How to resize logical volume management devices that use Azure Disk Encryption

Applies to: ✔️ Linux VMs ✔️ Flexible scale sets

In this article, you'll learn how to resize data disks that use Azure Disk Encryption. To resize the disks, you'll use logical volume management (LVM) on Linux. The steps apply to multiple scenarios.

You can use this resizing process in the following environments:

  • Linux distributions:
    • Red Hat Enterprise Linux (RHEL) 7 or later
    • Ubuntu 18.04 or later
    • SUSE 12 or later
  • Azure Disk Encryption versions:
    • Single-pass extension
    • Dual-pass extension

Prerequisites

This article assumes that you have:

Scenarios

The procedures in this article apply to the following scenarios:

  • Traditional LVM and LVM-on-crypt configurations
  • Traditional LVM encryption
  • LVM-on-crypt
  • Data disks only. OS disk resizing is not supported.

Traditional LVM and LVM-on-crypt configurations

Traditional LVM and LVM-on-crypt configurations extend a logical volume (LV) when the volume group (VG) has available space.

Traditional LVM encryption

In traditional LVM encryption, LVs are encrypted. The whole disk isn't encrypted.

By using traditional LVM encryption, you can:

  • Extend the LV when you add a new physical volume (PV).
  • Extend the LV when you resize an existing PV.

LVM-on-crypt

The recommended method for disk encryption is LVM-on-encrypt. This method encrypts the entire disk, not just the LV.

By using LVM-on-crypt, you can:

  • Extend the LV when you add a new PV.
  • Extend the LV when you resize an existing PV.

Note

We don't recommend mixing traditional LVM encryption and LVM-on-crypt on the same VM.

The following sections provide examples of how to use LVM and LVM-on-crypt. The examples use preexisting values for disks, PVs, VGs, LVs, file systems, universally unique identifiers (UUIDs), and mount points. Replace these values with your own values to fit your environment.

Extend an LV when the VG has available space

The traditional way to resize LVs is to extend an LV when the VG has space available. You can use this method for nonencrypted disks, traditional LVM-encrypted volumes, and LVM-on-crypt configurations.

  1. Verify the current size of the file system that you want to increase:

    df -h /mountpoint
    

    Screenshot showing code that checks the size of the file system. The command and the result are highlighted.

  2. Verify that the VG has enough space to increase the LV:

    sudo vgs
    

    Screenshot showing the code that checks for space on the VG. The command and the result are highlighted.

    You can also use vgdisplay:

    sudo vgdisplay vgname
    

    Screenshot showing the V G display code that checks for space on the VG. The command and the result are highlighted.

  3. Identify which LV needs to be resized:

    sudo lsblk
    

    Screenshot showing the result of the l s b l k command. The command and the result are highlighted.

    For LVM-on-crypt, the difference is that this output shows that the encrypted layer is at the disk level.

    Screenshot showing the result of the l s b l k command. The output is highlighted. It shows the encrypted layer.

  4. Check the LV size:

    sudo lvdisplay lvname
    

    Screenshot showing the code that checks the logical volume size. The command and the result are highlighted.

  5. Increase the LV size by using -r to resize the file system online:

    sudo lvextend -r -L +2G /dev/vgname/lvname
    

    Screenshot showing the code that increases the size of the logical volume. The command and the results are highlighted.

  6. Verify the new sizes for the LV and the file system:

    df -h /mountpoint
    

    Screenshot showing the code that verifies the size of the LV and the file system. The command and the result are highlighted.

    The size output indicates that the LV and file system were successfully resized.

You can check the LV information again to confirm the changes at the level of the LV:

sudo lvdisplay lvname

Screenshot showing the code that confirms the new sizes. The sizes are highlighted.

Extend a traditional LVM volume by adding a new PV

When you need to add a new disk to increase the VG size, extend your traditional LVM volume by adding a new PV.

  1. Verify the current size of the file system that you want to increase:

    df -h /mountpoint
    

    Screenshot showing the code that checks the current size of a file system. The command and the result are highlighted.

  2. Verify the current PV configuration:

    sudo pvs
    

    Screenshot showing the code that checks the current PV configuration. The command and the result are highlighted.

