October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Categories

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Converting partitions from ext3 to ext4

The new features of ext4 over ext3 motivated me to migrate my ext3 partitions to the new file system.  If you want to do the same, here’s the steps yo have to follow.

Converting from ext3 to ext4

Note: The following commands must be run on not mounted partitions. If you are planning to convert your system root’s partition, do it from a livecd or a system other than yours.

In order to convert a ext3 partition, let’s say /dev/sda5, to ext4 type the following:

tune2fs -O extents,uninit_bg,dir_index /dev/sda5

After doing the above, run e2fsck on the new ext4 file system to fix any inconsistency:

e2fsck -fD  /dev/sda5

The /etc/fstab file

Don’t forget to edit the /etc/fstab file by changing the partitions that will be mounted as ext4 instead of ext3:

# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc         /proc           proc    defaults             0       0
/dev/sda6    /               ext4    errors=remount-ro    0       1
/dev/sda5    /home           ext4    defaults             0       2
/dev/sda7    none            swap    sw                   0       0
/dev/scd0    /media/cdrom0   udf,iso9660 user,noauto      0       0

 

Ext4?s features

But the way, if you want to know what those new features are, check out the following table:

Feature Description
Large file system Support for volumes up to 1 Exbibyte and files up to 16 tebibytes.
Extents An extent is a range of contiguous physical blocks, improving large file performance and reducing fragmentation
Backward compatibility The ext4 filesystem is backward compatible with ext3 and ext2, making it possible to mount ext3 and ext2 filesystems as ext4
Persistent pre-allocation The space allocated for files would be guaranteed and would likely be contiguous. The full of  0?s method is deprecated.
Delayed allocation Ext4 delays block allocation until the data is going to be written to the disk.This improves performance and reduces fragmentation by improving block allocation decisions based on the actual file size.
Higher subdirectory limit The number of subdirectories that a directory can contain was raised to 64,000.
Journal checksumming Checksums in the journal to improve reliability is used, since the journal is one of the most used files of the disk.
Faster file system checking In ext4, unallocated block groups and sections of the inode table are marked as such. This enables e2fsck to skip them entirely on a check and greatly reduces the time it takes to check a file system of the size ext4 is built to support.
Multiblock allocator Ext4 allocates multiple blocks for a file in a single operation, which reduces fragmentation by attempting to choose contiguous blocks on the disk.
Improved timestamps As computers become faster in general and as Linux becomes used more for mission critical applications, the granularity of second-based timestamps becomes insufficient. To solve this, ext4 provides timestamps measured in nanoseconds.
September 5th, 2012 | Category: DISK | Leave a comment

Logical Volume Manager (LVM)

In the traditional disk partitioning scheme, administrators plan ahead the use of each partition. For instance, a laptop with 120 GB hard drive, 1 GB  RAM can have the following partition scheme:

  • 1 GB for swap (/dev/sda1),
  • 12 GB for root (/dev/sda2),
  • 107 GB for /home (/dev/sda3), meaning, the remaining space.

So far so go, but what if the RAM is increased to 2 GB? In order to hibernate the system you must increase the swap, and because the whole hard drive was partitioned leaving no space there isn’t other way than repartitioning the hard drive using a utility, if the file system allows it  (for instance,  ext[2|3|4] file systems let you resize them).

There isn’t anything more flexible? Yes, it’s called LVM (Logical Volume Manager), and basically it lets you hot resizing of partitions. For example, you can release 1GB from /home (/dev/sda3) and give it to the swap partition (/dev/sda1).

LVM (Logical Volume Manager)

In order to use LVM, first you must assign physical volumes, then volume groups and finally logical groups. All this might be confusing at first, but let’s try to explain each of these terms and how they are related:

  • Physical volumes: This is the support media where the data will be stored, and they can be made of several hard drives or partitions of a drive. They don’t have a direct relation with the mount points. Physical Volume examples: /dev/sda , /dev/sdb1, etc.
  • Volume groups: It’s the grouping of logical volumes in a volume to see them as one device. Physical volume example: /dev/vg00
  • Logical volumes: Here is were the file systems (for example, ext2, ext3,xfs,vfat) will reside and so the mount points (/, /home, swap, /usr, /var, etc). At this level the files systems are formated, and it’s where the data will be distributed logically, as you are costumed to with the traditional partitions. Logical volumes examples: /dev/vg00/lv_rootfs, /dev/vg00/lv_swap, /dev/vg00/lv_home.

Installing  LVM

On Debian you can install LVM with this package:

aptitude install lvm2

On other distributions like Fedora, Red Hat or Ubuntu you must search the name of the package for LVM.

LVM commands

In order to create a LVM using physical,  groups and logical volumes let’s see some commands available:

Physical volumes

Command Description
pvcreate Initialize physical volume(s) for use by LVM
pvs Display information about physical volumes
pvdisplay Display various attributes of physical volume(s)
pvresize Resize physical volume(s)
pvmove  Move extents from one physical volume to another

Volume groups

Command Description
vgcreate Create a volume group
vgs Display information about volume groups
vgdisplay Display volume group information such as attributes
vgextend Add physical volumes to a volume group
vgreduce Remove physical volume(s) from a volume group
vgremove  Remove volume group(s)

Logical volumes

Command Description
lvcreate Create a logical volume
lvs Display information about logical volumes
lvdisplay Display information about a logical volume
lvresize | lvreduce | lvextend Resize a logical volume
lvmove Remove logical volume(s) from the system

Example of how to create a LVM

Let’ s suppose you have free  8 GB hard drive in /dev/sdb , with two partitions of  4 GB each (/dev/sdb1 and /dev/sdb2), and you want to create a LVM on those two partitions to use these mount points:  1 GB for the system’s root (/), 1 GB for swap (swap) and the remaining 6 GB for users directory (/home). To create the LVM you can type the following commands:

root@buckbeak:~# pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created

root@buckbeak:~#pvcreate /dev/sdb2
Physical volume "/dev/sdb2" successfully created

root@buckbeak:~# pvs

PV         VG         Fmt  Attr PSize  PFree
/dev/sdb1                         lvm2 a-    4.00g 4.00g
/dev/sdb2                         lvm2 a-    3.99g 3.99g

root@buckbeak:~# vgcreate vg_group01 /dev/sdb1 /dev/sdb2

Volume group "vg_group01" successfully created

root@buckbeak:~# vgs

VG         #PV #LV #SN Attr   VSize  VFree
vg_group01   2   0   0 wz--n-  7.99g 7.99g

root@buckbeak:~# lvcreate -n lv_rootfs vg_group01 -L 1G
Logical volume "lv_rootfs" created

root@buckbeak:~# lvcreate -n lv_swap vg_group01 -L 1G
Logical volume "lv_swap" created

root@buckbeak:~# lvcreate -n lv_home vg_group01 -L 6G
Volume group "vg_group01" has insufficient free space (1534 extents): 1536 required

root@buckbeak:~# lvcreate -n lv_home vg_group01 -l 1534
Logical volume "lv_home" created

root@buckbeak:~# lvs
LV        VG         Attr   LSize  Origin Snap%  Move Log Copy%  Convert
lv_home   vg_group01 -wi-a-  5.99g
lv_rootfs vg_group01 -wi-a-  1.00g
lv_swap   vg_group01 -wi-a-  1.00g

