{"id":650,"date":"2014-07-10T22:55:42","date_gmt":"2014-07-11T02:55:42","guid":{"rendered":"http:\/\/blog.fritzhardy.com\/?p=650"},"modified":"2014-08-21T21:15:12","modified_gmt":"2014-08-22T01:15:12","slug":"fedora-linux-migration-part-3-gparted-magic-and-encrypted-home","status":"publish","type":"post","link":"https:\/\/blog.fritzhardy.com\/?p=650","title":{"rendered":"Fedora Linux Migration Part 3: GParted Magic and Encrypted Home"},"content":{"rendered":"

GParted is among the most well-known and respected open-source partition editors. From creation to deletion, resizing, copying, and moving, it is a tool built to manage the full gamut of disk partitionining operations.<\/p>\n

In part one<\/a> of our migration process, we cloned the installation to a new drive in new hardware. In part two<\/a>, we moved to a LUKS-encrypted root. Now we have a few adjustments we wish to make to our partitioning scheme, regaining space so that we may move the rest of the system beneath the umbrella of encryption.<\/p>\n

The Plan<\/strong><\/p>\n

We have the following arrangement on the system drive:<\/p>\n

\/dev\/sda (150GB)\r\n     sda1: ext3 \/boot (300MB)\r\n     sda2: ext3 oldroot (38GB)\r\n     sda3: lvm Volume00 (112GB)\r\n          Volume00-home: ext3 \/home (70GB)\r\n          Volume00-swap: swap (2GB)\r\n          Volume00-root: LUKS (40GB)\r\n               luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34: \/ ext3 (40GB)\r\n<\/pre>\n
Despite our efforts thus far, the issue remains that our home volume is not yet protected by encryption.  We can tackle this two ways, either by building a new home crypto-volume and copying data as we did for root, or by simply reclaiming space enough to abandon a separate home volume and copy that data beneath the already encrypted root.  I elect for the latter, mainly because the use of a single crypto-volume avoids the potential for multiple pass-phrase entry at boot, and also because there is no compelling reason for a separate home on this particular system.<\/p>\n
In order to gain the space necessary, we will remove the old unused root, add that space for use by LVM, grow our new crypto-root, and then copy the data from home.  This is no big deal, and the partition is easily deleted with fdisk or gparted.  But there is one issue.  Because this is not the last partition on the disk, resizing for our needs is not as simple as an fdisk delete and recreate, moving the end boundary to the end of the drive.  Now we need to move the start of the partition.  Enter GParted<\/a>.<\/p>\n
GParted<\/strong><\/p>\n
While GParted can be run at any time, some functionality for a given storage device may not be available, nor entirely safe, if it is in-use (mounted) by the operating system.  For this reason, we elect to boot the system with the GParted Live CD<\/a>.<\/p>\n
NOTE: Be aware that there is a perfectly good alternative to partition resizing of any kind.  We could instead elect to create an LVM partition using the unallocated space and do standard LVM operations to incorporate it into our root logical volume (pvcreate, vgextend, lvextend).  But we continue with full confidence in GParted, the main benefit being mostly cosmetic in the end: a tidy partition table.<\/p>\n
Booted into the live environment, we start GParted.  After deleting the old root partition at \/dev\/sda2, we are left with a good illustration of the situation at hand.  We have a region of unallocated space before the LVM partition:
\n\"sda2_unallocated\"<\/a><\/p>\n
We need to resize\/move the sda3 partition, which contains our priceless crypto-LVM\/root within it:
\n\"sda3_lvm\"<\/a><\/p>\n
The resize dialog gets right to the point.  Adjusting the amount of space before and after the partition moves its start and end positions on disk:
\n\"sda3_resize1\"<\/a><\/p>\n
Drag the start boundary all the way to the left (or enter 0) to effect a move\/resize, absorbing every bit of the unallocated space before the partition:
\n\"sda3_resize2\"<\/a><\/p>\n
Operation pending.  We can still back out without affecting anything.  Click apply, and be prepared for a lengthy wait.
\n\"sda3_resize4\"<\/a><\/p>\n