  3. Check the current VG information:

    sudo vgs
    

    Screenshot showing the code that checks the current volume group information. The command and the result are highlighted.

  4. Check the current disk list. Identify data disks by checking the devices in /dev/disk/azure/scsi1/.

    sudo ls -l /dev/disk/azure/scsi1/
    

    Screenshot showing the code that checks the current disk list. The command and the results are highlighted.

  5. Check the output of lsblk:

    sudo lsbk
    

    Screenshot showing the code that checks the output of l s b l k. The command and the results are highlighted.

  6. Attach the new disk to the VM by following the instructions in Attach a data disk to a Linux VM.

  7. Check the disk list, and notice the new disk.

    sudo ls -l /dev/disk/azure/scsi1/
    

    Screenshot showing the code that checks the disk list. The results are highlighted.

    sudo lsblk
    

    Screenshot showing the code that checks the disk list by using l s b l k. The command and the result are highlighted.

  8. Create a new PV on top of the new data disk:

    sudo pvcreate /dev/newdisk
    

    Screenshot showing the code that creates a new PV. The result is highlighted.

    This method uses the whole disk as a PV without a partition. Alternatively, you can use fdisk to create a partition and then use that partition for pvcreate.

  9. Verify that the PV was added to the PV list:

    sudo pvs
    

    Screenshot showing the code that shows the physical volume list. The result is highlighted.

  10. Extend the VG by adding the new PV to it:

    sudo vgextend vgname /dev/newdisk
    

    Screenshot showing the code that extends the volume group. The result is highlighted.

  11. Check the new VG size:

    sudo vgs
    

    Screenshot showing the code that checks the volume group size. The results are highlighted.

  12. Use lsblk to identify the LV that needs to be resized:

    sudo lsblk
    

    Screenshot showing the code that identifies the local volume that needs to be resized. The results are highlighted.

  13. Extend the LV size by using -r to increase the file system online:

    sudo lvextend -r -L +2G /dev/vgname/lvname
    

    Screenshot showing code that increases the size of the file system online. The results are highlighted.

  14. Verify the new sizes of the LV and file system:

    df -h /mountpoint
    

    Screenshot showing the code that checks the sizes of the local volume and the file system. The command and the result are highlighted.

    Important

    When Azure Data Encryption is used on traditional LVM configurations, the encrypted layer is created at the LV level, not at the disk level.

    At this point, the encrypted layer is expanded to the new disk. The actual data disk has no encryption settings at the platform level, so its encryption status isn't updated.

    These are some of the reasons why LVM-on-crypt is the recommended approach.

  15. Check the encryption information from the portal:

    Screenshot showing encryption information in the portal. The disk name and the encryption are highlighted.

    To update the encryption settings on the disk, add a new LV and enable the extension on the VM.

  16. Add a new LV, create a file system on it, and add it to /etc/fstab.

  17. Set the encryption extension again. This time you'll stamp the encryption settings on the new data disk at the platform level. Here's a CLI example:

    az vm encryption enable -g ${RGNAME} --name ${VMNAME} --disk-encryption-keyvault "<your-unique-keyvault-name>"
    
  18. Check the encryption information from the portal:

    Screenshot showing encryption information in the portal. The disk name and the encryption information are highlighted.

After the encryption settings are updated, you can delete the new LV. Also delete the entry from the /etc/fstab and /etc/crypttab that you created.

Screenshot showing the code that deletes the new logical volume. The deleted F S tab and crypt tab are highlighted.

Follow these steps to finish cleaning up:

  1. Unmount the LV:

    sudo umount /mountpoint
    
  2. Close the encrypted layer of the volume:

    sudo cryptsetup luksClose /dev/vgname/lvname
    
  3. Delete the LV:

    sudo lvremove /dev/vgname/lvname
    

Extend a traditional LVM volume by resizing an existing PV

Im some scenarios, your limitations might require you to resize an existing disk. Here's how:

  1. Identify your encrypted disks:

    sudo ls -l /dev/disk/azure/scsi1/
    

    Screenshot showing the code that identifies encrypted disks. The results are highlighted.

    sudo lsblk -fs
    

    Screenshot showing alternative code that identifies encrypted disks. The results are highlighted.