Now you can make the file system for each logical volume:

root@buckbeak:~# mkfs.ext4 /dev/vg_group01/lv_rootfs
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
65536 inodes, 262144 blocks
13107 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376

Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 34 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

root@buckbeak:~# mkfs.ext4 /dev/vg_group01/lv_home
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
393216 inodes, 1570816 blocks
78540 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1610612736
48 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736

Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 20 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

root@buckbeak:~# mkswap /dev/vg_group01/lv_swap
mkswap: /dev/vg_group01/lv_swap: warning: don't erase bootbits sectors
on whole disk. Use -f to force.
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=e743b4f3-1c80-4503-be88-6934d575cd55

root@buckbeak:~# swapon /dev/vg_group01/lv_swap

root@buckbeak:~# swapon -s
Filename                Type        Size    Used    Priority
/dev/dm-1                               partition    2064376    8    -1
/dev/dm-5                               partition    1048568    0    -2

If you want to use these logical volumes, you can mount them using the mount command or add them to the /etc/fstab file to be mount when the system boots.

September 5th, 2012 | Category: DISK | Leave a comment

Job Control

View the currently running jobs:
jobs

Place running foreground process into background:
ctl-z #puts the job to sleep
bg %1

Bring a background job into the foreground:
fg %1

Kill a job:
kill %1
kill %1 -9

Find the PID of all jobs
jobs -p
jobs -pl

Bring a nohuped process to the foreground
# note: I think you can only do this from the same terminal session.
# It doesn’t look like it is possible to nohup a process, close a terminal
# and then bring the process back to the foreground again. Use screen instead.

# If you do not close your terminal session and if you do something like
nohup sleep 100 &
# and want to bring this to the foreground
# find the process ID using
jobs -p
or
ps -ef
# then supply the PID as the argument to the fg command
fg 14389420

September 5th, 2012 | Category: Linux Commands | Leave a comment

OpenSSL Usage

List available Ciphers:
openssl ciphers -v
openssl ciphers -v tls1 #only TLS ciphers
openssl list-cypher-commands
openssl ciphers -v ‘HIGH’ #only good ciphers

Test OpenSSL Speed:
openssl speed
openssl speed rsa #test only rsa

Generate self-signed cert:
openssl req \
-x509 -nodes -days 365 \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
OR
openssl req \
-x509 -nodes -days 365 \
-subj ‘/C=US/ST=Oregon/L=Portland/CN=www.madboa.com’ \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem

MD5 or SHA1 digest of file:
openssl dgst -md5 filename
openssl dgst -sha1 filename

Base64 encode / decode a file:
openssl enc -base64 -in infile.txt #encode to stdout
openssl enc -base64 -in infile.txt -out outfile.txt #encode to a file
echo “encode me” | openssl enc -base64 #encode through a pipe
echo “Zw5jb2RlIGllCg==” | openssl enc -base64 -d #decode through a pipe

Encrypt a file using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass pass:password
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass file:/path/to/passwd.txt
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc #base64 for email

Decrypt binary / base64 AES CBC file
openssl enc -d -aes-256-cbc -in file.enc
openssl enc -d -aes-256-cbc -a -in file.enc  # decode with base64

Encrypt a file using Triple DES with base64 “ASCII Armor”
openssl enc -e -a -salt -des3 -in file.txt -out file.des3

Decrypt a file encoded with Triple DES and base64 encoded
openssl enc -d -a -in file.des3 -out file.txt

Encrypt a file using Blowfish and base64 encode
openssl enc -e -a -salt -bf -in file.txt -out file.blowfish

Decrypt a file encoded with Blowfish and base64 encoded
openssl enc -d -a -bf -in file.blowfish -out file.txt

Generate an RSA key:
openssl genrsa
openssl genrsa -out mykep.pem 1024
openssl genrsa -des3 -out mykey.pem 1024

Generate a public RSA key:
openssl rsa -in mykey.pem -pubout

Generate a DES key:
openssl dsaparam -noout -out dsakey.pem -genkey 1024

Generate a shadow-style password hash:
openssl passwd -1 MySecret
openssl passwd -1 -salt sXiKzkus MySecret #specific salt

Test for prime number:
openssl prime 11905475924560753

Generate random number:
openssl rand -base64 128 #128 random base64 bits
openssl rand -out random_data.bin 1024 #1024 random binary bits
head -c 32 /dev/urandom | openssl enc -base64 #better entropy


Create an SSL certificate:
openssl genrsa -des3 -out server.key 1024            # create keys
openssl req -new -key server.key -out server.csr   # create cert request

cp server.key server.key.org                                  # remove passphrase
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt  # create cert

Decode an SSL Cert:
openssl x509 -in certificate.crt -text -noout
http://www.sslshopper.com/certificate-decoder.html

September 5th, 2012 | Category: Security on Centos | Leave a comment

SSH PKI

To create ssh keys:
ssh-keygen -t dsa -d 2048
Optionally leave the passphrase blank
This will create a ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub file.

