From Wiki-UX.info

Wiki-UX / File Systems / How to convert a VXFS file system to EVFS
Jump to: navigation, search

How to convert a VXFS file system to EVFS

Abstract

This article presents an example of how to convert and inline encrypt an existing VxFS file system to EVFS.

Contents


Before converting a VxFS volume to EVFS

To use inline encryption, 3 MB of spare disk space are required at the end of the volume, and the minimum volume size must be 4 MB. If the entire volume is used, extend the volume using lvextend for LVM volumes, or vxassist for VxVM disgroups.

Verify the file systems or volumes you want to secure with EVFS are suitable for encryption.

You cannot use EVFS with Files or disk areas used during system boot. This includes the following objects:

  1. The root disk (/)
  2. The boot disk: Encrypting the boot disk makes the boot disk unusable and prevents you from booting the system.
  3. The HP-UX kernel directory (/stand): EVFS cannot decrypt the kernel or other data before the system boots.
  4. The /usr directory
  5. Swap space (swap devices or file swap space): Encrypting swap space causes the system to panic.
  6. Dump devices.

Convert a VxFS volume to EVFS

1. Check the the current file system space allocation.

# bdf
Filesystem          kbytes    used   avail %used Mounted on
/dev/vg00/lvol3    2097152  757912 1328848   36% /
/dev/vg00/lvol1     524288  241976  280288   46% /stand
/dev/vg00/lvol16   17776640 9368827 7886387   54% /var
/dev/vg03/lvol1    53329920 49321997 3757490   93% /var/opt/ignite
/dev/vg00/lvol7    8388608 3171576 5176344   38% /usr
/dev/vg00/lvol6    1605632  634216  970016   40% /tmp
/dev/vg00/lvol5    8388608 7463224  918248   89% /opt
/dev/vg00/lvol4    1228800  136208 1084136   11% /home
 
# lvdisplay /dev/vg00/test
--- Logical volumes ---
LV Name                     /dev/vg00/test
VG Name                     /dev/vg00
LV Permission               read/write
LV Status                   available/syncd
Mirror copies               0
Consistency Recovery        MWC
Schedule                    parallel
LV Size (Mbytes)            104   <--- Original size
Current LE                  13
Allocated PE                13
Stripes                     0
Stripe Size (Kbytes)        0
Bad block                   on
Allocation                  strict
IO Timeout (Seconds)        default

2. Increase the file system backing storage logical volume to provided for the encryption metadata

# lvextend -L 108 /dev/vg00/test
Warning: rounding up logical volume size to extent boundary at size "112" MB.
Logical volume "/dev/vg00/test" has been successfully extended.
Volume Group configuration for /dev/vg00 has been saved in /etc/lvmconf/vg00.conf
NOTE: Add at least 4 MB to the logical volume to contain the encryption metadata.


# lvdisplay /dev/vg00/test
--- Logical volumes ---
LV Name                     /dev/vg00/test
VG Name                     /dev/vg00
LV Permission               read/write
LV Status                   available/syncd
Mirror copies               0
Consistency Recovery        MWC
Schedule                    parallel
LV Size (Mbytes)            112
Current LE                  14
Allocated PE                14
Stripes                     0
Stripe Size (Kbytes)        0
Bad block                   on
Allocation                  strict
IO Timeout (Seconds)        default

3. Disable access to the file system and unmount it.

# umount /dev/vg00/test

4. Map the logical volume to EVS

# evfsadm map /dev/vg00/test
Volume "/dev/vg00/test" has been successfully mapped to EVFS volume "/dev/evfs/vg00/test"

5. Inline encrypt the the EVS file system.

# evfsvol iencrypt -k test /dev/evfs/vg00/test
This operation requires three mega-bytes spare disk spaces at the end of the volume. Without it, the data would be corrupted. Are you sure you want to start inline-encrypting "/dev/evfs/vg00/test"?
Answer [yes/no]:yes
Enter owner passphrase:
Volume "/dev/evfs/vg00/test" inline encryption: 100% complete.
Volume "/dev/vg00/test" has been successfully encrypted into EVFS volume "/dev/evfs/vg00/test".

6. Enable the EVS file system

# evfsvol enable -k test /dev/evfs/vg00/test
Enter user passphrase:
Encrypted volume "/dev/evfs/vg00/test" has been successfully enabled

7. Mount the EVS file system

# mount /dev/evfs/vg00/test /test
# bdf
Filesystem          kbytes    used   avail %used Mounted on
/dev/vg00/lvol3    2097152  757920 1328840   36% /
/dev/vg00/lvol1     524288  241976  280288   46% /stand
/dev/vg00/lvol16   17776640 9368857 7886359   54% /var
/dev/vg03/lvol1    53329920 49321997 3757490   93% /var/opt/ignite
/dev/vg00/lvol7    8388608 3171592 5176328   38% /usr
/dev/vg00/lvol6    1605632  634216  970016   40% /tmp
/dev/vg00/lvol5    8388608 7463224  918248   89% /opt
/dev/vg00/lvol4    1228800  136208 1084136   11% /home
/dev/evfs/vg00/test
                    106496    1754   98203    2% /test

Reference

Authors

This page was last modified on 17 July 2010, at 16:42. This page has been accessed 1,876 times.