Resize LVM on UCS - with encryption!

MKunert · November 25, 2018, 9:45pm

Hi folks,
the preflight check for the update to 4.3-2 diagnosed my /root as being too small for the apt-caches. I provisioned an additional virtual 20GB drive as scsi1, and after reboot, this new drive became /dev/sdb.
I started following the instructions for resizing here, but after pvcreate, pvs reported

# pvs
PV                     VG     Fmt  Attr PSize  PFree
/dev/mapper/sda3_crypt vg_ucs lvm2 a--  19,02g     0
/dev/sdb1                     lvm2 a--  20,00g 20,00g

This was where I realized that I want to ENCRYPT ALL THE PVs. In other words: I want to reach the following state:

# pvs-show-dream-target
PV                     VG     Fmt  Attr PSize  PFree
/dev/mapper/sda3_crypt vg_ucs lvm2 a--  19,02g     0
/dev/mapper/sdb2_crypt vg_ucs lvm2 a--  20,00g     0

Furthermore, I don’t want to enter separate passphrases for the two volumes at bootup. This could e.g. be solved as

two encrypted partitions sharing the same encryption parameters, or
using a keyfile stored on the /root partition to decrypt the extension partition

This boils down to some quite hefty low level encryption meddling, which I am not quite up to par yet.
Can someone help? What is the UCS way of doing this? I can not possibly be alone with this problem…

Some leads:
Using a single passphrase to unlock multiple encrypted disks at boot - This quite recently warns about a bug in debian, and I am irritated if my UCS server is affected
How to decrypt multiple LUKS disks entering password just once? - This reddit thread from July 2016, while focussing on Archlinux, has some very intriguing solutions outlined…

michael-hennemann · November 26, 2018, 8:03am

Hi,

in my testlab I once used the live cd iso from KDE Neon to resize the partitions.
The KDE partitoning tool has a neat graphic UI and can alter encrypted partitions.

I didn’t add another disk but made the virtual disk of my UCS VM a little bit bigger and then increased the size of the partitions of the ucs server within the disk

Afterwards I hat to change the SWAP mouting in fstab if i remember correctly but other than that it worked fine…

kind regards
Michael

MKunert · November 26, 2018, 11:06am

I’d be familiar with these steps, if it were not for the encryption. I don’t see the encrypted data grow without “special treatment”.

Christian_Voelker · November 26, 2018, 12:02pm

Hi,

I would recommend to remove the second disc and instead increase the size of the first. Then increase the partition sda3.

Once done, you should use the tools to resize the container itself: cryptsetup resize container
Last step is the to increase the size of the PV and then you have it.

/CV

MKunert · November 26, 2018, 12:05pm

I took Christian’s advice, following the detailed instructions here. Needed some extra help from a GParted live USB stick and encountered the odd “Unable to satisfy all constraints on the partition” (hint: there’s no good solution to this!). All works fine now and the update is happily chugging along as I write this.
Thanks, Christian!