Check for validity:
ssh-keygen -l -f ~/.ssh/id_dsa.pub

Copy the key to the remote server:
cat ~/.ssh/id_dsa ssh remote_host ‘sh -c “cat – >>~/.ssh/authorized_keys”‘

Convert commercial (SECSH) ssh private / public key to OpenSSH
ssh-keygen -i -f id_dsa.pub > id_dsa_openssh.pub # public key
ssh-keygen -i -f id_dsa > id_dsa_openssh # private key

Generate public key from private key
ssh-keygen -y -f id_dsa > id_dsa_openssh.pub

Convert OpenSSH private / public to commercial (SECSH) ssh
ssh-keygen -e -f id_dsa_openssh.pub > id_dsa.pub # public key
ssh-keygen -e -f id_dsa_openssh > id_dsa # private key

Changes the passphrase
ssh-keygen -p -N password -f id_dsa_openssh.prv > id_dsa

September 5th, 2012 | Category: Security on Centos | Leave a comment

GPG Management Commands

Generates key pair:
gpg –gen-key

Lists public and private current keys:
gpg –list-keys
gpg –list-secret-keys

Exports public key / private key:
gpg –armor –export jaz@example.com
gpg –export-secret-key –armor “jaz@example.com” > private.key

Imports a public key / private key:
gpg –import joe.ca
gpg –allow-secret-key-import –import private.key

Delete public / private key:
gpg –delete-key “jaz@example.com”
gpg –delete-secret-key “jaz@example.com”

Encrypt a document with someone’s public key:
gpg –output out.gpg –encrypt –recipient jaz@example.com doc
gpg -o out.gpg -e -r jaz@example.com doc

Decrypt an encrypted file:
gpg –output doc –decrypt doc.pgp
gpg -o doc –decrypt doc.pgp

Symmetric encryption:
gpg –output doc.gpg –symmetric doc
gpg -o doc.gpg -c doc

 

 

 

 

 

 

 

GPG
    Gnu Privacy Gard is an open source of Pretty Good Privacy and 100% compatible with PGP.It based on PKI (Public key private key encryption). GPG encrypts data / mails etc.

Steps in Encrypting Data using the GPG

Step 1:
    Genarate PKI pairs (Public/private Key)
# gpg –gen-key
     This will Prompt for options like key strength and various other details and store the key inside ~/.gnupg/.
pubring.gpg and secring.gpg are the public and private keys respectively.
Now make note of the key finger print. This is used to matching the public keys.
# gpg –list-keys
    This will show the keys that has been generated
# gpg –fingerprint
    This will show the finger print for the keys.

Step 2:
    Now we can encrypt the data using the private key
Encrypt the data:
# gpg –list-keys
    This will list the keys
# gpg –encrypt -r kiran install.log
    -r is used to define the public key ID also can use the user name(This reffers which key has to be used) and the install.log is the file that we are encrypting. As a result  a new file will be created by the name install.log.gpg. Now if we cat the content of the file install.log.gpg now we can see that the file is been encrypted (This will use the compression as well so file size will be less than the original file).

Decrypt the data:
#gpg –decrypt install.log.gpg
    Will decrypt the file and the STDOUT will be shown in the bash terminal.
# gpg -o install.log –decrypt install.log.gpg
    This will decrypt to the file install.log

Encryption Decryption using the Armor
# gpg -e –armor -r kiran install.log
    This will encrypt the data with armored (Neatly encrypts the data). Creates the file with the name install.log.asc
# gpg –decrypt install.log.asc
     this will decrypt the encryption with armor

Encryption and Decryption accross the network:
       
    Now in this case we have to export the publicring keys and import it on remote machine to decrypt the data.
Exporting the public Key.
In host1:
# gpg –export –armor -o remotehost1.asc.pub
    This will export the public key to the file remotehost.asc. Now this key can be imported to any host for decryption.
In host2:
# gpg –export –armor -o remotehost2.asc.pub
    Now both the users have exported their public keys. Now we can import the public keys to system to create “web of trust”.

Now import the keys
In Host 1:
get the public key of Host2 “remotehost2.asc.pub” securely  and import it
# gpg –import remotehost2.asc.pub
    This will import the key of Host2 in host1 for the current user
# gpg –list-keys
    This will show all the keys.

Now import the keys
In Host 2 also:
get the public key of Host1 “remotehost1.asc.pub” securely  and import it
# gpg –import remotehost1.asc.pub
# gpg –list-keys
    Now we have both the pub keys installed in both systems.

Testing the encryption:
# gpg –list-keys
# gpg -e -r 89909823636 –armor -o test.txt.asc  test.txt
     While encryption make sure that the same key is used. For this instead of giving the username for the flag ” -r ” use the key ID in our case it is “89909823636”. Now this will re-confirm the key that going to encrypt.
This will encrypt the file and send this accross the wire to host2.
In host2
# gpg –list-keys
     Find the key which has the ID 89909823636 from above command
# gpg –decrypt -r 89909823636 -o test.txt test.txt.asc
    This will decrypt the file and create the new file test.txt.
   
GPG – Signing & Encryption
 * Signing is different from encrypting the data. Signing is to prove the authenticity of the data send to the reciever stating that “This data belongs to the sender”. Signing is independent to encryption of data. We can encrypt without signing. Sign and Encrypt to prove authenticity is recommended.

Signing a file:
     The Private key of the sender is used to sign the data. And the recipient decrypts the signature using senders public key.

Encrypt the data
# gpg -e –armor -r 80098FC8 file.txt
    This will armor and encrypt the file using the key ID 80098FC8 .
When a file is singed, when decrypting the the data the gpg will show the signature

Signing and Encrypting:
#gpg -se –armor -r 80098FC8 file.txt   
    This will encrypt as well as sign the data using the private key 80098FC8 . Now when we decrypt the data the gpg will show the signature as well as Key finger print and also about the key whether it is trusted or not in the shell output.
#gpg -d -r 80098FC8 file.txt.asc
    This will decrypt the data along with it will show the signature too. But if the trust level of the key is not set this will show you the msg that “there is no indication that this key belongs to sender”

Increasing the Trust Level of the KEY.(Certifying the key with trusted signature):

#gpg –edit-key  8177ACE
    This will give the promtp to edit the key having the ID 8177ACE.
Command> help
    Will show the help menu
Command> trust
    Now give the trust level(the each level will be explained by the interactive menu in gpg) Select from 1 to 5 class of trust.
Command>  quit
    Now the trust level is set.

So now sign, encrypt and send to remote user. Now decrypt the file in the remote machine.
Note:- Still if u see that trust need to increased in remote machine, This means in remote system also we have to increase the trust level. Now test again.

GPG – detaching the signature:
     (–detach-sign or -b) This option will detach the signature from the encrypted file and both the signature and encrypted file can be send it separately to remote system.When creating the detached signature no need to specify the recipients (-r) public key. The process of creating the signature relies upon the senders private key.

