Anonymous
×
Create a new article
Write your page title here:
We currently have 9 articles on NixSec. Type your article name above or click on one of the titles below and start writing!



    NixSec

    Vps lvm postinstall


    Steps for partitioning

    Resize the parttion /dev/sda2 in rescue mode with gparted to minimum size

    Install lvm2 (In OS)

    yum install -y lvm2
    

    Change this line in /etc/default/grub (In OS)

    GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg0/usr rd.lvm.lv=vg0/swap biosdevname=0 net.ifnames=0 rhgb quiet fips=0 nousb audit=1"
    

    Make grub and initrd lvm aware (In OS)

    dracut -f -a lvm
    
    grub2-mkconfig -o /boot/grub2/grub.cfg
    

    fdisk the new partition and make it lvm

    # fdisk /dev/sda
    Welcome to fdisk (util-linux 2.23.2).
    
    Changes will remain in memory only, until you decide to write them.
    Be careful before using the write command.
    
    
    Command (m for help): n
    Partition type:
       p   primary (2 primary, 0 extended, 2 free)
       e   extended
    Select (default p): 
    Using default response p
    Partition number (3,4, default 3): 
    First sector (7421952-838860799, default 7421952): 
    Using default value 7421952
    Last sector, +sectors or +size{K,M,G} (7421952-838860799, default 838860799): 
    Using default value 838860799
    Partition 3 of type Linux and of size 396.5 GiB is set
    
    Command (m for help): t
    Partition number (1-3, default 3): 
    Hex code (type L to list all codes): 8e
    Changed type of partition 'Linux' to 'Linux LVM'
    
    Command (m for help): w
    The partition table has been altered!
    
    Calling ioctl() to re-read partition table.
    
    WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
    The kernel still uses the old table. The new table will be used at
    the next reboot or after you run partprobe(8) or kpartx(8)
    Syncing disks.
    
    
    # partprobe /dev/sda
    
    

    Create the volume group

    vgcreate vg0 /dev/sda3
    


    LVM stuff (In OS)

    lvcreate -n home -L +5G vg0
    lvcreate -n usr -L +6G vg0
    lvcreate -n var -L +2G vg0
    lvcreate -n var_log -L +2G vg0
    lvcreate -n var_log_audit -L +2G vg0
    lvcreate -n var_tmp -L +1G vg0
    lvcreate -n tmp -L +1G vg0
    lvcreate -n swap -L +2048M vg0
    lvcreate -n shm -L +2048M vg0
    
    mkfs.ext4 /dev/vg0/home
    mkfs.ext4 /dev/vg0/usr
    mkfs.ext4 /dev/vg0/var
    mkfs.ext4 /dev/vg0/var_tmp
    mkfs.ext4 /dev/vg0/var_log
    mkfs.ext4 /dev/vg0/var_log_audit
    mkfs.ext4 /dev/vg0/tmp
    mkfs.ext4 /dev/vg0/shm
    mkswap /dev/vg0/swap
    

    Repartition stuff (In rescue mode!!)

    # Activate lvm
    vgchange -a y
    # Mount root and boot
    mount /dev/sda2 /mnt/
    mount /dev/sda1 /mnt/boot
    # rename dirs
    mv /mnt/usr /mnt/usr2
    mkdir /mnt/usr
    mount /dev/vg0/usr /mnt/usr
    mv /mnt/usr2/* /mnt/usr
    mv /mnt/var /mnt/var2
    mkdir /mnt/var
    mount /dev/vg0/var /mnt/var
    mv /mnt/var2/* /mnt/var
    mv /mnt/var/log /mnt/var/log2
    mkdir /mnt/var/log
    mount /dev/vg0/var_log /mnt/var/log
    mv /mnt/var/log2/* /mnt/var/log
    mv /mnt/var/log/audit /mnt/var/log/audit2
    mkdir /mnt/var/log/audit
    mount /dev/vg0/var_log_audit /mnt/var/log/audit
    mv /mnt/var/log/audit2/* /mnt/var/log/audit
    rm -rf /mnt/var/log2
    rm -rf /mnt/usr2
    rm -rf /mnt/var2
    


    New fstab

    echo "/dev/mapper/vg0-shm /dev/shm                ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-home    /home                   ext4     defaults,nosuid,nodev        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-usr     /usr                    ext4     defaults        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-var     /var                    ext4     defaults,nosuid        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-var_log /var/log                ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-var_log_audit /var/log/audit          ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-var_tmp /var/tmp                ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-tmp     /tmp                    ext4     defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    echo "/dev/mapper/vg0-swap    swap                    swap    defaults,nosuid,nodev,noexec        0 0" >> /mnt/etc/fstab
    


    Congratulations! You can now reboot


    Only needed for debugging when it doesn't boot

    vgchange -a y
    mount /dev/sda2 /mnt
    mount /dev/sda1 /mnt/boot
    mount /dev/vg0/usr /mnt/usr
    mount /dev/vg0/home /mnt/home
    mount /dev/vg0/var /mnt/var
    mount /dev/vg0/var_log /mnt/var/log
    mount /dev/vg0/var_log_audit /mnt/var/log/audit
    mount /dev/vg0/tmp /mnt/tmp
    mount /dev/vg0/var_tmp /mnt/var/tmp
    mount -o bind /dev /mnt/dev
    mount -o bind /sys /mnt/sys
    mount -t proc /proc /mnt/proc
    chroot /mnt