2

I just tried to increase encrypted LVM partition. The proceduce is: Extend the partition with fdisk -> Resize PV -> Resize LV -> Increase size file system. Detail steps in https://www.thegeekdiary.com/centos-rhel-how-to-extend-physical-volume-in-lvm-by-extending-the-disk-partition-used/. After folowing this steps, I can resize successfull partition.

I found many turtorial about extend encrypted disks, they have to open encrypted volume by luksopen command, then continue with above steps, the example guide in Extend a LUKS encrypted partition to fill disk, so my question is, why they need a step open encrypted volume? without this step, I can extend disk partition? I tried to open encrypted volume, but alway got error

Cannot use device /dev/sda2 which is in use (already mapped or mounted).

1 Answers1

1

First of all, if you have access to the encrypted data, it's already open and does not have to be opened a second time. In fact opening it a second time and then resizing a filesystem that is mounted/used under another path would cause serious data corruption instead. The error message you got (already mapped or mounted) is trying to prevent you from serious harm. Take care.

Use lsblk to determine the hierarchy ( what device is open where ). Don't open things twice.


You can grow the partition without opening the LUKS container. (Exception: FDE where even the partition table itself is encrypted too.)

If LVM is unencrypted (LUKS on top of LVM, unencrypted PV, individually encrypted LVs) you can also grow PV and LV without opening the LUKS container.

If LVM is encrypted (LVM on top of LUKS, entire PV encrypted) you can only resize PV / LV with an opened LUKS container, as otherwise the LVM metadata is encrypted and thus cannot be changed.

As long as the filesystem itself is encrypted, you can only grow it with the LUKS container open, as otherwise the filesystem metadata is encrypted and thus cannot be changed.

Basically growing things changes things, but you can't change encrypted things.

So to change whatever is encrypted, it has to be open first.


A lot of tutorials out there expect you to be using a Live CD where no device is in use yet, so everything has to be opened and activated manually first. So you see the detailed steps with cryptsetup luksOpen and vgchange -a y that your regular system would already have done for you.

frostschutz
  • 48,978