Creating the encrypted file and a separate signature for it.
# gpg -ea -r 8900DAC08 test.txt
    This will create a encrypted file called test.txt.asc. But this will not be signed.
# gpg -b test.txt.asc
    (-b will tell to create a seperate signature) The signature created by each and every file will be different.
This will create a file called test.txt.asc.sig
   
Now send both the file to remote system.
Testing the file with the signature in remote system.
    When verifying and decrypting the content of assosiated encrypted file follow this

1. Verify the md5sum
2. Verify the signature
3. Decrypt the encrypted file

Verify the md5sum
# Check the md5sum and compare with the sender’s md5sum for both the file and signature

Verify the signature
# gpg –verify  test.text.asc.sig  test.text.asc
    This will return the signature status.

Decrypt the encrypted file
# gpg -d -o test.txt test.text.asc

Integrating the GPG with mail clients:
    The encryption is based on the email address in allmost all the MUA. It is not done by the key ID. So make sure that the matching key has been installed in both of senders and relievers MUA before encrypting and sending the msg. The GPG key has to be created and trust level has to be defined with the exact mail ID.

 

 

 

 

This is the Command Generates key pair:

gpg –gen-key

You have to selet the type of key
1    Please select what kind of key you want:
2       (1) DSA and Elgamal (default)
3       (2) DSA (sign only)
4       (5) RSA (sign only)
5    Your selection?

You have to specify the key pair size
1    What keysize do you want?

Then you have to specify expiration date
1    Please specify how long the key should be valid.
2             0 = key does not expire
3          <n>  = key expires in n days
4          <n>w = key expires in n weeks
5          <n>m = key expires in n months
6          <n>y = key expires in n years
7    Key is valid for? (0)

You must also provide a USER ID. You need a User-ID to identify your key;
1    from Real Name, Comment and Email Address in this form:
2        “mohan ramadoss <mohan@mohan.com>”
3    
4    Real name:

GnuPG need a Passphrase to protect your private key.
1    Enter passphrase:

Now you have successfully create the keys. To list keys use the commandline option –list-keys
1    gpg –list-keys
2    /users/user/.gnupg/pubring.gpg
3    —————————————
4    pub  1024D/BB7576AC  2012-03-03  mohan (ramadoss) <mohan@mohan.com>
5    sub  1024g/78E9A8FA  2012-03-03

Encrypting and decrypting documents

The –encrypt(-e) option is used to encrypt files.
1    gpg –output doc.gpg  –recipient mohan@mohan.com  –-encrypt mydoc

Note if you are not specify ouput filename default name will be mydoc.asc

The –-recipient(-r) option is also important which specify the public key to which the key should encrypt.

By default there is only one public key but when we encrypt files for someone else we have to import their public key using
1    gpg –import key_file_to_import

Then to encrypt
1    gpg -r mohan@mohan.com  -e file_to_encrypt

To decrypt the file you can use the –decrypt option. You need the private key to which the message was encrypted.
view source
print?
1    gpg –output doc –decrypt mydoc.asc
2    Enter passphrase:

Lists public and private current keys:

gpg –list-keys
gpg –list-secret-keys

Exports public key / private key:

gpg –armor –export mohan@mohan.com
gpg –export-secret-key –armor “mohan@mohan.com” > private.key

Imports a public key / private key:

gpg –import mohan.ca
gpg –allow-secret-key-import –import private.key

Delete public / private key:

gpg –delete-key “mohan@mohan.com”
gpg –delete-secret-key “mohan@mohan.com”

Encrypt a document with someone’s public key:

gpg –output out.gpg –encrypt –recipient mohan@mohan.com doc
gpg -o out.gpg -e -r mohan@mohan.com doc

Decrypt an encrypted file:
gpg –output doc –decrypt doc.pgp
gpg -o doc –decrypt doc.pgp

Symmetric encryption:

gpg –output doc.gpg –symmetric doc
gpg -o doc.gpg -c doc

 

 

Symmetric encryption:

gpg –output doc.gpg –symmetric doc
gpg -o doc.gpg -c doc

 

 

Securing Data
-The Need For Encryption

-Symmetric Encryption

Symmetric uses a secret/password to encrypt and decrypt a message.
You can use GnuPG (cli command is ‘gpg’) to encrypt and decrypt a file symmetrically. Arguments:

–symmetric/-c == symmetric cipher (CAST5 by default)
–force-mdc == if you don’t have this you’ll get “message was not integrity protected”

There are many more things you can specify.

echo “awesome secret message” > /tmp/file
gpg –symmetric –force-mdc /tmp/file
#(enter password)
#this creates a /tmp/file.gpg
#beware that /tmp/file still exists
#to decrypt:
gpg –decrypt /tmp/file.gpg
gpg: 3DES encrypted data
gpg: encrypted with 1 passphrase
awesome secret message

 
-Asymmetric Encryption

Uses a key-pair. A public key and a private key.
A message encrypted with the public key can only be decrypted with the private key.
A message encrypted with the private key can only be decrypted with the public key.

GnuPG can let you handle this.

Login with a user called ‘labber’:

gpg –gen-key
# in this interactive dialog enter username: labber, e-mail and password
# this doesn’t always work, might take _long_time_, eventually I just tried on another machine
echo “secret message” > /tmp/file
gpg -e -r labber /tmp/file
# enter password
gpg –decrypt /tmp/file
# enter password

To export the public key in ASCII format you can:

gpg –armor –output “key.txt” –export “labber”

 

Quick’n easy gpg cheatsheet

If you found this page, hopefully it’s what you were looking for. It’s just a brief explanation of some of the command line functionality from gnu privacy guard (gpg). Please email me if you find any errors (scout3801@gmail.com ).

Filenames are italicized (loosely, some aren’t, sorry), so if you see something italicized, think “put my filename there.”

I’ve used User Name as being the name associated with the key. Sorry that isn’t very imaginative. I *think* gpg is pretty wide in it’s user assignments, ie. the name for my private key is Charles Lockhart, but I can reference that by just putting in Lockhart. That doesn’t make any sense, sorry.

to create a key:
gpg –gen-key
generally you can select the defaults.

to export a public key into file public.key:
gpg –export -a “User Name” > public.key
This will create a file called public.key with the ascii representation of the public key for User Name. This is a variation on:
gpg –export
which by itself is basically going to print out a bunch of crap to your screen. I recommend against doing this.
gpg –export -a “User Name”
prints out the public key for User Name to the command line, which is only semi-useful

to export a private key:
gpg –export-secret-key -a “User Name” > private.key
This will create a file called private.key with the ascii representation of the private key for User Name.
It’s pretty much like exporting a public key, but you have to override some default protections. There’s a note (*) at the bottom explaining why you may want to do this.

to import a public key:
gpg –import public.key
This adds the public key in the file “public.key” to your public key ring.

to import a private key:
gpg –allow-secret-key-import –import private.key
This adds the private key in the file “private.key” to your private key ring. There’s a note (*) at the bottom explaining why you may want to do this.

to delete a public key (from your public key ring):
gpg –delete-key “User Name”
This removes the public key from your public key ring.
NOTE! If there is a private key on your private key ring associated with this public key, you will get an error! You must delete your private key for this key pair from your private key ring first.

to delete an private key (a key on your private key ring):
gpg –delete-secret-key “User Name”
This deletes the secret key from your secret key ring.

