Wol wrote: > On 27/03/2022 20:17, Dale wrote: >> Howdy, >> >> I sort of started this on another thread but wanted to nail a few things >> down first. I'm wanting to encrypt some parts of my data on /home. >> This is what I got hard drive wise. >> >> >> root@fireball / # pvs >> PV VG Fmt Attr PSize PFree >> /dev/sda7 OS lvm2 a-- <124.46g 21.39g >> /dev/sdb1 Home2 lvm2 a-- <5.46t 0 >> /dev/sdc1 Home2 lvm2 a-- <7.28t 0 >> /dev/sdd1 Home2 lvm2 a-- <7.28t 0 >> /dev/sde1 backup lvm2 a-- 698.63g 0 >> root@fireball / # >> > One big piece of missing information. What does fdisk say about > sd[b,c,d]1? And can you add sdf1?
I have the entire drive as one large partition for each drive. I could have done it as a whole device but I wanted partitions to give a hint that the drive is in use, if booted from other medium for example. I have enough extra space that I can remove either a 6TB or a 8TB drive. Once that is done, I can start to encrypt and move data around. This is some additional info from df for /home: /dev/mapper/Home2-Home2 20T 8.7T 12T 45% /home If I remove a 8TB drive, I'd still have enough room for my data. I could then rebuild /home starting with the 8TB drive just freed up. Then as I move data, I could expand them one at a time encrypting as I go. I'd rather not have to buy a hard drive right now. Tight budget given other things I got going on. I do have backups, more than one in a couple important data spots. > > I'm guessing you've got three 8TB drives? Or is it two 8s and a 6? Can > you get a third 8TB? And if you're encrypting *parts* of /home ... > what parts? >> >> I've done some checking on sizes of things I want to encrypt and am >> weighing options. I use LVM which should help make things easier. I've >> downloaded and printed some howtos regarding shrinking the file system >> and LVM thingys. It seems I need to shrink the file system while my >> /home partition is unmounted. Then move the data off whichever drive I >> want to remove and then remove the drive itself. After that I can >> encrypt the just removed drive and start moving files over, using rsync >> is my plan. I think that is the basic steps. > > Not necessarily. >> >> My question now comes to this. When I encrypt one of the drives, can I >> then expand that drive with it being encrypted or is that not a option? >> I plan to encrypt two of the drives as one volume group and leave one >> other volume group as normal. I just want to be sure whether or not I >> can expand a encrypted LVM drive the same as a normal LVM since both >> uses LVM. I use cryptsetup commands to accomplish the encryption if >> that matters. So as a example, I start with one 7TB drive encrypted, >> move some data to it, then want to add either the 5TB or 7TB drive. Can >> I just expand it like a normal LVM or does it being encrypted change >> things? >> >> Thoughts? My remove steps look sensible? Expanding encrypted LVM >> possible? > > If you are using LVM to do the encryption, then I can't see any > problems adding a new PV to an encrypted VG. >> >> Dale >> > Personally, I'd use dm-crypt to encrypt the drive, and then the whole > lot is encrypted, and put plain LVM over that. I've got dedicated > layers for everything. > > It looks like your home2 is 6TB+8TB+8TB. I'd get a new 8TB, put > dm-crypt on it, and add it. Now I can remove the first 8TB, dm-crypt > it and re-add it. Same with the second 8TB. Now remove the 6TB and > there you are ... > > My layout's rather different from yours, so I don't think I ought to > say too much :-) > > Cheers, > Wol > > What is the advantage of dm-crypt over cryptsetup? I've learned how to use cryptsetup with my external drive so was hoping to stick with what I already know. Unless there is a advantage to dm-crypt. Thanks. Dale :-) :-)
