Frank Steinmetzger wrote: > Am Wed, Sep 14, 2022 at 08:55:26AM -0500 schrieb Dale: > >> I see the point but wasn't aware there was more than one way to do it >> with cryptsetup. It seems there is several options for this. I was >> pretty sure LVM was on bottom and mentioned it in my original post. > Indeed you did and it confused me at first. Then I gave it some thought and > concluded: why not? > > You do it like so: > Block device --, > Block device --+-- LVM --- LUKS --- File system > Block device --' > >> After reading your post, I got to wondering, did I do this the right >> way? > Your advantage: only one LUKS header to take care of. That means no extra > crypt management when adding or removing disks, except for resizing the > crypt volume. And there is only a single place of storage for your keys (in > case you ever need to change them). > > I’m not sure whether it’s the right™ way. It is *one* way. Perhaps there are > drawbacks that I can’t think of right now.
By right way, I was talking about the way I moved things around. It seems to be working so I guess I did it the right way, for this setup anyway. I might have broke things if it was set up some other way. > > I would typically have done: > Block device --- LUKS --, > Block device --- LUKS --+-- LVM --- File system > Block device --- LUKS --' > > That’s how my NAS works at the moment (with ZFS instead of LVM + filesystem). > But that’s because ZFS didn’t have built-in encryption when I set it up some > years ago. These days I would do: > > Block device --, > Block device --+-- ZFS > Block device --' > > That’s it. :D Encryption, disk arrays and file system all in one shop. > >> So, I started looking to see how to tell for sure. I used several >> LVM type commands but didn't see anything that I recognized anyway. >> Keep in mind, I'm not real sure what I'm looking for either. Then I ran >> lsblk -f and found a clue that I've never noticed before. >> >> >> sdd >> >> >> └─sdd1 LVM2_member LVM2 001 >> pVnP2i-sj48-3co9-nJpa-9tQr-08pa-9JqASR >> └─crypt-crypt crypto_LUKS 2 >> 6e884aae-9377-49ef-a602-e13cba89a377 >> └─crypt ext4 1.0 crypt >> 76653316-329f-4747-8fed-fc9b1723bd14 3.5T 79% >> /home/dale/Desktop/Crypt >> >> >> I know that is going to be line wrapped and mess up things > You could have redacted the long UUIDs which aren’t relavant anyways. I write > my mail in mutt and vim, thus I can rewrap paragraphs individually and at > will. That way I can paint ASCII art, paste over-long console output or write > one-line paragraphs like this one. ;-) I started to but thought it would cause yet another issue. ROFL >> but the part I noticed was the drive partition "sdd1" and "LVM2 member". >> On top of that is crypto. So, LVM is on bottom. If that is the case, my >> pvmove command should be moving what I think you call "raw data", doesn't >> matter if it is encrypted or not, right? > Yup. This kind of layering is one of the big beauty of Linux for me. It’s > all interchangable and layer X doesn’t care what layer X+1 is doing and vice > versa. > >> Just in case it matters, could I have done everything but the file system >> resize while it was closed? It seems it is basically encrypted on the >> layer just below the file system to me. > I think so, yes. > > > PS.: All your LVM threads made me embrace LVM on my PC when I recently > switched it from SATA to NVMe. And because after many years of ignorance, I > finally had an actual use case: my laptop’s root partition became too small > and I had to give it some space from the data partition. In my early Gentoo > years I didn’t use an initrd and didn’t want to, so LVM was never an option. > But when I set up the (then brand-new) laptop, I used Sakaki’s howto for > full-disk encryption, which used an initrd + LVM anyways. This saved the > SSD from a full reformat and rewrite. > I have to say, before I started using LVM, it was very hard to change storage up. As it is, /boot and / are on a traditional partition, no LVM. Everything else is on LVM. At the time, I was avoiding the init thingy. Since I have /usr separate, and /var, I ended up having to use one anyway but dracut came along. Only gave me a problem once so overall, pretty good. I'm not sure who got me started on LVM. Could be Alan who isn't on this list anymore, Neil or someone else. It's been a long long time ago. I tell you what tho, it has made things a LOT easier. I've read about btrfs(sp?). It could be the next big thing but I'll likely stick with LVM as long as it works for me. ZFS seems to be getting popular too. I'm not sure who is winning the race between them tho. I think they all each have their use case. My biggest thing, I couldn't find hardly anything to do that with it encrypted and what I did find was not very clear. I couldn't imagine it not being doable tho. After all, this is Linux. :-) I'm just glad it worked out and if anyone runs up on this thread, this additional info will help someone else. Now, people can see what the setup is. See if it matches what they have or not. Dale :-) :-) P. S. My second move is almost 90% done with pvmove.