To list the keys in your public key ring:
gpg –list-keys

To list the keys in your secret key ring:
gpg –list-secret-keys

To generate a short list of numbers that you can use via an alternative method to verify a public key, use:
gpg –fingerprint > fingerprint
This creates the file fingerprint with your fingerprint info.

To encrypt data, use:
gpg -e -u “Sender User Name” -r “Receiver User Name” somefile
There are some useful options here, such as -u to specify the secret key to be used, and -r to specify the public key of the recipient.
As an example: gpg -e -u “Charles Lockhart” -r “A Friend” mydata.tar
This should create a file called “mydata.tar.gpg” that contains the encrypted data. I think you specify the senders username so that the recipient can verify that the contents are from that person (using the fingerprint?).
NOTE!: mydata.tar is not removed, you end up with two files, so if you want to have only the encrypted file in existance, you probably have to delete mydata.tar yourself.
An interesting side note, I encrypted the preemptive kernel patch, a file of 55,247 bytes, and ended up with an encrypted file of 15,276 bytes.

To decrypt data, use:
gpg -d mydata.tar.gpg
If you have multiple secret keys, it’ll choose the correct one, or output an error if the correct one doesn’t exist. You’ll be prompted to enter your passphrase. Afterwards there will exist the file “mydata.tar”, and the encrypted “original,” mydata.tar.gpg.

NOTE: when I originally wrote this cheat sheet, that’s how it worked on my system, however it looks now like “gpg -d mydata.tar.gpg” dumps the file contents to standard output. The working alternative (worked on my system, anyway) would be to use “gpg -o outputfile -d encryptedfile.gpg”, or using mydata.tar.gpg as an example, I’d run “gpg -o mydata.tar -d mydata.tar.gpg”. Alternatively you could run something like “gpg -d mydata.tar.gpg > mydata.tar” and just push the output into a file. Seemed to work either way.

Ok, so what if you’re a paranoid bastard and want to encrypt some of your own files, so nobody can break into your computer and get them? Simply encrypt them using yourself as the recipient.

I haven’t used the commands:
gpg –edit-key
gpg –gen-revoke

  • –gen-revoke creates a revocation certificate, which when distributed to people and keyservers tells them that your key is no longer valid, see http://www.gnupg.org/gph/en/manual/r721.html
  • –edit-key allows you do do an assortment of key tasks, see http://www.gnupg.org/gph/en/manual/r899.html

 

 

Sharing Secret Keys

NOTE!: the following use cases indicate why the secret-key import/export commands exist, or at least a couple ideas of what you could do with them. HOWEVER, there’s some logistics required for sharing that secret-key. How do you get it from one computer to another? I guess encrypting it and sending it by email would probably be ok, but I wouldn’t send it unencrypted with email, that’d be DANGEROUS.

Use Case *.1 : Mentioned above were the commands for exporting and importing secret keys, and I want to explain one reason of why maybe you’d want to do this. Basically if you want one key-pair for all of your computers (assuming you have multiple computers), then this allows you export that key-pair from the original computer and import it to your other computers. 

Use Case *.2 : Mentioned above were the commands for exporting and importing secret keys, and I want to explain one reason of why maybe you’d want to do this. Basically, if you belonged to a group, and wanted to create a single key-pair for that group, one person would create the key-pair, then export the public and private keys, give them to the other members of the group, and they would all import that key-pair. Then a member of the group or someone outside could use the group public key, encrypt the message and/or data, and send it to members of the group, and all of them would be able to access the message and/or data. Basically you could create a simplified system where only one public key was needed to send encrypted stuffs to muliple recipients.

September 5th, 2012 | Category: Security on Centos | Leave a comment

LVM Basics

Dependencies needed:
Kernel module (version 2.6.9+):
Device Drivers > Multi-device support (RAID and LVM) > Device Mapper Support (CONFIG_BLK_DEV_DM)
Associated kernel module:
dm_mod

Package:
lvm2 – lvm tools
libdevmapper

Show LVM version:
lvm version

Create the physical disks:
pvcreate /dev/hda
pvcreate /dev/hdb
pvcreate /dev/hdc1
pvcreate /dev/hdc2

Show allocated Physical volumes:
pvscan
pvdisplay
lvm pvs

Setup a volume group:
vgcreate vg_name /dev/hda /dev/hdb /dev/hdc1 /dev/hdc2

Display a volume group:
vgdisplay
lvm vgs

Display a logical volume:
lvdisplay
lvm lvs

Create Logical Volume:
Sets the size to 1GB
lvcreate -L1G -n lv_name vg_name

Activate/deactivate a volume group:
vgchange -a y vg_name #Activates: needed after each reboot!!
# This makes it show up as an entry in /dev/
vgchange -a n vg_name #Deactivates

Create the file system (choose one):
mk2fs /dev/vg_name/lv_name # create ext2 fs
mkfs.ext3 /dev/VolGroupBAK/lv_BAK # create ext2 fs
mkfs.ext3 /dev/VolGroupBAK/lv_BAK # create ext3 fs
mkreiserfs /dev/VolGroupBAK/lv_BAK # create reiserfs (reiserfs utils needed)
mkfs.xfs /dev/VolGroupBAK/lv_BAK # create xfs (xfsprogs package needed)
jfs_mkfs /dev/VolGroupBAK/lv_BAK # create jfs (jfsutils package needed)

Mount the File System:
mount /dev/vg_name/lv_name /mnt/point

Add disks to volume groups:
Create the new physical volumes
pvcreate /dev/hdd1
pvcreate /dev/hdd2

Add physical volumes to volume group
vgextend vg_name /dev/hdd1
vgextend vg_name /dev/hdd2

