LVM & retroactively creating encrypted /home partition

Bill Davidsen davidsen at tmr.com
Sat May 10 15:59:09 UTC 2008 

Paul Johnson wrote:
> Since I had a bad experience with LVM in F6, I've always ignored it
> and created partitions the "old fashioned" way.
> 
> However, some people  here do the default install of Fedora and it
> uses LVM and in some cases people FORGET that they want their /home on
> a separate partition.  So the installer creates a single gigantic
> logical volume in which everything is mounted.
> 
> See:
> 
> lvm> lvs -v
>     Finding all logical volumes
>   LV       VG         #Seg Attr   LSize   Maj Min KMaj KMin Origin
> Snap%  Move Copy%  Log LV UUID
>   LogVol00 VolGroup00    1 -wi-ao 295.91G  -1  -1 253  0
>                    BSOijT-X3UT-CwpS-Ncdo-7hX8-vfiU-iXzuiA
>   LogVol01 VolGroup00    1 -wi-ao   1.94G  -1  -1 253  1
>                    EG5Jgg-7VaB-megf-63k2-7n15-sCfn-YH6eNs
> 
> Before upgrading from Fedora 8 to 9, I want to separate the /home
> partition from the rest of this.  But I'm a little unsure of the best
> approach because I anticipate trying the encrypted partition in Fedora
> 9.  I would rather not just completely reformat the hard disk.  I'd
> like to set the /home stuff aside on its own place, and then let the
> installer erase F8 and do a new install.
> 
> I should run lvm and  shrink LogVol00 down with lvresize like this:
> 
> lvm> lvresize -L 100G
> 
> I should not run
> 
> lvm> lvcreate VolGroup00 -L 195.91G
> 
> I should wait for F9 to do that.  Correct?  I wait because encryption
> cannot be put on retroactively a logical volume.
> 
> Suppose I do an upgrade to F9. That would not destroy LogVol00.
> Suppose further I'm able to use the custom partition tool to have it
> use my empty space for the /home.
> 
> The part that has me a bit confused is how I'll get the data off the
> old /home directory in LogVol00 onto the encrypted /home that will
> exist in LogVol02.  I mean, if F9 creates a new /home in the empty
> space, and it mounts that under /home (still thinking of it like an
> ordinary partition, I guess), does that block access to /home on
> LogVol00 ?
> 
If this were me, I would hook up a USB external drive, back up to that, 
do the install, copy the data back, and be happy.

And, because I'm moderately paranoid, I'd save it on the external drive 
encrypted.

The most common thing to forget when reinstalling is saving the host 
keys for ssh and anything else you use with keys or certificates.

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the fedora-list mailing list