and users.

Storage volumes created under the control of the logical volume manager can be resized and moved around almost at will.

Definitions

  • PV : Physical Volumes. This means the hard disk, hard disk partitions, RAID or LUNs from a SAN which form "Physical Volumes" (or PVs).

  • VG : Volume Groups. This is a collection of one or more Physical Volumes.

  • LV : Logical Volumes. LVs sit inside a Volume Group and form, in effect, a virtual partition.

  • PE : Physical Extents. In order to manipulate the actual data, it is divided into blocks of data called Physical Extents.

  • LE : Logical Extents. Similar to Physical Extents, but at the Logical Volume level. Physical Extents are to Physical Volumes as Logical Extents are to Logical Volumes. The size of blocks are the same for each logical volume (LV) in the same volume group (VG).

An example:

||-------------------------------OS---------------------------------||
||-Non-LVM-||-------------------------LVM---------------------------||
||  /boot  ||   LV-1 (/)  | LV-2 (swap)|  LV 3 (/home) | LV-4 (/tmp)|| Logical Volumes(LV)
||         ||------------------------------------------|------------||
||         ||                  VG 1                    |    VG 2    || Volume Groups(VG)
||         ||------------------------------------------|------------||
||/dev/sda1|| /dev/sda2 |     /dev/sda3    | /dev/sdb2 | /dev/sdd4  || Physical Volumes(PV)
||---------||-------------------------------------------------------||

Good to know

Encrypted LVM

When formatting a LVM volume, you can choose between encrypted LVM or not encrypted LVM. To protect the confidentiality of your valuable data, for instance in the event of the loss or theft of your computer or storage, such as volume, solid state disk, or hard drive, when formatting a LVM volume it is suggested to consider formatting it using the encrypted LVM option.

<!> If you choose the encrypted LVM option, it is suggested to consider creating backup passwords. So that recovery is quick and easy :) Otherwise it the event that somehow your password is not working, you risk permanently loosing all your valuable data. It is surprisingly frequent that people loose all their data because somehow their password is no longer working, and they did not created backup passwords. Encrypted LVM is very strong, so if somehow you locked yourself out, unless you have backup passwords it is likely that you would be permanently locked out :(

Backup passwords

Creating backup passwords is a two steps process. First you add backup passwords, second you backup those passwords.

Steps

  1. Add backup passwords
    1. Run the following command in Terminal as Root

      cryptsetup luksChangeKey <device> -S <slot>
      • Notes
        • Where -S means you want to edit a specific key-slot. You need to change <slot> for a number ranging from zero to 7. This number will identify which key-slot you want to edit. There are 8 key-slots total available. Ranging from zero to 7. You need to replace <device> with the path to your encrypted LVM volume. For example /dev/sda.

    2. It is suggested to create at least 3 backup passwords. If you want to add an additional backup password simply run the same command, but change the <slot> number to your liking. For example:

      cryptsetup luksChangeKey /dev/sda -S 2
  2. Backup passwords
    1. Run the following command in Terminal as Root

      cryptsetup luksHeaderBackup <device> --header-backup-file <file>
      • Notes
        • Where <device> is the location to save your backup to, for example /dev/sda. And <file> is the name of your backup file, for example /media/jenn/2017-05-18_luks_sda_backup. This command backup all height key-slots.

        • It is suggested to store that backup file into a secured, off-line, and different location. So that in the unlikely event that your computer is damage or stolen you would still be able to recover and access your backup data if any.
        • Source and official LUKS wiki documentation

Restore passwords

  1. Restore passwords backup
    1. Run the following command in Terminal as Root

      cryptsetup luksHeaderRestore <device> --header-backup-file <file>
      • Notes
        • You need to change <device> for the path to your encrypted LVM volume, for example /dev/sda. You need to change <file> to the path to your backup file, for example /media/jenn/2017-05-18_luks_sda_backup.

        • Source and official LUKS wiki documentation

Note: The password(s) of a encrypted LVM volume are stored inside its Linux Unified Key Setup (LUKS) header(s). Creating backup passwords is important because if in the future somehow you first password is no longer working, or you simply forget your password, or you do remember your password but something unexpected happens such as a bug after a kernel update and somehow the password is no longer working, then without backup password(s) you risk to permanently loose all your valuable data stored into that encrypted LVM storage.

Encrypted LVM swap partition

When an encrypted LVM partition is used, the encryption key is stored in memory (RAM). Since retrieving this key allows the decryption of the data, it is of recommended to avoid leaving a copy of this key that would be accessible to the possible thief of the computer or volume, or to a maintenance technician. This is however something that can easily occur with a laptop, since when hibernating the contents of RAM is stored on the swap partition. If this partition isn't encrypted, the thief may access the key and use it to decrypt the data from the encrypted partitions. This is why, when you use LVM encrypted partitions, it is recommended to also encrypt the swap partition. The Debian installer will warn you or the users if they try to make an LVM encrypted partition while the swap partition is not encrypted. Source.

Labels

You should use labels for Logical Volume (LV) identification in /etc/fstab, instead of UUIDs or the kernel naming rules (/dev/sda) in order to avoid conflicts with the restoration of volume snapshots.