  2. Check the PV information:

    sudo pvs
    

    Screenshot showing the code that checks information about the physical volume. The results are highlighted.

    The results in the image show that all of the space on all of the PVs is currently used.

  3. Check the VG information:

    sudo vgs
    sudo vgdisplay -v vgname
    

    Screenshot showing the code that checks information about the volume group. The results are highlighted.

  4. Check the disk sizes. You can use fdisk or lsblk to list the drive sizes.

    for disk in `sudo ls -l /dev/disk/azure/scsi1/* | awk -F/ '{print $NF}'` ; do echo "sudo fdisk -l /dev/${disk} | grep ^Disk "; done | bash
    
    sudo lsblk -o "NAME,SIZE"
    

    Screenshot showing the code that checks disk sizes. The results are highlighted.

    Here we identified which PVs are associated with which LVs by using lsblk -fs. You can identify the associations by running lvdisplay.

    sudo lvdisplay --maps VG/LV
    sudo lvdisplay --maps datavg/datalv1
    

    Screenshot showing an alternative way to identify physical volume associations with local volumes. The results are highlighted.

    In this case, all four data drives are part of the same VG and a single LV. Your configuration might differ.

  5. Check the current file system utilization:

    df -h /datalvm*
    

    Screenshot showing the code that checks file system utilization. The command and the results are highlighted.

  6. Resize the data disks by following the instructions in Expand an Azure managed disk. You can use the portal, the CLI, or PowerShell.

    Important

    Some data disks on Linux VMs can be resized without Deallocating the VM, please check [Expand virtual hard disks on a Linux VM](https://learn.microsoft.com/azure/virtual-machines/linux/expand-disks? tabs=ubuntu#expand-an-azure-managed-disk) in order to verify your disks meet the requirements.

  7. Start the VM and check the new sizes by using fdisk.

    for disk in `sudo ls -l /dev/disk/azure/scsi1/* | awk -F/ '{print $NF}'` ; do echo "sudo fdisk -l /dev/${disk} | grep ^Disk "; done | bash
    
    sudo lsblk -o "NAME,SIZE"
    

    Screenshot showing the code that checks disk size. The result is highlighted.

    In this case, /dev/sdd was resized from 5 G to 20 G.

  8. Check the current PV size:

    sudo pvdisplay /dev/resizeddisk
    

    Screenshot showing the code that checks the size of the P V. The result is highlighted.

    Even though the disk was resized, the PV still has the previous size.

  9. Resize the PV:

    sudo pvresize /dev/resizeddisk
    

    Screenshot showing the code that resizes the physical volume. The result is highlighted.

  10. Check the PV size:

    sudo pvdisplay /dev/resizeddisk
    

    Screenshot showing the code that checks the physical volume's size. The result is highlighted.

    Apply the same procedure for all of the disks that you want to resize.

  11. Check the VG information.

    sudo vgdisplay vgname
    

    Screenshot showing the code that checks information for the volume group. The result is highlighted.

    The VG now has enough space to be allocated to the LVs.

  12. Resize the LV:

    sudo lvresize -r -L +5G vgname/lvname
    sudo lvresize -r -l +100%FREE /dev/datavg/datalv01
    

    Screenshot showing the code that resizes the L V. The results are highlighted.

  13. Check the size of the file system:

    df -h /datalvm2
    

    Screenshot showing the code that checks the size of the file system. The result is highlighted.

Extend an LVM-on-crypt volume by adding a new PV

You can also extend an LVM-on-crypt volume by adding a new PV. This method closely follows the steps in Configure LVM and RAID on encrypted devices. See the sections that explain how to add a new disk and set it up in an LVM-on-crypt configuration.

You can use this method to add space to an existing LV. Or you can create new VGs or LVs.

  1. Verify the current size of your VG:

    sudo vgdisplay vgname
    

    Screenshot showing the code that checks the volume group size. Results are highlighted.

  2. Verify the size of the file system and LV that you want to expand:

    sudo lvdisplay /dev/vgname/lvname
    

    Screenshot showing the code that checks the size of the local volume. Results are highlighted.

    df -h mountpoint
    

    Screenshot showing the code that checks the file system's size. The result is highlighted.

  3. Add a new data disk to the VM and identify it.

    Before you add the new disk, check the disks:

    sudo fdisk -l | egrep ^"Disk /"
    

    Screenshot showing the code that checks the size of the disks. The result is highlighted.

    Here's another way to check the disks before you add the new disk:

    sudo lsblk
    

    Screenshot showing an alternative code that checks the size of the disks. The results are highlighted.

    To add the new disk, you can use PowerShell, the Azure CLI, or the Azure portal. For more information, see Attach a data disk to a Linux VM.

    The kernel name scheme applies to the newly added device. A new drive is normally assigned the next available letter. In this case, the added disk is sdd.

  4. Check the disks to make sure the new disk has been added:

    sudo fdisk -l | egrep ^"Disk /"
    

    Screenshot showing the code that lists the disks. The results are highlighted.

    sudo lsblk
    

    Screenshot showing the newly added disk in the output.

  5. Create a file system on top of the recently added disk. Match the disk to the linked devices on /dev/disk/azure/scsi1/.

    sudo ls -la /dev/disk/azure/scsi1/
    

    Screenshot showing the code that creates a file system. The results are highlighted.

    sudo mkfs.ext4 /dev/disk/azure/scsi1/${disk}
    

    Screenshot showing additional code that creates a file system and matches the disk to the linked devices. The results are highlighted.

  6. Create a temporary mount point for the new added disk:

    newmount=/data4
    sudo mkdir ${newmount}
    
  7. Add the recently created file system to /etc/fstab.

    sudo blkid /dev/disk/azure/scsi1/lun4| awk -F\" '{print "UUID="$2" '${newmount}' "$4" defaults,nofail 0 0"}' >> /etc/fstab
    
  8. Mount the newly created file system:

    sudo mount -a
    
  9. Verify that the new file system is mounted:

    df -h
    

    Screenshot showing the code that verifies that the file system is mounted. The result is highlighted.

    sudo lsblk
    

    Screenshot showing additional code that verifies that the file system is mounted. The result is highlighted.

  10. Restart the encryption that you previously started for data drives.

    Tip

    For LVM-on-crypt, we recommend that you use EncryptFormatAll. Otherwise, you might see a double encryption while you set additional disks.

    For more information, see Configure LVM and RAID on encrypted devices.

    Here's an example:

    az vm encryption enable \
    --resource-group ${RGNAME} \
    --name ${VMNAME} \
    --disk-encryption-keyvault ${KEYVAULTNAME} \
    --key-encryption-key ${KEYNAME} \
    --key-encryption-keyvault ${KEYVAULTNAME} \
    --volume-type "DATA" \
    --encrypt-format-all \
    -o table
    

    When the encryption finishes, you see a crypt layer on the newly added disk:

    sudo lsblk
    

    Screenshot showing the code that checks the crypt layer. The result is highlighted.

  11. Unmount the encrypted layer of the new disk:

    sudo umount ${newmount}
    
  12. Check the current PV information:

    sudo pvs
    

    Screenshot showing the code that checks information about the physical volume. The result is highlighted.

  13. Create a PV on top of the encrypted layer of the disk. Take the device name from the previous lsblk command. Add a /dev/ mapper in front of the device name to create the PV:

    sudo pvcreate /dev/mapper/mapperdevicename
    

    Screenshot showing the code that creates a physical volume on the encrypted layer. The results are highlighted.

    You see a warning about wiping the current ext4 fs signature. This warning is expected. Answer this question with y.

  14. Verify that the new PV was added to the LVM configuration:

    sudo pvs
    

    Screenshot showing the code that verifies that the physical volume was added to the LVM configuration. The result is highlighted.

  15. Add the new PV to the VG that you need to increase.

    sudo vgextend vgname /dev/mapper/nameofhenewpv
    

    Screenshot showing the code that adds a physical volume to a volume group. The results are highlighted.

