Logical Volumes (LVM), Disk Encryption, Creating a RAID Device
In this post I show you these three (3) advanced procedures for CentOS 7 Linux Server…
I recommend try them in test VM Server and after in Production Server…
A – Disk Encryption
Exercise 22.1 Disk Encryption
In this exercise, you will encrypt a partition on the disk in order to provide a measure of security in the event that the hard drive or laptop is stolen. Reviewing the cryptsetup documentation first would be a good idea (man cryptsetup and cryptsetup –help).
1. Create a new partition for the encrypted block device with fdisk. Make sure the kernel is aware of the new partition table. A reboot will do this but there are other methods.
2. Format the partition with cryptsetup using LUKS for the crypto layer.
3. Create the un-encrypted pass through device by opening the encrypted block device, i.e., secret-disk.
4. Add an entry to /etc/crypttab so that the system prompts for the passphrase on reboot.
5. Format the filesystem as an ext4 filesystem.
6. Create a mount point for the new filesystem, i.e. /secret.
7. Add an entry to /etc/fstab so that the filesystem is mounted on boot.
8. Try and mount the encrypted filesystem.
9. Validate the entire configuration by rebooting.
1. $ sudo fdisk /dev/sda
Create a new partition (in the below /dev/sda4 to be concrete) and then either issue:
$ sudo partprobe -s
to have the system re-read the modified partition table, or reboot (which is far safer).
Note: If you can’t use a real partition, use the technique in the previous chapter to use a loop device or image file for the same purpose.
2. $ sudo cryptsetup luksFormat /dev/sda4
3. $ sudo cryptsetup luksOpen /dev/sda4 secret-disk
4. Add the following to /etc/crypttab:
5. $ sudo mkfs -t ext4 /dev/mapper/secret-disk
6. $ sudo mkdir -p /secret
7. Add the following to /etc/fstab:
/dev/mapper/secret-disk /secret ext4 defaults 1 2
8. Mount just the one filesystem:
$ sudo mount /secret
or mount all filesystems mentioned in /etc/fstab:
$ sudo mount -a
B – Logical Volumes (LVM)
Exercise 23.1 Logical Volumes
We are going to create a logical volume using two 250 MB partitions. We are going to assume you have real partition-able disk space available.
1. Create two 250 MB partitions of type logical volume (8e).
2. Convert the partitions to physical volumes.
3. Create a volume group named myvg and add the two physical volumes to it. Use the default extent size.
4. Allocate a 300 MB logical volume named mylvm from volume group myvg.
5. Format and mount the logical volume mylvm at /mylvm
6. Use lvdisplay to view information about the logical volume.
7. Grow the logical volume and corresponding filesystem to 350 MB.
$ sudo fdisk /dev/sda
using whatever hard disk is appropriate, and create the two partitions. While in fdisk, typing t will let you set the partition type to 8e. While it doesn’t matter if you don’t set the type, it is a good idea to lessen confusion. Use w to rewrite the partition table and exit, and then
$ sudo partprobe -s
or reboot to make sure the new partitions take effect.
2. Assuming the new partitions are /dev/sdaX and /dev/sdaY:
$ sudo pvcreate /dev/sdaX
$ sudo pvcreate /dev/sdaY
$ sudo pvdisplay
3. $ sudo vgcreate myvg /dev/sdaX /dev/sdaY
$ sudo vgdisplay
4. $ sudo lvcreate -L 300M -n mylvm myvg
$ sudo lvdisplay
5. $ sudo mkfs.ext4 /dev/myvg/mylvm
$ mkdir /mylvm
$ sudo mount /dev/myvg/mylvm /mylvm
If you want the mount to be persistent, edit /etc/fstab to include the line:
/dev/myvg/mylvm /mylvm ext4 defaults 0 0
6. $ sudo lvdisplay
7. $ df -h
$ sudo lvresize -r -L 350M /dev/myvg/mylvm
$ df -h
$ sudo lvresize -r -L +50M /dev/myvg/mylvm
C – Creating a RAID Device
Exercise 24.1 Creating a RAID Device
Normally when creating a RAID device we would use partitions on separate disks. However, for this exercise we probably don’t have such hardware available. Thus we will need to have two partitions on the same disk.
The process will be the same whether the partitions are on one drive or several (Although there is obviously little reason to actually create a RAID on a single device).
1. Create two 200 MB partitions of type raid (fd) either on your hard disk using fdisk, or using LVM.
2. Create a RAID 1 device named /dev/md0 using the two partitions.
3. Format the RAID device as an ext4 filesystem. Then mount it at /myraid and make the mount persistent.
4. Place the information about /dev/md0 in /etc/mdadm.conf file using mdadm. (Depending on your distribution, this file may not
5. Examine /proc/mdstat to see the status of your RAID device.
1. If you need to create new partitions do:
$ sudo fdisk /dev/sda
and create the partitions as we have done before. For purposes of being definite, we will call them /dev/sdaX and
/dev/sdaY. You will need to run partprobe or kpartx or reboot after you are done to make sure the system is properly aware of the new partitions.
2. $ sudo mdadm -C /dev/md0 –level=1 –raid-disks=2 /dev/sdaX /dev/sdaY
3. $ sudo mkfs.ext4 /dev/md0
$ sudo mkdir /myraid
$ sudo mount /dev/md0 /myraid
and add to /etc/fstab
/dev/md0 /myraid ext4 defaults 0 0
4. $ mdadm –detail –scan >> /etc/mdadm.conf
5. $ cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 dm-14 dm-13
204736 blocks [2/2] [UU]
unused devices: <none>
You should probably verify that with a reboot, the RAID volume is mounted automatically. When you are done, you probably will want to clean up by removing the line from /etc/fstab, and then getting rid of the partitions.