/boot

Grub and ?LiLo are not compatible with LVM, so /boot should be outside the storage disk managed by LVM.

LVM2 snapshots and udev on Debian

There are some caveats when creating LVM snapshots on Debian with udev, see 343671

Installation

All tools to manage an LVM volume are available in lvm2 package

sudo apt-get install lvm2

Then start the lvm service:

sudo service lvm2 start

If needed, you can install system-config-lvm, it's a utility for graphically configuring Logical Volumes.

sudo apt-get install system-config-lvm

List of LVM commands

  • lvmchange — Change attributes of the Logical Volume Manager.

  • lvmdiskscan — Scan for all devices visible to LVM2.

  • lvmdump — Create lvm2 information dumps for diagnostic purposes.

Physical Volumes (PV)

Create a PV

To declare the /dev/sda2 as a physical volume available for the LVM:

sudo pvcreate /dev/sda2

Remove a PV

In order to remove the Physical Volume (PV) on /dev/sda2 all data must be moved off it. To do this, make sure other physical volumes containing the same volume group have enough free space and then issue this command:

pvmove /dev/sda2

After the data is moved off the disk, remove it from the volume group (in this case, the one named myVirtualGroup1:

sudo vgreduce myVirtualGroup1 /dev/sda2

And after these preparations finally:

sudo pvremove /dev/sda2

PV commands list

  • pvchange — Change attributes of a Physical Volume.

  • pvck — Check Physical Volume metadata.

  • pvcreate — Initialize a disk or partition for use by LVM.

  • pvdisplay — Display attributes of a Physical Volume.

  • pvmove — Move Physical Extents.

  • pvremove — Remove a Physical Volume.

  • pvresize — Resize a disk or partition in use by LVM2.

  • pvs — Report information about Physical Volumes.

  • pvscan — Scan all disks for Physical Volumes.

Volume Groups (VG)

Create a volume group of physical volume

sudo vgcreate myVirtualGroup1 /dev/sda2

Extend a volume group

Declare another physical volume:

sudo pvcreate /dev/sda3

Then add the new PV to the VG that already exists:

sudo vgextend myVirtualGroup1 /dev/sda3

Verify VG configuration

Simply run this command:

sudo vgdisplay 

VG commands list

  • vgcfgbackup — Backup Volume Group descriptor area.

  • vgcfgrestore — Restore Volume Group descriptor area.

  • vgchange — Change attributes of a Volume Group.

  • vgck — Check Volume Group metadata.

  • vgconvert — Convert Volume Group metadata format.

  • vgcreate — Create a Volume Group.

  • vgdisplay — Display attributes of Volume Groups.

  • vgexport — Make volume Groups unknown to the system.

  • vgextend — Add Physical Volumes to a Volume Group.

  • vgimport — Make exported Volume Groups known to the system.

  • vgimportclone — Import and rename duplicated Volume Group (e.g. a hardware snapshot).

  • vgmerge — Merge two Volume Groups.

  • vgmknodes — Recreate Volume Group directory and Logical Volume special files

  • vgreduce — Reduce a Volume Group by removing one or more Physical Volumes.

  • vgremove — Remove a Volume Group.

  • vgrename — Rename a Volume Group.

  • vgs — Report information about Volume Groups.

  • vgscan — Scan all disks for Volume Groups and rebuild caches.

  • vgsplit — Split a Volume Group into two, moving any logical volumes from one Volume Group to another by moving entire Physical Volumes.

Logical Volumes (LV)

Create an LV

<!> Don't forget to check that you have enough space: naturally, an LV of 100 GB (Giga Bytes) doesn't fit in a 10 GB Virtual Group.

Create a logical volume in a volume group:

sudo lvcreate -n myLogicalVolume1 -L 10g myVirtualGroup1

Format the logical volume to the filesystem you want (ext4,xfs...)

sudo mkfs -t ext4 /dev/myVirtualGroup1/myLogicalVolume1

You can test to see if it's working:

mkdir /test
sudo mount /dev/myVirtualGroup1/myLogicalVolume1 /test
df -h

You also can check your logical volumes with:

sudo lvdisplay

Remove a LV

To remove a logical volume, make sure it is not in use anymore. Then simply issue this command to remove the logical volume myLogicalVolume1 in volume group myVirtualGroup1:

sudo lvremove myVirtualGroup1/myLogicalVolume1

You might get asked if you really want to remove an active logical volume. If so, confirm it.

LV commands

  • lvchange — Change attributes of a Logical Volume.

  • lvconvert — Convert a Logical Volume from linear to mirror or snapshot.

  • lvcreate — Create a Logical Volume in an existing Volume Group.

  • lvdisplay — Display the attributes of a Logical Volume.

  • lvextend — Extend the size of a Logical Volume.

  • lvreduce — Reduce the size of a Logical Volume.

  • lvremove — Remove a Logical Volume.

  • lvrename — Rename a Logical Volume.

  • lvresize — Resize a Logical Volume.

  • lvs — Report information about Logical Volumes.

  • lvscan — Scan (all disks) for Logical Volumes.

See also: