I‘m using dm-crypt based transparent disk encryption subsystem in Linux. The cryptsetup command is used deal with the Linux Unified Key Setup (LUKS) on-disk format and mount the partition. My setup includes RAID-10 with an LVM physical volume. How do I run fsck (“file system check”) on dm-crypt / LUKS based LVM physical volume under Linux operating systems?
First, you need to open the LUKS partition device and sets up a mapping using cryptsetup command. Do not run fsck command on mounted partition. Type the following command as root user:
# cryptsetup luksOpen /dev/md3 securebackup
Sample outputs:
Enter passphrase for /dev/md3:
Where,
- /dev/md3 – My raid device. The device name will change according to your setup.
- securebackup – Sets up a mapping to securebackup after successful verification. This name will change according to your setup.
To read all physical volumes, enter:
# vgscan --mknodes
Sample outputs:
Reading all physical volumes. This may take a while... Found volume group "cryptvg" using metadata type lvm2
Where,
- cryptvg – Group volume name. It was created using lvm2 setup. This name will change according to your setup.
To activate logical volume and to create /dev/cryptvg/DEVICE name, enter:
# vgchange -ay
Sample outputs:
1 logical volume(s) in volume group "cryptvg" now active
You can see your device name at the following location
# ls -l /dev/cryptvg
# ls -l /dev/mapper/
Sample outputs:
total 0 crw------- 1 root root 10, 59 Dec 6 12:27 control lrwxrwxrwx 1 root root 7 Dec 6 12:54 cryptvg-mybackup -> ../dm-1 lrwxrwxrwx 1 root root 7 Dec 6 12:50 securebackup -> ../dm-0
You can type the following command to see information about VG in use:
# vgdisplay
Sample outputs:
--- Volume group --- VG Name cryptvg System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size 600.01 GiB PE Size 4.00 MiB Total PE 153602 Alloc PE / Size 153602 / 600.01 GiB Free PE / Size 0 / 0 VG UUID W0IDJ0-Yjt9-093X-qAzH-tbCJ-9NYH-BV1RYd
To display attributes of a physical volume, enter:
# pvdisplay
Sample outputs:
--- Physical volume --- PV Name /dev/dm-0 VG Name cryptvg PV Size 600.01 GiB / not usable 2.50 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 153602 Free PE 0 Allocated PE 153602 PV UUID swS5Nw-suTe-N0io-72LY-CBG5-6FhU-Tq8kYZ
OR
# pvdisplay /dev/dm-0
Sample outputs:
--- Physical volume --- PV Name /dev/dm-0 VG Name cryptvg PV Size 600.01 GiB / not usable 2.50 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 153602 Free PE 0 Allocated PE 153602 PV UUID swS5Nw-suTe-N0io-72LY-CBG5-6FhU-Tq8kYZ
To display attributes of a logical volume, enter:
# lvdisplay
Sample outputs:
--- Logical volume ---
LV Name /dev/cryptvg/mybackup
VG Name cryptvg
LV UUID g0AghZ-bcv5-n6pP-AQUA-5c32-fQa1-OteSlg
LV Write Access read/write
LV Status available
# open 0
LV Size 600.01 GiB
Current LE 153602
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 6144
Block device 253:1
To check and possibly repair a LVM2+LUKS based Linux file system, enter:
# fsck -C -V /dev/cryptvg/mybackup
OR
# fsck -C -V -y /dev/cryptvg/mybackup
Sample outputs:
It may take some time to complete the fsck:
fsck from util-linux-ng 2.17.2 [/sbin/fsck.ext3 (1) -- /dev/mapper/cryptvg-mybackup] fsck.ext3 -C0 /dev/mapper/cryptvg-mybackup e2fsck 1.41.12 (17-May-2010) /dev/mapper/cryptvg-mybackup has been mounted 63 times without being checked, check forced. Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information /dev/mapper/cryptvg-mybackup: 483163/39329792 files (0.2% non-contiguous), 16626195/157288448 blocks
You can now mount your device using the mount command:
# mount /dev/cryptvg/mybackup /securebackup/
# df -H
Sample outputs:
Filesystem Size Used Avail Use% Mounted on
/dev/md0 127G 930M 120G 1% /
tmpfs 1.1G 0 1.1G 0% /lib/init/rw
udev 1.1G 267k 1.1G 1% /dev
tmpfs 1.1G 0 1.1G 0% /dev/shm
/dev/md2 1.6T 88G 1.5T 6% /data
/dev/mapper/cryptvg-mybackup
635G 58G 544G 10% /securebackup
3 comment
I found this guide to be very helpful when configuring luks with my Fedora system. Also do you know if there is any way to configure the crypttab so that it doesnt prompt you for the passphrase until after the network services have loaded? I’d like to use this on a remote server and wont be able to physically access the machine when it reboots.
Thanks
Hi, I have the following problem with my linux box (Fedora 19). Everything is ok with encryption (LUKS+LVM) and everytime the system is rebooted I’m asked for a passphrase. No problem with this. The thing is that as a system-administrator many times I need to reboot the system remotely. Since I’m not there I can’t put the passphrase and thus the system will not restart. Is there any workaround for solving this problem remotely? Thanks in advance for any help.
You made my day!!! This was exactly what I was looking for.
And it solved my problem.
Thanks a lot!!!