Unmount logical volume to extend
unmount /dev/vg_name/lv_name

Grow lv by 1GB
lvextend -L+1G /dev/vg_name/lv_name

Resize the underlying filesystem to fit (choose one)
resize2fs /dev/vg_name/lv_name # grow ext2/3 to match
resize_reiserfs -f /dev/vg_name/lv_name # grow reiserfs online
resize_reiserfs /dev/vg_name/lv_name # grow reiserfs offline
xfs_growfs /mount_pt # grow xfs online (must be mounted to resize)
mount -o remount,resize /home # grow jfs online (must be mounted)

Remount logical volume
mount /dev/vg_name/lv_name # remount if unmounted

Remove a Logical Volume:
unmount /dev/vg_name/lv_name # unmount any mounted lv
lvremove /dev/vg_name/lv_name # remove any lv

Remove a volume Group:
All logical volumes in group must be removed first.
vgchange -a n vg_name # deactivate vg
vgremove vg_name # removes vg

September 5th, 2012 | Category: DNS | Leave a comment

How to add LUN disk online under CentOS 6.2

Environment: CentOS 6.2 64bit with multipath connected to HP EVA storage, the LUN disk was LVM disk
Objective: add a new LUN disk for server online and add into the existing LVM to make the partition size bigger
scenario: LVM add new lun disk, increase the existing lvm lun disk, increase the existing partition disk such as /dev/sda1

Steps:


1. add a new LUN disk in EVA storage and present it properly to the server
2. use commands below to rescan scsi hosts

 echo “- – -” > /sys/class/scsi_host/host0/scan   
 echo “- – -” > /sys/class/scsi_host/host1/scan 
 echo “- – -” > /sys/class/scsi_host/host2/scan 

you can find out how many scsi disks you have by running “ls /sys/class/scsi_host”, or just run above commands for all hosts under /sys/class/scsi_host

2.1 if you increased the existing LUN disk size, please refer to http://serverfault.com/questions/66638/how-to-extend-a-san-based-vdisk-in-red-hat-without-rebooting as follows:
or refer to http://www.datadisk.co.uk/html_docs/redhat/rh_multipathing.htm  Resize online multpath LUN part  and Multipathing and DR part


resize SAN disk / physical device first.

# rescan disk size
multipath -ll # list all disks, for all disk, run
echo 1 > /sys/block/sdX/device/rescan
#run for all sdX under /sys/block

[#optional, then you can test multipath failover by running]
multipathd -k
del path sdx 
add path sdx


# resize mapname
note: refer to http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/pdf/DM_Multipath/Red_Hat_Enterprise_Linux-6-DM_Multipath-en-US.pdf page 21 – Resizing an Online Multipath Device
multipathd -k
resize map multipath-map-name # this might be optional too, according to
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=120&prodSeriesId=3559651&prodTypeId=18964&objectID=c02000699

multipath # run this command to make multipath pickup the new size according to above hp bizsupport

use multipath -ll to verify the new size, then
pvresize,lvextend and resize2fs to expand the disk to new size.

References:
1. Moving root File Systems from a Single Path Device to a Multipath Device – http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/pdf/DM_Multipath/Red_Hat_Enterprise_Linux-6-DM_Multipath-en-US.pdf page 32.
2. Moving swap File Systems from a Single Path Device to a Multipath Device
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/pdf/DM_Multipath/Red_Hat_Enterprise_Linux-6-DM_Multipath-en-US.pdf page 34

3. verify wwid for new lun disk ndb01-b  – optonal
[root@db01 sys]# multipath -ll
mpatha (3600508b1001030363946364434300999) dm-0 HP,LOGICAL VOLUME
size=137G features=’1 queue_if_no_path’ hwhandler=’0′ wp=rw
`-+- policy=’round-robin 0′ prio=1 status=active
  `- 2:0:0:0 sda 8:0    active ready running
ndb01 (3600143800648a76c0000b00037b10777) dm-5 HP,HSV300
size=200G features=’1 queue_if_no_path’ hwhandler=’0′ wp=rw
`-+- policy=’round-robin 0′ prio=1 status=active
  |- 1:0:0:2 sdc 8:32   active ready running
  |- 1:0:1:2 sdf 8:80   active ready running
  |- 0:0:0:2 sdi 8:128  active ready running
  `- 0:0:1:2 sdl 8:176  active ready running
ndb01-b (3600143800648a76c0000b001566f0888) dm-11 HP,HSV300
size=200G features=’1 queue_if_no_path’ hwhandler=’0′ wp=rw
`-+- policy=’round-robin 0′ prio=1 status=active
  |- 0:0:0:4 sdn 8:208  active ready running
  |- 0:0:1:4 sdq 65:0   active ready running
  |- 1:0:0:4 sdt 65:48  active ready running
  `- 1:0:1:4 sdw 65:96  active ready running\

you can get a lun disk wwid by running:
/lib/udev/scsi_id –page=0x83 –whitelisted –device=/dev/sdw
3600143800648a76c0000b001566f0888

verify fiber channel adapter port wwn matches between server and storage 

[root@db01 zabbix]# more /sys/class/fc_host/host0/node_name 
0x20000000c9928eb1
[root@db01 zabbix]# more /sys/class/fc_host/host1/node_name 
0x20000000c9928eb2

then check EVA storage Hosts – port tab part to confirm



4. modify /etc/multipath.conf to add new wwid for new LUN disk
vi /etc/multipath.conf
multipaths {
        multipath {
                wwid 3600143800648a76c0000b00037b50005
                alias db01
        }
        multipath {
                wwid 3600143800648a76c0000b001566f0888
                alias db01-b
        }
}

fdisk -l | grep sd # check the last disk detected by os
ls /dev/mapper -l # check the existing lun disks
chkconfig multipathd on
/etc/init.d/multipathd start # make sur start it
/etc/init.d/multipathd reload
go to /dev/mapper to run ls -l to verify newly add LUN disks
fdisk -l | grep sd #confirm new disks have been detected.

