On Wed, Sep 10, 2014 at 08:25:07AM -0500, Robert Nichols wrote: > On 09/09/2014 10:31 PM, Ross Boylan wrote: >> On Tue, Sep 09, 2014 at 08:59:03PM -0500, Robert Nichols wrote: >>> Easy. Create a new LV in that VG and use "--extents 100%FREE" as >>> its size. Fill that LV with whatever variety of random data you >>> choose, then delete that LV and use the space to expand your active >>> LV. >> >> Thanks; I wasn't aware of that syntax. >> >> But do the snapshots make that hazardous? If the maximum space I >> specified for them is pre-allocated it should be fine, but I thought >> the implementation grabbed blocks as needed. If that's the case, a >> snapshot could fail while I have grabbed all the "free" space. >> >> I suppose worst case I could do 90%Free and be good enough. > > The snapshot LV can increase its size only if you created it as thinly > provisioned, and even then it can grab extents only within the LV that > you set up as a "thin pool" LV. The space within that thin pool LV is > not "free" for the purposes of creating a new LV. Creating a new LV > with "--extents 100%FREE" will not affect expansion of your snapshot > LVs. > Good; I didn't do thin provisioning. Game Plan (for IMAP server and its spool): ## Verify that backups are OK ## randomize free space in LVM volume group turtle lvcreate -l 100%FREE -n tozero turtle cryptsetup open --type plain -d /dev/urandom /dev/turtle/tozero zero_crypt dd_rescue -w /dev/zero /dev/mapper/zero_crypt # free space ~ 100G--likely to take awhile. Hours? days? # if it's really slow I could allocate 2 LVs, one of which is the size # I need ~50G, and the other of which is filler. randomize the 50G; # free the space, and extend my volume. cryptsetup remove zero_crypt lvremove turtle/zero ## make encrypted spot to backup recent files # /usr/local/backup is not encrypted. Assume I create a small encrypted volume # and mount it at /usr/local/backup/crypt ## shutdown server ## backup current server state # do manual backup of selected server state # If possible make a backup of the directories the usual way. # Otherwise, as root cd /usr/local/backup/crypt # snapshots at 00:10 daily. Assume current day has not # been backed up yet. tar cjf cyrspool-recent.tar.bz2 --after-date 'Sep 9 00:09 -0800' /var/spool/cyrus ## take directory offline umount /var/spool/cyrus cryptsetup luksClose cyrspool_crypt # maybe close snapshot of turtle/cyrspool before extending? ## Actually grow things lvextend -L +20G turtle/cyrspool cryptsetup --key-file xxx luksOpen /dev/turtle/cyrspool cyrspool_crypt resize_reiserfs /dev/mapper/cryspool_crypt reiserfsck /dev/mapper/cyrspool_crypt mount /var/spool/cyrus ## restart IMAP server I took Arno's advice and did things offline. If anyone sees a problem, I'd love to know. Thanks. Ross _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt