How to Safely Resize a LUKS-Encrypted LVM Logical Volume: Step-by-Step Guide with ext4 Filesystem


3 views

Before resizing, let's analyze the current configuration based on the provided information:

# Current LVM LV configuration
VG Name: moab
LV Name: backup
LV Size: 500.00 GiB
Device: /dev/mapper/moab-backup

# LUKS encryption layer
Cipher: aes-cbc-essiv:sha256
Key Size: 256 bits
Sector Offset: 3072
Size: 1048572928 sectors (~500GiB)

# Filesystem details
Type: ext4
Mounted: /srv/backup
Block Size: 4096

Before proceeding with the resize operation:

  • Ensure you have complete backups of all critical data
  • Verify the filesystem is clean (no errors)
  • Unmount the filesystem if currently mounted
  • Check available space in the volume group

1. Unmount the Filesystem

sudo umount /srv/backup

2. Check Filesystem Integrity

sudo e2fsck -f /dev/mapper/backup

3. Resize the ext4 Filesystem

First shrink the filesystem to be smaller than the target LV size (90GiB for buffer):

sudo resize2fs /dev/mapper/backup 90G

4. Resize the LUKS Container

Calculate the new size in sectors (100GiB = 100 * 1024 * 1024 * 2 = 209715200 sectors):

sudo cryptsetup resize --size 209715200 backup

5. Resize the LVM Logical Volume

sudo lvreduce -L 100G /dev/moab/backup

6. Final Filesystem Resize

Expand the filesystem to fill the new LUKS container:

sudo resize2fs /dev/mapper/backup

After completing the resize operation:

# Check LV size
sudo lvdisplay /dev/moab/backup

# Verify LUKS container
sudo cryptsetup status backup

# Check filesystem
sudo tune2fs -l /dev/mapper/backup | grep 'Block count'

Problem: Filesystem resize fails due to insufficient space
Solution: Always shrink the filesystem first to a size smaller than the target LV

Problem: LUKS resize reports "Device size too small"
Solution: Ensure the new size accounts for the LUKS header (3072 sectors in this case)

For frequent resizing operations, consider this bash script template:

#!/bin/bash
LV_PATH="/dev/moab/backup"
MAPPER_NAME="backup"
MOUNT_POINT="/srv/backup"
TARGET_SIZE="100G"
BUFFER_SIZE="90G"

# Unmount if mounted
umount $MOUNT_POINT 2>/dev/null

# Filesystem check
e2fsck -f /dev/mapper/$MAPPER_NAME

# Shrink filesystem
resize2fs /dev/mapper/$MAPPER_NAME $BUFFER_SIZE

# Calculate sectors (100GiB)
SECTORS=$((100 * 1024 * 1024 * 2))

# Resize LUKS
cryptsetup resize --size $SECTORS $MAPPER_NAME

# Resize LV
lvreduce -L $TARGET_SIZE $LV_PATH

# Final resize
resize2fs /dev/mapper/$MAPPER_NAME

echo "Resize operation completed successfully"

Before performing any resizing operations, let's analyze the current storage configuration:

# Current LV configuration
LV Path: /dev/moab/backup
LV Size: 500.00 GiB
VG Name: moab

The LUKS container sits on top of this LV with these characteristics:

# LUKS container details
Type: LUKS1
Cipher: aes-cbc-essiv:sha256
Device: /dev/mapper/moab-backup
Size: 1048572928 sectors (~500GiB)

And finally, the filesystem inside the LUKS container:

# Filesystem information
Filesystem: ext4
Block count: 131071616
Block size: 4096

Before shrinking, we need to ensure data safety:

  1. Backup important data - resizing operations always carry risk
  2. Unmount the filesystem if mounted
  3. Check filesystem integrity
# Unmount if mounted
sudo umount /srv/backup

# Check filesystem integrity
sudo fsck -f /dev/mapper/backup

Here's the step-by-step process to safely reduce the size:

1. Resize the Filesystem First

# Shrink ext4 to 100GiB (leave some buffer)
sudo resize2fs /dev/mapper/backup 95G

# Verify new filesystem size
sudo tune2fs -l /dev/mapper/backup | grep 'Block count'

2. Resize the LUKS Container

# Close the LUKS container
sudo cryptsetup luksClose backup

# Resize the LUKS container
sudo cryptsetup-reencrypt --resize-only --reduce-device-size 102400M /dev/mapper/moab-backup

# Reopen the container
sudo cryptsetup luksOpen /dev/mapper/moab-backup backup

3. Resize the LVM Logical Volume

# Reduce the LV to 100GiB
sudo lvreduce -L 100G /dev/moab/backup

# Verify new LV size
sudo lvdisplay /dev/moab/backup | grep 'LV Size'

After completing all steps, verify everything is working correctly:

# Check LUKS status
sudo cryptsetup status backup

# Mount and verify filesystem
sudo mount /dev/mapper/backup /srv/backup
df -h /srv/backup

Beware of these potential issues:

  • Data Loss: Always ensure you have enough free space before shrinking
  • LUKS Header: The LUKS header at the beginning of the device must not be overwritten
  • Alignment: Ensure proper sector alignment when resizing

If you encounter errors during the LUKS resize, try this recovery command:

sudo cryptsetup repair /dev/mapper/moab-backup

For maximum safety, consider this alternative method:

# 1. Create new 100GiB LV
sudo lvcreate -L 100G -n backup_new moab

# 2. Setup new LUKS container
sudo cryptsetup luksFormat /dev/moab/backup_new
sudo cryptsetup luksOpen /dev/moab/backup_new backup_new

# 3. Create filesystem
sudo mkfs.ext4 /dev/mapper/backup_new

# 4. Copy data (example using rsync)
sudo mount /dev/mapper/backup_new /mnt/new
sudo mount /dev/mapper/backup /mnt/old
sudo rsync -aHAXv /mnt/old/ /mnt/new/

# 5. Update fstab and crypttab
# 6. Remove old LV when confirmed working