Resizing an encrypted filesystem with LVM on Linux

I recently had to increase the size of an encrypted partition on my Debian server. I have been a long time user of LVM and dm-crypt and tried similar processes in the early days of the technology.

I was really impressed by how easy it was today, and how it all just worked without effort without having to reboot the system, mark the filesystems read only, or unmount them.

Here are the steps I used, on a live system:

  1. Used mount to determine the name of the cleartext partition to resize. In my case, I wanted to add more space to /opt/media, so I run:

    # mount |grep /opt/media
    /dev/mapper/cleartext-media on /opt/media type ext4 (rw,nosuid,nodev,noexec,noatime,nodiratime,discard,errors=remount-ro,data=ordered)
    

    which means that /opt/media is backed by /dev/mapper/cleartext-media

  2. Used cryptsetup to determine the name of the encrypted Logical Volume backing the encrypted partition:

    # cryptsetup status /dev/mapper/cleartext-media
    /dev/mapper/cleartext-media is active and is in use.
      type:    LUKS1
      cipher:  [...]
      keysize: [...]
      device:  /dev/mapper/system-encrypted--media
      offset:  4096 sectors
      size:    [...] sectors
      mode:    read/write
      flags:
    

    From this output, you can tell that /dev/mapper/cleartext-media is the cleartext version of the /dev/mapper/system-encrypted--media, where system is the name of the Volume Group while encrypted-media is the name of the Logical Volume.

  3. I checked my Volume Group to determine it had enough space:

    # vgs
    VG     #PV #LV #SN Attr   VSize      VFree
    [...]
    system   1   6   0 wz--n- 3Tb        3Tb
    [...]
    

    Which means: it has 3Tb of free space. If it did not have enough space, I would have had to shring another Logical Volume, or added a new Physical Volume to the Volume Group, with pvcreate and vgextend.

  4. I extended the size of the Logical Volume by 1Tb:

    # lvextend -L +1T /dev/system/encrypted-media
      Size of logical volume storage/encrypted-media changed from 2.00 TiB (524288 extents) to 3.00 TiB (786432 extents).
      Logical volume encrypted-media successfully resized
    

    Used the lvs command before and after to check the size: it should show 1 additional Tb of space.

  5. Told cryptsetup about the additional space being available, so it could show the additional space in the cleartext version of the volume:

    # cryptsetup resize /dev/mapper/cleartext-media
    
  6. Resized the file system on top of the dm-crypt volume, with:

    # resize2fs -p /dev/mapper/cleartext-media
    resize2fs 1.42.12 (29-Aug-2014)
    Filesystem at /dev/mapper/cleartext-media is mounted on /opt/media; on-line resizing required
    old_desc_blocks = 128, new_desc_blocks = 192
    
    The filesystem on /dev/mapper/cleartext-media is now 805305984 (4k) blocks long.
    

    Running the command dmesg also showed a resize was happening:

    [1874383.459856] EXT4-fs (dm-14): resized to 784695296 blocks
    [1874393.519284] EXT4-fs (dm-14): resized to 787283968 blocks
    [1874403.551540] EXT4-fs (dm-14): resized to 790003712 blocks
    [1874413.643705] EXT4-fs (dm-14): resized to 792625152 blocks
    [1874423.645100] EXT4-fs (dm-14): resized to 795246592 blocks
    [1874443.269091] EXT4-fs (dm-14): resized to 795869184 blocks
    [1874453.300005] EXT4-fs (dm-14): resized to 798588928 blocks
    [1874463.352083] EXT4-fs (dm-14): resized to 801275904 blocks
    [1874473.451900] EXT4-fs (dm-14): resized to 803897344 blocks
    [1874478.593916] EXT4-fs (dm-14): resized filesystem to 805305984
    
  7. Profit. You have successfully resized your volume.

Of course, it is strongly recommended you back up your data before starting. Note, however, that the entire process took no more than 10 minutes, and was generally painless.


Other posts

  • Getting started with VoIP I have been living in different countries for the last 10 years. Although I can get in touch with friends and family using gtalk, skype, or you name i...
Technology/Protocols