When all is said and done, we have moved and resized our LVM partition to utilize the full disk:
\n\"sda3_resizedone\"<\/a><\/p>\n
Note that used space has not changed.  We address that next.<\/p>\n
Resize LVM, LUKS, Ext3<\/strong><\/p>\n
The work done so far has resized the outermost container, the partition.  Like Russian nesting dolls, we need to grow each in turn before we can address the filesystem.  A testament to the tools, we can actually do all of the following booted into the live system.<\/p>\n
First LVM:<\/p>\n
\r\npvs\r\n  PV         VG       Fmt  Attr PSize   PFree \r\n  \/dev\/sda3  Volume00 lvm2 a--  148.75g 36.98g\r\n\r\nvgs\r\n  VG       #PV #LV #SN Attr   VSize   VFree \r\n  Volume00   1   3   0 wz--n- 148.75g 36.98g\r\n\r\nlvs\r\n  LV   VG       Attr       LSize  Pool Origin Data%  Move Log Cpy%Sync Convert\r\n  home Volume00 -wn-ao---- 69.00g                                             \r\n  root Volume00 -wi-ao---- 40.76g                                             \r\n  swap Volume00 -wi-ao----  2.00g\r\n\r\nlvresize Volume00\/root -l+100%FREE\r\n  Extending logical volume root to 77.75 GiB\r\n  Logical volume root successfully resized\r\n\r\nlvs\r\n  LV   VG       Attr       LSize  Pool Origin Data%  Move Log Cpy%Sync Convert\r\n  home Volume00 -wn-ao---- 69.00g                                             \r\n  root Volume00 -wi-ao---- 77.75g                                             \r\n  swap Volume00 -wi-ao----  2.00g\r\n<\/pre>\n
NOTE: I would normally expect to first do a pvresize to grow the PV, but the PV already knew about the extra space, likely a gift from GParted.<\/p>\n
Then LUKS:<\/p>\n
\r\ncryptsetup resize luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34  \r\necho $?\r\n0\r\n<\/pre>\n
Finally the filesystem:<\/p>\n
\r\ndf -h \/\r\nFilesystem                                             Size  Used Avail Use% Mounted on\r\n\/dev\/mapper\/luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34   40G   29G  9.2G  76% \/\r\n\r\nresize2fs \/dev\/mapper\/luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34 \r\nresize2fs 1.42.8 (20-Jun-2013)\r\nFilesystem at \/dev\/mapper\/luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34 is mounted on \/; on-line resizing required\r\nold_desc_blocks = 3, new_desc_blocks = 5\r\nThe filesystem on \/dev\/mapper\/luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34 is now 20380160 blocks long.\r\n\r\ndf -h \/\r\nFilesystem                                             Size  Used Avail Use% Mounted on\r\n\/dev\/mapper\/luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34   77G   29G   45G  40% \/\r\n<\/pre>\n
We are left with a nice large root to accommodate our \/home data.<\/p>\n
Home Copy<\/strong><\/p>\n
With 45GB free in our root, we should have plenty of space after cleaning out some garbage in home:<\/p>\n
\r\ndf -h \/home\r\nFilesystem                 Size  Used Avail Use% Mounted on\r\n\/dev\/mapper\/Volume00-home   64G  5.0G   56G   9% \/home\r\n<\/pre>\n
A good old rsync will suffice to copy that whopping 5GB of data from the existing home volume to the home within the crypto-root.  First things first, bug out to runlevel 3 (or single\/rescue mode for overkill) to ensure home is not in use so we can mount it somewhere else:<\/p>\n
\r\ninit 3\r\numount \/home\r\nmkdir \/oldhome\r\nmount \/dev\/mapper\/Volume00-home \/oldhome\r\n<\/pre>\n
Finally rsync the data:<\/p>\n
\r\nrsync -a \/oldhome\/ \/home\r\n<\/pre>\n
When done, remember to pound out the \/home mount from \/etc\/fstab lest we accidentally mount our old unencrypted home volume on next boot:<\/p>\n
\r\n#\/dev\/Volume00\/home\t\/home\t\t\text3\tdefaults\t1 2\r\n<\/pre>\n
A reboot confirms that everything is working as it should.<\/p>\n
LVM Cleanup<\/strong><\/p>\n
Almost half the disk is tied up in our abandoned home.  Once happy with the new arrangement, we can easily reclaim that space starting at the LVM layer, and then working our way up.  This is just a second run at container resizing as above, LVM, LUKS, Ext3, all live.<\/p>\n
