Anonymous
×
Create a new article
Write your page title here:
We currently have 12 articles on NixSec. Type your article name above or click on one of the titles below and start writing!



    NixSec

    Vps lvm postinstall


    Steps for partitioning

    Resize the parttion /dev/sda2 in rescue mode with gparted to minimum size

    Install lvm2 (In OS)

    yum install -y lvm2
    

    Change this line in /etc/default/grub (In OS)

    GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg0/usr rd.lvm.lv=vg0/swap biosdevname=0 net.ifnames=0 rhgb quiet fips=0 nousb audit=1"
    

    Make grub and initrd lvm aware (In OS)

    dracut -f -a lvm
    
    grub2-mkconfig -o /boot/grub2/grub.cfg
    

    fdisk the new partition and make it lvm

    # fdisk /dev/sda
    Welcome to fdisk (util-linux 2.23.2).
    
    Changes will remain in memory only, until you decide to write them.
    Be careful before using the write command.
    
    
    Command (m for help): n
    Partition type:
       p   primary (2 primary, 0 extended, 2 free)
       e   extended
    Select (default p): 
    Using default response p
    Partition number (3,4, default 3): 
    First sector (7421952-838860799, default 7421952): 
    Using default value 7421952
    Last sector, +sectors or +size{K,M,G} (7421952-838860799, default 838860799): 
    Using default value 838860799
    Partition 3 of type Linux and of size 396.5 GiB is set
    
    Command (m for help): t
    Partition number (1-3, default 3): 
    Hex code (type L to list all codes): 8e
    Changed type of partition 'Linux' to 'Linux LVM'
    
    Command (m for help): w
    The partition table has been altered!
    
    Calling ioctl() to re-read partition table.
    
    WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
    The kernel still uses the old table. The new table will be used at
    the next reboot or after you run partprobe(8) or kpartx(8)
    Syncing disks.
    
    
    # partprobe /dev/sda
    
    

    Create the volume group

    vgcreate vg0 /dev/sda3
    


    LVM stuff (In OS)

    lvcreate -n home -L +5G vg0
    lvcreate -n usr -L +6G vg0
    lvcreate -n var -L +2G vg0
    lvcreate -n var_log -L +2G vg0
    lvcreate -n var_log_audit -L +2G vg0
    lvcreate -n var_tmp -L +1G vg0
    lvcreate -n tmp -L +1G vg0
    lvcreate -n swap -L +2048M vg0
    lvcreate -n shm -L +2048M vg0
    
    mkfs.ext4 /dev/vg0/home
    mkfs.ext4 /dev/vg0/usr
    mkfs.ext4 /dev/vg0/var
    mkfs.ext4 /dev/vg0/var_tmp
    mkfs.ext4 /dev/vg0/var_log
    mkfs.ext4 /dev/vg0/var_log_audit
    mkfs.ext4 /dev/vg0/tmp
    mkfs.ext4 /dev/vg0/shm
    mkswap /dev/vg0/swap
    

    Repartition stuff (In rescue mode!!)

    # Activate lvm
    vgchange -a y
    # Mount root and boot
    mount /dev/sda2 /mnt/
    mount /dev/sda1 /mnt/boot
    # rename dirs
    mv /mnt/usr /mnt/usr2
    mkdir /mnt/usr
    mount /dev/vg0/usr /mnt/usr
    mv /mnt/usr2/* /mnt/usr
    mv /mnt/var /mnt/var2
    mkdir /mnt/var
    mount /dev/vg0/var /mnt/var
    mv /mnt/var2/* /mnt/var
    mv /mnt/var/log /mnt/var/log2
    mkdir /mnt/var/log
    mount /dev/vg0/var_log /mnt/var/log
    mv /mnt/var/log2/* /mnt/var/log
    mv /mnt/var/log/audit /mnt/var/log/audit2
    mkdir /mnt/var/log/audit
    mount /dev/vg0/var_log_audit /mnt/var/log/audit
    mv /mnt/var/log/audit2/* /mnt/var/log/audit
    rm -rf /mnt/var/log2
    rm -rf /mnt/usr2
    rm -rf /mnt/var2
    


    New fstab

    echo "/dev/mapper/vg0-shm /dev/shm                ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-home    /home                   ext4     defaults,nosuid,nodev        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-usr     /usr                    ext4     defaults        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-var     /var                    ext4     defaults,nosuid        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-var_log /var/log                ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-var_log_audit /var/log/audit          ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-var_tmp /var/tmp                ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-tmp     /tmp                    ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-swap    swap                    swap    defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    


    Congratulations! You can now reboot


    Only needed for debugging when it doesn't boot

    vgchange -a y
    mount /dev/sda2 /mnt
    mount /dev/sda1 /mnt/boot
    mount /dev/vg0/usr /mnt/usr
    mount /dev/vg0/home /mnt/home
    mount /dev/vg0/var /mnt/var
    mount /dev/vg0/var_log /mnt/var/log
    mount /dev/vg0/var_log_audit /mnt/var/log/audit
    mount /dev/vg0/tmp /mnt/tmp
    mount /dev/vg0/var_tmp /mnt/var/tmp
    mount -o bind /dev /mnt/dev
    mount -o bind /sys /mnt/sys
    mount -t proc /proc /mnt/proc
    chroot /mnt