LUKS LVM – Add Physical Volume and Maintain Encryption

I want to extend my LUKS-encrypted lvm (volume group) with a new physical volume.

In my previous question I was told – in respect to my actual setup – that I need to encrypt the new physical volume prior to add it to my existing volume group.

I would like to know what steps I have to respect, to successfully add that physical volume to my existing volume group.

My actual stacking looks like this:

nvme0n1p8 -> luks -> physical volume -> volume group -> lv

lsblk
NAME                    MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
├─nvme0n1p8             259:8    0  86,5G  0 part
│ └─nvme0n1p8_crypt     253:0    0  86,5G  0 crypt
│   ├─lvm--crypt-wurzel 253:1    0  30,7G  0 lvm   /
│   ├─lvm--crypt-home   253:2    0    80G  0 lvm   /home

My crypttab file looks like this:

cat /etc/crypttab
nvme0n1p8_crypt UUID=1697ec4a-b30b-4642-b4f3-6ba94afc40ec none luks,discard

Now I want to add a new physical volume to that volume group.

How do I add a new physical volume to that volume group without losing encryption?
What modifications to which configuration file might I need to do?

Best Answer

You’ll need to set up encryption on the new physical device:

sudo cryptsetup luksFormat /dev/newdevice

(replacing newdevice as appropriate).

Then open it:

sudo cryptsetup luksOpen /dev/newdevice newdevice_crypt

You’ll need to add a matching line to /etc/crypttab so that it’s opened at boot.

Once you have newdevice_crypt, you can create a physical volume on it:

sudo pvcreate /dev/newdevice_crypt

and add it to your volume group.

You can share the passphrase for several encrypted devices; see Using a single passphrase to unlock multiple encrypted disks at boot.

I want to extend my LUKS-encrypted lvm (volume group) with a new physical volume.

My actual stacking looks like this:

Best Answer

Related Solutions

Fedora – How to identify LVM-over-LUKS or LUKS-over-LVM

Related Question