I'm using dm-crypt based transparent disk encryption subsystem in Linux. The cryptsetup command is used deal with the Linux Unified Key Setup (LUKS) on-disk format and mount the partition. My setup includes RAID-10 with an LVM physical volume. How do I run fsck ("file system check") on dm-crypt / LUKS based LVM physical volume under Linux operating systems?
First, you need to open the LUKS partition device and sets up a mapping using cryptsetup command. Do not run fsck command on mounted partition. Type the following command as root user:
# cryptsetup luksOpen /dev/md3 securebackup
Sample outputs:
Enter passphrase for /dev/md3:
Where,
- /dev/md3 - My raid device. The device name will change according to your setup.
- securebackup - Sets up a mapping to securebackup after successful verification. This name will change according to your setup.
To read all physical volumes, enter:
# vgscan --mknodes
Sample outputs:
Reading all physical volumes. This may take a while... Found volume group "cryptvg" using metadata type lvm2
Where,
- cryptvg - Group volume name. It was created using lvm2 setup. This name will change according to your setup.
To activate logical volume and to create /dev/cryptvg/DEVICE name, enter:
# vgchange -ay
Sample outputs:
1 logical volume(s) in volume group "cryptvg" now active
You can see your device name at the following location
# ls -l /dev/cryptvg
# ls -l /dev/mapper/
Sample outputs:
total 0 crw------- 1 root root 10, 59 Dec 6 12:27 control lrwxrwxrwx 1 root root 7 Dec 6 12:54 cryptvg-mybackup -> ../dm-1 lrwxrwxrwx 1 root root 7 Dec 6 12:50 securebackup -> ../dm-0
You can type the following command to see information about VG in use:
# vgdisplay
Sample outputs:
--- Volume group --- VG Name cryptvg System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size 600.01 GiB PE Size 4.00 MiB Total PE 153602 Alloc PE / Size 153602 / 600.01 GiB Free PE / Size 0 / 0 VG UUID W0IDJ0-Yjt9-093X-qAzH-tbCJ-9NYH-BV1RYd
To display attributes of a physical volume, enter:
# pvdisplay
Sample outputs:
--- Physical volume --- PV Name /dev/dm-0 VG Name cryptvg PV Size 600.01 GiB / not usable 2.50 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 153602 Free PE 0 Allocated PE 153602 PV UUID swS5Nw-suTe-N0io-72LY-CBG5-6FhU-Tq8kYZ
OR
# pvdisplay /dev/dm-0
Sample outputs:
--- Physical volume --- PV Name /dev/dm-0 VG Name cryptvg PV Size 600.01 GiB / not usable 2.50 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 153602 Free PE 0 Allocated PE 153602 PV UUID swS5Nw-suTe-N0io-72LY-CBG5-6FhU-Tq8kYZ
To display attributes of a logical volume, enter:
# lvdisplay
Sample outputs:
--- Logical volume ---
LV Name /dev/cryptvg/mybackup
VG Name cryptvg
LV UUID g0AghZ-bcv5-n6pP-AQUA-5c32-fQa1-OteSlg
LV Write Access read/write
LV Status available
# open 0
LV Size 600.01 GiB
Current LE 153602
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 6144
Block device 253:1
To check and possibly repair a LVM2+LUKS based Linux file system, enter:
# fsck -C -V /dev/cryptvg/mybackup
OR
# fsck -C -V -y /dev/cryptvg/mybackup
Sample outputs:
Fig.01: Running fsck on an LVM2 (LUKS based) volume
It may take some time to complete the fsck:
fsck from util-linux-ng 2.17.2 [/sbin/fsck.ext3 (1) -- /dev/mapper/cryptvg-mybackup] fsck.ext3 -C0 /dev/mapper/cryptvg-mybackup e2fsck 1.41.12 (17-May-2010) /dev/mapper/cryptvg-mybackup has been mounted 63 times without being checked, check forced. Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information /dev/mapper/cryptvg-mybackup: 483163/39329792 files (0.2% non-contiguous), 16626195/157288448 blocks
You can now mount your device using the mount command:
# mount /dev/cryptvg/mybackup /securebackup/
# df -H
Sample outputs:
Filesystem Size Used Avail Use% Mounted on
/dev/md0 127G 930M 120G 1% /
tmpfs 1.1G 0 1.1G 0% /lib/init/rw
udev 1.1G 267k 1.1G 1% /dev
tmpfs 1.1G 0 1.1G 0% /dev/shm
/dev/md2 1.6T 88G 1.5T 6% /data
/dev/mapper/cryptvg-mybackup
635G 58G 544G 10% /securebackup
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 1 comment… read it below or add one }
I found this guide to be very helpful when configuring luks with my Fedora system. Also do you know if there is any way to configure the crypttab so that it doesnt prompt you for the passphrase until after the network services have loaded? I’d like to use this on a remote server and wont be able to physically access the machine when it reboots.
Thanks