1. Create a Droplet
For this example, I made a small droplet running Debian 8.1 x64. These instructions may work for older Debian versions, and might work for Ubuntu. You may need to use some other method to boot a live environment than the Grml package I used.
https://www.digitalocean.com/community/tutorials/how-to-create-your-first-digitalocean-droplet-virtual-server
On first boot, you can see that we have a 20GB disk (/dev/vda) as a single Linux partition:
root@debian:~# fdisk -l /dev/vda Disk /dev/vda: 20 GiB, 21474836480 bytes, 41943040 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x4e0e3620
Device Boot Start End Sectors Size Id Type /dev/vda1 * 2048 41935724 41933677 20G 83 Linux
2. Install GRML RescueBoot
It’s a two step process, first install the grml-rescueboot debian package, then download the grml iso to /boot/grml/ with wget:
root@debian:~# apt-get install grml-rescueboot root@debian:~# wget http://download.grml.org/grml64-small_2014.11.iso root@debian:~# update-grub Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.16.0-4-amd64 Found initrd image: /boot/initrd.img-3.16.0-4-amd64 Found Grml ISO image: /boot/grml/grml64-small_2014.11.iso done
3. Boot from GRML
The default boot option mounts the vda device automatically, making it impossible to resize. You need to go to the advanced options and set it to run from a RAM disk instead. Here’s the steps and a few screenshots to help:
- Type reboot or shutdown -r now on the terminal window and wait for the Grub menu
- Select the Grml Rescue Image Option from the Grub menu
- Select ‘advanced options’ from the Grml boot menu
- Select ‘copy Grml to RAM’ option
-
- GRUB Menu
-
- GRML Boot Menu
-
- GRML Advanced Boot Options
-
- GRML Rescue Console
4. Repartition
- use resize2fs to shrink the existing filesystem:
root@grml ~ # fsck.ext4 -f /dev/vda1 root@grml ~ # resize2fs -M /dev/vda1
- use parted to shrink the partition and create a new LVM partition:
root@grml ~ # parted /dev/vda (parted) resizepart 1 3G (parted) mkpart primary 3001 100% (parted) set 2 lvm on (parted) quit
- Verify your work:
root@grml ~ # fdisk -l /dev/vda
- Reboot to Debian:
root@grml ~ # reboot
- Use LVM tools to create logical volumes:
root@debian:~# apt-get install lvm2 root@debian:~# pvcreate /dev/vda2 root@debian:~# vgcreate vg1 /dev/vda2 root@debian:~# lvcreate -L 5G -n home /dev/vg1
- Format and mount:
root@debian:~# mkfs.ext4 -L home /dev/vg1/home root@debian:~# mount /dev/mapper/vg1-home /home root@debian:~# df -h Filesystem Size Used Avail Use% Mounted on /dev/vda1 2.7G 1.5G 1.1G 58% / udev 10M 0 10M 0% /dev tmpfs 99M 4.4M 95M 5% /run tmpfs 248M 0 248M 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 248M 0 248M 0% /sys/fs/cgroup /dev/mapper/vg1-home 4.8G 10M 4.6G 1% /home /dev/mapper/vg1-tmp 976M 1.3M 908M 1% /tmp
- Add your new volumes to /etc/fstab:
# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/vda1 during installation UUID=22f7f3aa-4357-445b-b324-9b86ee23a508 / ext4 errors=remount-ro 0 1 /dev/mapper/vg1-home /home ext4 defaults,nosuid,nodev 0 2 /dev/mapper/vg1-tmp /tmp ext4 defaults,nosuid,nodev 0 2
5. Enjoy!
Go forth and partition your system logically according to your every whim!
Nice find! I am not quite the linux professional but it was really bothering me that there is no full disk encryption available at DO.
Does this method allow for that or atleast something very close to that?
I want to create a situation where when I request root password reset DO will have to tell me: Sorry Sir, you have modified your droplet so much that we no longer can reset your password for you.
I just realised this just resizes the original single partition allowing for extra partitions do be made, so I suppose somehow a second OS would need to be installed from within the original (now resized partition) could be completely encrypted with a fresh Debian?
Like I said not a linux professional at all so I’m just brainstorming with the limited knowledge I have.
Thanks in advance for sharing more if your knowledge and insight.
This how-to is meant for an intermediate to advanced linux admin to be able to repartition a droplet to their liking. It may be be possible to reinstall Debian and do full disk encryption, but the steps would be slightly different.
There’s little real benefit to disk encrypting a cloud virtual PC, as anyone with access to the actual hardware can copy the encryption keys out of memory.