How to migrate an encrypted LVM install to a new disk
Solution 1:
Partitioning and file copy - while running
I did this by starting with the running system. I plugged the new SSD into a USB SATA adapter and partitioned it, set up LVM and copied the files across.
# confirm disk size is as expected for sdc
sudo fdisk -l /dev/sdc
# now partition - 500 MB partition as boot, the rest as a single (logical) partition
sudo cfdisk /dev/sdc
Your disk should now look like:
sudo fdisk -l /dev/sdc
Disk /dev/sda: 120.0 GB, 120034123776 bytes
255 heads, 63 sectors/track, 14593 cylinders, total 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/sda1 * 63 979964 489951 83 Linux
/dev/sda2 979965 234441647 116730841+ 5 Extended
/dev/sda5 980028 234441647 116730810 82 Linux swap / Solaris
The next step is to put encryption on the partition and LVM on top of the encryption.
sudo cryptsetup -y luksFormat /dev/sdc5
sudo cryptsetup luksOpen /dev/sdc5 crypt
sudo vgcreate crypt-lvm /dev/mapper/crypt
sudo lvcreate -L4G -nswap crypt-lvm
sudo lvcreate -l100%FREE -nroot crypt-lvm
Now make the filesystems and mount them and copy your system across.
sudo mkfs.ext2 /dev/sdc1
# you do ls /dev/mapper to check the name if different
sudo mkfs.ext4 /dev/mapper/crypt-root
sudo mkdir /mnt/boot
sudo mkdir /mnt/root
sudo mount -t ext2 /dev/sdc1 /mnt/boot
sudo mount -t ext4 /dev/mapper/crypt-root /mnt/root
# rsync files
sudo rsync -a /boot/* /mnt/boot/
sudo rsync -aHAX --devices --specials --delete --one-file-system --exclude proc --exclude run --exclude boot --exclude sys --exclude tmp /* /mnt/root/
Up to this point you can keep the system running and use it. Now you need to shutdown and boot into a live CD/USB so you can get the system in a shutdown state.
Partitioning and file copy - live CD/USB
Once you have booted, open a terminal and:
sudo apt-get install lvm2
# mount old hard drive
sudo cryptsetup luksOpen /dev/sda5 sda5_crypt
sudo mkdir /mnt/sdaroot
# you can do ls /dev/mapper to check the name if it is different
sudo mount -t ext4 /dev/mapper/sda5_crypt--root /mnt/sdaroot
# mount new hard drive (over USB)
sudo cryptsetup luksOpen /dev/sdc5 sdc5_crypt
sudo mkdir /mnt/sdcroot
sudo mount -t ext4 /dev/mapper/sdc5_crypt--root /mnt/sdcroot
# final rsync
sudo rsync -aHAX --devices --specials --delete --one-file-system --exclude proc --exclude run --exclude boot --exclude sys --exclude tmp /mnt/sdaroot/* /mnt/sdcroot/
chroot
# prepare chroot
cd /mnt/sdcroot
sudo mkdir boot
# these directories are set up by the system and we need them inside the chroot
sudo mount -t proc proc /mnt/sdcroot/proc
sudo mount -t sysfs sys /mnt/sdcroot/sys
sudo mount -o bind /dev /mnt/sdcroot/dev
# now enter the chroot
sudo chroot /mnt/root/
Changing UUIDs
Now we are root inside the chroot and run the following commands:
# inside chroot, as root
mount -t ext2 /dev/sdc1 /boot
blkid
Now you will see all the UUIDs for the various disk in the system. You will need to edit the UUIDs in /etc/fstab
and /etc/crypttab
to match the values for /dev/sdc?
In /etc/fstab
you need to use the UUID for the boot disk - /dev/sdc1
if your disks have the same letter as me.
In /etc/crypttab
you need to use the UUID for the other (big) partition - /dev/sdc5
if your disks have the same letter as me.
initramfs and grub
# now update initramfs for all installed kernels
update-initramfs -u -k all
# install grub and ensure it is up to date
grub-install /dev/sdc # NOTE sdc NOT sdc1
update-grub
# hit Ctrl-D to exit chroot
sudo umount /mnt/root
Now shutdown, put the SSD inside your laptop, cross your fingers and boot up.
Useful links
Good guide for the cryptsetup stuff at http://www.debian-administration.org/articles/577
For installing grub on an external partition: https://stackoverflow.com/questions/247030/how-to-set-up-grub-in-a-cloned-hard-disk
https://help.ubuntu.com/community/UsingUUID
Solution 2:
I tried to comment, but I lack the reputation :-)
Anyway, I used successfully the amazing guide by Hamish to migrate to a ssd on my linux-based luks-encrypted work laptop.
Just a few remarks:
1. After creating the swap lv also use
# mkswap /dev/mapper/crypt-swap
to initialize the swap, otherwise it fails during boot, as indicated in the comment above.
2. The rsync
command is too restrictive as it is. When I used it with --exclude run
, I ran into all sorts of veeeeeeery strange generally unseen by the internet errors. The run has to be included. The sys is anyway empty when booting into maintenance mode, so it can stay. Also if you exclude tmp, the newly created on the target /tmp and /var/tmp don't get a sticky bit - remember to set them by yourself. I ended up using something like
# rsync -aHAX --devices --specials --delete --one-file-system --exclude proc --exclude boot /mnt/sdaroot/* /mnt/sdcroot/
Overall - a great guide, shows the overview of the process accurately! Teaches you how to fish, so to say!