{"id":756,"date":"2018-06-25T11:51:57","date_gmt":"2018-06-25T08:51:57","guid":{"rendered":"http:\/\/leonidassavvides.com\/blog\/?p=756"},"modified":"2018-06-25T11:51:57","modified_gmt":"2018-06-25T08:51:57","slug":"logical-volumes-lvm-disk-encryption-creating-a-raid-device","status":"publish","type":"post","link":"https:\/\/www.leonidassavvides.com\/blog\/2018\/06\/logical-volumes-lvm-disk-encryption-creating-a-raid-device\/","title":{"rendered":"Logical Volumes (LVM), Disk Encryption, Creating a RAID Device"},"content":{"rendered":"
<\/div>

Logical Volumes (LVM), Disk Encryption, Creating a RAID Device
\nin Linux<\/h3>\n

================<\/h2>\n

In this post I show you these three (3) advanced procedures for CentOS 7 Linux Server…<\/p>\n

I recommend try them in test VM Server and after in Production Server…<\/p>\n

A – Disk Encryption<\/strong><\/h3>\n

Exercise 22.1 Disk Encryption<\/strong>
\nIn this exercise, you will encrypt a partition on the disk in order to provide a measure of security in the event that the hard drive or laptop is stolen. Reviewing the cryptsetup documentation first would be a good idea (man cryptsetup and cryptsetup –help).<\/p>\n

1. Create a new partition for the encrypted block device with fdisk. Make sure the kernel is aware of the new partition table. A reboot will do this but there are other methods.
\n2. Format the partition with cryptsetup using LUKS for the crypto layer.
\n3. Create the un-encrypted pass through device by opening the encrypted block device, i.e., secret-disk.
\n4. Add an entry to \/etc\/crypttab so that the system prompts for the passphrase on reboot.
\n5. Format the filesystem as an ext4 filesystem.
\n6. Create a mount point for the new filesystem, i.e. \/secret.
\n7. Add an entry to \/etc\/fstab so that the filesystem is mounted on boot.
\n8. Try and mount the encrypted filesystem.
\n9. Validate the entire configuration by rebooting.<\/p>\n

Solution 22.1<\/strong>
\n1. $ sudo fdisk \/dev\/sda
\nCreate a new partition (in the below \/dev\/sda4 to be concrete) and then either issue:
\n$ sudo partprobe -s
\nto have the system re-read the modified partition table, or reboot (which is far safer).
\nNote: If you can\u2019t use a real partition, use the technique in the previous chapter to use a loop device or image file for the same purpose.
\n2. $ sudo cryptsetup luksFormat \/dev\/sda4
\n3. $ sudo cryptsetup luksOpen \/dev\/sda4 secret-disk
\n4. Add the following to \/etc\/crypttab:
\nsecret-disk \/dev\/sda4
\n5. $ sudo mkfs -t ext4 \/dev\/mapper\/secret-disk
\n6. $ sudo mkdir -p \/secret
\n7. Add the following to \/etc\/fstab:
\n\/dev\/mapper\/secret-disk \/secret ext4 defaults 1 2
\n8. Mount just the one filesystem:
\n$ sudo mount \/secret
\nor mount all filesystems mentioned in \/etc\/fstab:
\n$ sudo mount -a
\n9. Reboot.<\/p>\n

B – Logical Volumes (LVM)<\/strong><\/h3>\n

Exercise 23.1 Logical Volumes<\/strong>
\nWe are going to create a logical volume using two 250 MB partitions. We are going to assume you have real partition-able disk space available.<\/p>\n

1. Create two 250 MB partitions of type logical volume (8e).
\n2. Convert the partitions to physical volumes.
\n3. Create a volume group named myvg and add the two physical volumes to it. Use the default extent size.
\n4. Allocate a 300 MB logical volume named mylvm from volume group myvg.
\n5. Format and mount the logical volume mylvm at \/mylvm
\n6. Use lvdisplay to view information about the logical volume.
\n7. Grow the logical volume and corresponding filesystem to 350 MB.<\/p>\n

Solution 23.1<\/strong>
\n1. Execute:
\n$ sudo fdisk \/dev\/sda
\nusing whatever hard disk is appropriate, and create the two partitions. While in fdisk, typing t will let you set the partition type to 8e. While it doesn\u2019t matter if you don\u2019t set the type, it is a good idea to lessen confusion. Use w to rewrite the partition table and exit, and then
\n$ sudo partprobe -s
\nor reboot to make sure the new partitions take effect.
\n2. Assuming the new partitions are \/dev\/sdaX and \/dev\/sdaY:
\n$ sudo pvcreate \/dev\/sdaX
\n$ sudo pvcreate \/dev\/sdaY
\n$ sudo pvdisplay
\n3. $ sudo vgcreate myvg \/dev\/sdaX \/dev\/sdaY
\n$ sudo vgdisplay
\n4. $ sudo lvcreate -L 300M -n mylvm myvg
\n$ sudo lvdisplay
\n5. $ sudo mkfs.ext4 \/dev\/myvg\/mylvm
\n$ mkdir \/mylvm
\n$ sudo mount \/dev\/myvg\/mylvm \/mylvm
\nIf you want the mount to be persistent, edit \/etc\/fstab to include the line:
\n\/dev\/myvg\/mylvm \/mylvm ext4 defaults 0 0
\n6. $ sudo lvdisplay
\n7. $ df -h
\n$ sudo lvresize -r -L 350M \/dev\/myvg\/mylvm
\n$ df -h
\nor
\n$ sudo lvresize -r -L +50M \/dev\/myvg\/mylvm<\/p>\n

C – Creating a RAID Device<\/strong><\/h3>\n

Exercise 24.1 Creating a RAID Device<\/strong>
\nNormally when creating a RAID device we would use partitions on separate disks. However, for this exercise we probably don\u2019t have such hardware available. Thus we will need to have two partitions on the same disk.
\nThe process will be the same whether the partitions are on one drive or several (Although there is obviously little reason to actually create a RAID on a single device).<\/p>\n

1. Create two 200 MB partitions of type raid (fd) either on your hard disk using fdisk, or using LVM.
\n2. Create a RAID 1 device named \/dev\/md0 using the two partitions.
\n3. Format the RAID device as an ext4 filesystem. Then mount it at \/myraid and make the mount persistent.
\n4. Place the information about \/dev\/md0 in \/etc\/mdadm.conf file using mdadm. (Depending on your distribution, this file may not
\npreviously exist.)
\n5. Examine \/proc\/mdstat to see the status of your RAID device.<\/p>\n

Solution 24.1<\/strong>
\n1. If you need to create new partitions do:
\n$ sudo fdisk \/dev\/sda
\nand create the partitions as we have done before. For purposes of being definite, we will call them \/dev\/sdaX and
\n\/dev\/sdaY. You will need to run partprobe or kpartx or reboot after you are done to make sure the system is properly aware of the new partitions.
\n2. $ sudo mdadm -C \/dev\/md0 –level=1 –raid-disks=2 \/dev\/sdaX \/dev\/sdaY
\n3. $ sudo mkfs.ext4 \/dev\/md0
\n$ sudo mkdir \/myraid
\n$ sudo mount \/dev\/md0 \/myraid
\nand add to \/etc\/fstab
\n\/dev\/md0 \/myraid ext4 defaults 0 0
\n4. $ mdadm –detail –scan >> \/etc\/mdadm.conf
\n5. $ cat \/proc\/mdstat
\nPersonalities : [raid1]
\nmd0 : active raid1 dm-14[1] dm-13[0]
\n204736 blocks [2\/2] [UU]
\nunused devices: <none>
\nYou should probably verify that with a reboot, the RAID volume is mounted automatically. When you are done, you probably will want to clean up by removing the line from \/etc\/fstab, and then getting rid of the partitions.<\/p>\n","protected":false},"excerpt":{"rendered":"

Logical Volumes (LVM), Disk Encryption, Creating a RAID Device in Linux ================ In this post I show you these three (3) advanced procedures for CentOS 7 Linux Server… I recommend try them in test VM Server and after in Production Server… A – Disk Encryption Exercise 22.1 Disk Encryption In this exercise, you will encrypt … Continue reading “Logical Volumes (LVM), Disk Encryption, Creating a RAID Device”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19,21,22,37,43],"tags":[],"class_list":["post-756","post","type-post","status-publish","format-standard","hentry","category-linux","category-mac-os-x","category-macos","category-security","category-tech"],"_links":{"self":[{"href":"https:\/\/www.leonidassavvides.com\/blog\/wp-json\/wp\/v2\/posts\/756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.leonidassavvides.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.leonidassavvides.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.leonidassavvides.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.leonidassavvides.com\/blog\/wp-json\/wp\/v2\/comments?post=756"}],"version-history":[{"count":0,"href":"https:\/\/www.leonidassavvides.com\/blog\/wp-json\/wp\/v2\/posts\/756\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.leonidassavvides.com\/blog\/wp-json\/wp\/v2\/media?parent=756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.leonidassavvides.com\/blog\/wp-json\/wp\/v2\/categories?post=756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.leonidassavvides.com\/blog\/wp-json\/wp\/v2\/tags?post=756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}