5. resize pv and file system
pvcreate /dev/mapper/ndb01-b
or
pvresize /dev/mapper/ndb01 # if you increase the existing lun disk

vgextend VgGroup1 /dev/mapper/ndb01-b
lvextend -L +150G /dev/VolGroup01/ndb01-mysql1
resize2fs /dev/VolGroup01/ndb01-mysql1
df -h

6. what if it’s a single lun disk in OS – /dev/sda
lun admin to resize disk
echo “- – -” > /sys/block/sda/device/rescan
fdisk /dev/sda #remove then readd a partition that is the new disk size
partprobe # to update /proc/partitions
pvdisplay
pvresize /dev/sda1 or pvresize /dev/sda # grow pv
vgdisplay
lvextend
e2fsck -fy /dev/VolGroup1/LogVol1 # optional
resize2fs /dev/VolGroup1/LogVol1

or, instead of growing pv, you can use the new added partiton size to create another pv
fdisk /dev/sda # to add a new partition, not to delete/create
partprobe
pvcreate /dev/sda2
vgextend, lvextend, resize2fs etc


7. References:
a. Vmware Linux Guest Add a New Hard Disk Without Rebooting Guest – http://www.cyberciti.biz/tips/vmware-add-a-new-hard-disk-without-rebooting-guest.html

b. Multi-path Device Mapper for Linux Software – How to Resize an EVA LUN on RedHat 4.8 and Later –
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=120&prodSeriesId=3559651&prodTypeId=18964&objectID=c02000699

c. HP business support center – http://www.hp.com/bizsupport/
d. search redhat customer portal for article – How to extend filesystem built on LVM SAN disks on RHEL5
e. HP EVA storage default port 2372 with https

September 5th, 2012 | Category: DISK | Leave a comment

Adding and Removing SAN Disks from Linux Device Manager Multipath Systems

Add a new disk

This assumes you have created an array on the SAN and allocated space to a logical volume on it; you have mapped a LUN pointing that logical volume to that host, and that the host is correctly zoned to see the SAN in the fibre channel fabric.

  • Before anything, run multipath -ll to see what is there currently.
  • See how many HBAs are connected (and zoned) to the SAN – you need to repeat the commands for each one. For example: 
              echo 1 > /sys/class/fc_host/host0/issue_lip
          echo 1 > /sys/class/fc_host/host1/issue_lip
          echo "- - -" > /sys/class/scsi_host/host0/scan
          echo "- - -" > /sys/class/scsi_host/host0/scan
  • After running those commands, check that something happened by using dmesg and /var/log/messages.
  • Run multipath -v2to get multipath to pick it up – you can then compare the listing to the previously run command.
    Note the scsi devices for the new disk, it will be sdX and sdY or whatever.
  • Edit /etc/lvm/lvm.conf and make sure these are being filtered to remove duplicates – use vgdisplay -vvto show what LVM considers duplicate.
    FYI: device mapper / multipath create multiple device handles for the same device, this can cause delays with LVM2 and severely impact throughput.
  • Now you can pvcreate /dev/dm-XX, vgextend VolGroup dev/dm-XX, etc.

Remove a disk

  • Run the multipath -ll command, note the UUID (the big hex number), LUN and sdX device of the disk, eg in the example below it is LUN 2:, and they are /dev/sdf and /dev/sde– you will need this info for the procedure. Just confirm this is in fact the one you want to remove – cross-check the LUN and size of the volume on the SAN before proceeding… 
          3600a0b80000fb6e50000000e487b02f5 dm-10 IBM,1742
      [size=1.6T][features=1 queue_if_no_path][hwhandler=1 rdac]
      \_ round-robin 0 [prio=6][active]
      \_ 1:0:0:2 sdf 8:80 [active][ready]
      \_ round-robin 0 [prio=1][enabled]
      \_ 0:0:0:2 sde 8:64 [active][ghost]
    Note – the dm-XX is not permanent and may change when you’ve added or removed disks, so don’t rely on old info – check each time.
  • Also cat /proc/scsi/scsi to see match up the kernel SCSI devices with the SCSI IDs and LUNs of the SAN disks.
  • First you need to remove the disk from the volume group.
    • If the disk is in use, either delete what is on it (if there is a logical volume limited to that disk), or use pvmove. (this of course assumes you have sufficient space to move everything off the original disk)
      NB – with pvmove on SUSE10 sp2, there is a bug where if you are moving from a bigger disk to smaller disk(s), it may complain there isn’t enough space. Just move as many extents as are on the first smaller disk, the you can move the rest on to the second, eg: pvmove /dev/dm-1:0-20000 /dev/dm-2.
    • Once stuff is deleted/removed: vgreduce VolGroup dev/dm-XX and pvremove /dev/dm-XX.
  • Using the disk ID for the next command (the dm-xx isn’t recognised), from multipath -ll:
    dmsetup remove 3600a0b80000f7b270000000b47b15c26. (of course you need to use your own disk ID)
  • Now, finally, you remove the SCSI devices from the kernel:
      echo 1 > /sys/block/sdX/device/delete
      echo 1 > /sys/block/sdY/device/delete

You should now have all traces removed, you can run multipath -ll and cat /proc/scsi/scsi to cross check. You can now remove the mapping from the SAN and delete the logical volume if required.

September 5th, 2012 | Category: DISK | Leave a comment

Managing Physical and Logical Volumes

Contents

    Introduction
    Create Logical Volumes
    Delete Logical Volumes

Introduction

The following article presents an overview of the commands used to manage physical and logical volumes for use with Logical Volume Manager (LVM) in Linux.

Before considering the various commands for LVM, lets first look at just what is meant by some of the terminology of LVM.

A logical volume lives in a volume group that is made up of one or more physical volumes. All volume groups are part of the Logical Volume Manager. Here is a table that lists the three types of Logical Volume’s.

Logical Volume Types Logical Volume     Physical Device     File System
volume group     one or more disks     vgdisplay
physical volume group     physical extents on a drive     pvdisplay
logical volume group     multiple physical volume groups, one or more disks     lvdisplay

The following table provides an overview of some of the commands used in LVM and the functions they service.

LVM Commands Command     LVM Function
vgcreate     Create a Volume Group. (Create a subset of the overall LVM)
pvcreate     Create a Physical Volume, assign to Volume Group. (Specify a disk for inclusion in the overall LVM)
vgextend     Add a new physical disk to a volume group.
lvcreate     Create a Logical Volume. (Storage area for related files that is part of a Volume Group. A Volume Group consists of many logical volumes)
lvextend     Increase the size of a Logical Volume.
lvreduce     Decrease the size of a Logical Volume.
lvremove     Removes a Logical Volume. (Frees the storage area set aside for a logical volume)
vgreduce     Reduce a Volume Group. (Reduces the number of disks in a Volume Group)
vgremove     Remove a Volume Group. (Removes the designation of a group of disks as a Volume Group)
vgdisplay     Volume Group Display. (Displays information about one or more Volume Groups)
pvdisplay     Physical Volume Display. (Displays information about one or more Volume Groups)
lvdisplay     Logical Volume Display. (Displays information about one or more Logical Volumes)
Create Logical Volumes

The following subsections describe the commands used for creating logical volumes.
Partition Types

Before using a hard disk as a physical volume, decide if the physical volume will use the entire disk (/dev/sdc) or a disk partition (/dev/sdc1).

To create the physical volume using a partition, set the partition type to 0x8e (Linux LVM) using fdisk or some other similar program.

Each logical volume in this section will use the entire hard disk. This requires that no partition table exists on the disk. When using the whole disk, the partition table must be erased, which will effectively destroy all data on that disk. An existing partition table can be removed by zeroing the first sector on the disk using the dd command.

      

The following commands will destroy the partition table on the disk being operated on. Be very sure it is the correct disk before continuing.

[root@testnode1 ~]# dd if=/dev/zero of=/dev/sdc bs=512 count=1
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.00379734 seconds, 135 kB/s

[root@testnode1 ~]# dd if=/dev/zero of=/dev/sdd bs=512 count=1
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.00200099 seconds, 256 kB/s

Verify that the partition table has been removed from both hard disks.

[root@testnode1 ~]# fdisk -l | grep ‘^Disk \/dev\/sd[cd][^:]’
Disk /dev/sdc doesn’t contain a valid partition table
Disk /dev/sdd doesn’t contain a valid partition table
Disk /dev/dm-0 doesn’t contain a valid partition table
Disk /dev/dm-1 doesn’t contain a valid partition table

Initialize Physical Volumes

Use the pvcreate command to initialize a block device to be used as a physical volume. The following commands will initialize the whole disk for each hard disk.

[root@testnode1 ~]# pvcreate /dev/sdc
  Physical volume “/dev/sdc” successfully created

[root@testnode1 ~]# pvcreate /dev/sdd
  Physical volume “/dev/sdd” successfully created

      

When using a partition, run pvcreate on the partition.

[root@testnode1 ~]# pvcreate /dev/sdc1
  Physical volume “/dev/sdc1” successfully created

[root@testnode1 ~]# pvcreate /dev/sdd1
  Physical volume “/dev/sdd1” successfully created

This creates a volume group descriptor at the start of the /dev/sdc1 and /dev/sdd1 partition.

Use the lvmdiskscan command to scan for block devices and verify that the two hard disks can be used as physical volumes.

[root@testnode1 ~]# lvmdiskscan | grep ‘\/dev\/sd[cd]’
  /dev/sdc                           [       36.00 GB] LVM physical volume
  /dev/sdd                           [       36.00 GB] LVM physical volume

Create Volume Group

Use the vgcreate command to create a volume group from one or more physical volumes. The vgcreate command creates a new volume group by name (vg_oradata and vg_orafra for example) and adds at least one physical volume to it. Create a new volume group on each hard disk.

[root@testnode1 ~]# vgcreate vg_oradata /dev/sdc
  Volume group “vg_oradata” successfully created

[root@testnode1 ~]# vgcreate vg_orafra /dev/sdd
  Volume group “vg_orafra” successfully created

This creates a volume group descriptor at the start of each disk. When using partitions, run the vgcreate command on the partition (for example, vgcreate vg_oradata /dev/sdc1) which will create a volume group descriptor at the start of the partition.
Create Logical Volumes

With the new volume groups in place, use the lvcreate command to create the appropriate logical volumes (lv_oradata and lv_orafra). Logical volumes can be created as linear volumes, striped volumes, and mirrored volumes. For the purpose of this example, create a single linear volume within each of the volume groups that uses all of the unallocated space within the volume group.

[root@testnode1 ~]# lvcreate -l 100%FREE -n lv_oradata vg_oradata
  Logical volume “lv_oradata” created

[root@testnode1 ~]# lvcreate -l 100%FREE -n lv_orafra vg_orafra
  Logical volume “lv_orafra” created

Verify LVM Configuration

Use the vgscan and lvscan commands to verify the new volume groups and logical volumes respectively.

[root@testnode1 ~]# vgscan
  Reading all physical volumes.  This may take a while…
  Found volume group “vg_orafra” using metadata type lvm2
  Found volume group “vg_oradata” using metadata type lvm2
  Found volume group “vg_orasoftware” using metadata type lvm2
  Found volume group “VolGroup00” using metadata type lvm2

[root@testnode1 ~]# lvscan
  ACTIVE            ‘/dev/vg_orafra/lv_orafra’ [36.00 GB] inherit
  ACTIVE            ‘/dev/vg_oradata/lv_oradata’ [36.00 GB] inherit
  ACTIVE            ‘/dev/vg_orasoftware/lv_orasoftware’ [35.97 GB] inherit
  ACTIVE            ‘/dev/VolGroup00/LogVol00’ [30.97 GB] inherit
  ACTIVE            ‘/dev/VolGroup00/LogVol01’ [4.91 GB] inherit

LVM volume groups and underlying logical volumes are included in the device special file directory tree in the /dev directory with the following layout.

  /dev/vg/lv/

For example:

  /dev/vg_oradata/lv_oradata
  /dev/vg_orafra/lv_orafra

Delete Logical Volumes

Before describing how to drop physical and logical volumes, note that it is very common to only want to remove a logical volume from a volume group. For example, if users no longer need the logical volume lv_orafra. The logical volume can be removed and its physical extents placed back in the empty pool for the volume group. First, the file system will need to be unmounted (if it is mounted). Next, deactive it with lvchange and finally delete it with lvremove. Here is an example that removes the lv_orafra.

[root@testnode1 ~]# umount /u04/oracle/fast_recovery_area

[root@testnode1 ~]# lvchange -a n /dev/vg_orafra/lv_orafra

[root@testnode1 ~]# lvremove /dev/vg_orafra/lv_orafra
lvremove — do you really want to remove “/dev/vg_orafra/lv_orafra”? [y/n]: y
lvremove — doing automatic backup of volume group “vg_orafra”
lvremove — logical volume “/dev/vg_orafra/lv_orafra” successfully removed

Use the following to delete all physical and logical volumes created in this guide.

[root@testnode1 ~]# umount /u03/oracle/oradata

[root@testnode1 ~]# lvchange -a n /dev/vg_oradata/lv_oradata
[root@testnode1 ~]# lvremove /dev/vg_oradata/lv_oradata

[root@testnode1 ~]# vgchange -a n /dev/vg_oradata
[root@testnode1 ~]# vgchange -a n /dev/vg_orafra

[root@testnode1 ~]# vgremove /dev/vg_oradata
[root@testnode1 ~]# vgremove /dev/vg_orafra

September 5th, 2012 | Category: DISK | Leave a comment
« Newer Entries  
  Older Entries »