I want to extend my LUKS-encrypted lvm (volume group) with a new physical volume.
In my previous question I was told – in respect to my actual setup – that I need to encrypt the new physical volume prior to add it to my existing volume group.
I would like to know what steps I have to respect, to successfully add that physical volume to my existing volume group.
My actual stacking looks like this:
nvme0n1p8 -> luks -> physical volume -> volume group -> lv
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
├─nvme0n1p8 259:8 0 86,5G 0 part
│ └─nvme0n1p8_crypt 253:0 0 86,5G 0 crypt
│ ├─lvm--crypt-wurzel 253:1 0 30,7G 0 lvm /
│ ├─lvm--crypt-home 253:2 0 80G 0 lvm /home
My crypttab file looks like this:
cat /etc/crypttab
nvme0n1p8_crypt UUID=1697ec4a-b30b-4642-b4f3-6ba94afc40ec none luks,discard
Now I want to add a new physical volume to that volume group.
- How do I add a new physical volume to that volume group without losing encryption?
- What modifications to which configuration file might I need to do?
Best Answer
You’ll need to set up encryption on the new physical device:
(replacing
newdevice
as appropriate).Then open it:
You’ll need to add a matching line to
/etc/crypttab
so that it’s opened at boot.Once you have
newdevice_crypt
, you can create a physical volume on it:and add it to your volume group.
You can share the passphrase for several encrypted devices; see Using a single passphrase to unlock multiple encrypted disks at boot.