\r\nlvs\r\n  LV   VG       Attr       LSize  Pool Origin Data%  Move Log Cpy%Sync Convert\r\n  home Volume00 -wn-a----- 69.00g                                             \r\n  root Volume00 -wi-ao---- 77.75g                                             \r\n  swap Volume00 -wi-ao----  2.00g\r\n\r\nlvremove Volume00\/home\r\nDo you really want to remove active logical volume home? [y\/n]: y\r\n  Logical volume \"home\" successfully removed\r\n\r\nvgs\r\n  VG       #PV #LV #SN Attr   VSize   VFree \r\n  Volume00   1   2   0 wz--n- 148.75g 69.00g\r\n\r\nlvextend -L+50G Volume00\/root\r\n  Extending logical volume root to 127.75 GiB\r\n  Logical volume root successfully resized\r\n\r\ncryptsetup resize luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34  \r\necho $?\r\n0\r\n\r\nresize2fs \/dev\/mapper\/luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34\r\nresize2fs 1.42.8 (20-Jun-2013)\r\nFilesystem at \/dev\/mapper\/luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34 is mounted on \/; on-line resizing required\r\nold_desc_blocks = 5, new_desc_blocks = 8\r\nThe filesystem on \/dev\/mapper\/luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34 is now 33487360 blocks long.\r\n\r\ndf -h \/\r\nFilesystem                                             Size  Used Avail Use% Mounted on\r\n\/dev\/mapper\/luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34  126G   36G   85G  30% \/\r\n<\/pre>\n
NOTE: With ample disk available, we left some space unallocated in the VG.  This is just a hedge for flexibility.  If we need more space in the future, we can always add it live just as we did here.<\/p>\n
Partition Re-Numbering<\/strong><\/p>\n
Our partition table consists of the following, as revealed by fdisk:<\/p>\n
\r\nDevice    Boot     Start       End    Blocks  Id System\r\n\/dev\/sda1 *           63    619919    309928+ 83 Linux\r\n\/dev\/sda3         620544 312580095 155979776  8e Linux LVM\r\n<\/pre>\n
While it is no problem whatsoever to be “missing” a partition in sequence, we continue the intrepid pursuit of the trivial and wish to renumber sda3 to sda2.  The easiest way to rectify this is to simply delete and re-create the partition using fdisk.  Since it is the last partition, fdisk will normally default to the same start and end sectors when creating the new one (something to double-check).  While this can be done live followed by an immediate reboot, it is safest to do this from rescue mode with the disk not in use.<\/p>\n
\r\nfdisk \/dev\/sda\r\nd<\/strong>delete, partition number 3<\/strong>\r\nn<\/strong>ew, p<\/strong>rimary, partition number 2<\/strong>, first sector default<\/strong>, last sector default<\/strong>\r\nt<\/strong>ype, partition number 2<\/strong>, 8e<\/strong>\r\nw<\/strong>rite\r\n<\/pre>\n
Reboot.  Just a reminder, this is completely unnecessary. \ud83d\ude42<\/p>\n
Everything Encrypted<\/strong><\/p>\n
We leave with this on the system disk:<\/p>\n
\r\n\/dev\/sda (150GB)\r\n     sda1: ext3 \/boot (300MB)\r\n     sda2: lvm Volume00 (150GB)\r\n          Volume00-swap: swap (2GB)\r\n          Volume00-root: LUKS (127GB)\r\n               luks-cc7e78ee-87a9-4ad0-9c82-31de01389b34 ext3 (127GB)\r\n          unallocated: (19GB)\r\n<\/pre>\n
A tidy partition and volume layout with nearly everything encrypted.  In part four<\/a>, we will contend with encrypting swap and explore encryption possibilities more fully.<\/p>\n","protected":false},"excerpt":{"rendered":"
GParted is among the most well-known and respected open-source partition editors. From creation to deletion, resizing, copying, and moving, it is a tool built to manage the full gamut of disk partitionining operations. In part one of our migration process, we cloned the installation to a new drive in new hardware. In part two, we […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-650","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=\/wp\/v2\/posts\/650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=650"}],"version-history":[{"count":25,"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=\/wp\/v2\/posts\/650\/revisions"}],"predecessor-version":[{"id":708,"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=\/wp\/v2\/posts\/650\/revisions\/708"}],"wp:attachment":[{"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.fritzhardy.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}