  16. Verify the new size and free space of the VG:

    sudo vgdisplay vgname
    

    Screenshot showing the code that verifies the size and free space of the volume group. The results are highlighted.

    Note the increase of the Total PE count and the Free PE / Size.

  17. Increase the size of the LV and the file system. Use the -r option on lvextend. In this example, we're adding the total available space in the VG to the given LV.

    sudo lvextend -r -l +100%FREE /dev/vgname/lvname
    

    Screenshot showing the code that increases the size of the local volume and the file system. The results are highlighted.

Follow the next steps to verify your changes.

  1. Verify the size of the LV:

    sudo lvdisplay /dev/vgname/lvname
    

    Screenshot showing the code that verifies the new size of the local volume. The results are highlighted.

  2. Verify the new size of the file system:

    df -h /mountpoint
    

    Screenshot showing the code that verifies the new size of the file system. The result is highlighted.

  3. Verify that the LVM layer is on top of the encrypted layer:

    sudo lsblk
    

    Screenshot showing the code that verifies that the LVM layer is on top of the encrypted layer. The result is highlighted.

    If you use lsblk without options, then you see the mount points multiple times. The command sorts by device and LVs.

    You might want to use lsblk -fs. In this command, -fs reverses the sort order so that the mount points are shown once. The disks are shown multiple times.

    sudo lsblk -fs
    

    Screenshot showing alternative code that verifies that the LVM layer is on top of the encrypted layer. The result is highlighted.

Extend an LVM on a crypt volume by resizing an existing PV

  1. Identify your encrypted disks:

    sudo lsblk
    

    Screenshot showing the code that identifies the encrypted disks. The results are highlighted.

    sudo lsblk -s
    

    Screenshot showing alternative code that identifies the encrypted disks. The results are highlighted.

  2. Check your PV information:

    sudo pvs
    

    Screenshot showing the code that checks information for physical volumes. The results are highlighted.

  3. Check your VG information:

    sudo vgs
    

    Screenshot showing the code that checks information for volume groups. The results are highlighted.

  4. Check your LV information:

    sudo lvs
    

    Screenshot showing the code that checks information for the local volume. The result is highlighted.

  5. Check the file system utilization:

    df -h /mountpoint(s)
    

    Screenshot showing the code that checks how much of the file system is being used. The results are highlighted.

  6. Check the sizes of your disks:

    sudo fdisk
    sudo fdisk -l | egrep ^"Disk /"
    sudo lsblk
    

    Screenshot showing the code that checks the size of disks. The results are highlighted.

  7. Resize the data disk. You can use the portal, CLI, or PowerShell. For more information, see the disk-resize section in Expand virtual hard disks on a Linux VM.

    Important

    You can't resize virtual disks while the VM is running. Deallocate your VM for this step.

  8. Check your disks sizes:

    sudo fdisk
    sudo fdisk -l | egrep ^"Disk /"
    sudo lsblk
    

    Screenshot showing code that checks disk sizes. The results are highlighted.

    In this case, both disks were resized from 2 GB to 4 GB. But the size of the file system, LV, and PV remain the same.

  9. Check the current PV size. Remember that on LVM-on-crypt, the PV is the /dev/mapper/ device, not the /dev/sd* device.

    sudo pvdisplay /dev/mapper/devicemappername
    

    Screenshot showing the code that checks the size of the current physical volume. The results are highlighted.

  10. Resize the PV:

    sudo pvresize /dev/mapper/devicemappername
    

    Screenshot showing the code that resizes the physical volume. The results are highlighted.

  11. Check the new PV size:

    sudo pvdisplay /dev/mapper/devicemappername
    

    Screenshot showing the code that checks the size of the physical volume. The results are highlighted.

  12. Resize the encrypted layer on the PV:

    sudo cryptsetup resize /dev/mapper/devicemappername
    

    Apply the same procedure for all of the disks that you want to resize.

  13. Check your VG information:

    sudo vgdisplay vgname
    

    Screenshot showing the code that checks information for the volume group. The results are highlighted.

    The VG now has enough space to be allocated to the LVs.

  14. Check the LV information:

    sudo lvdisplay vgname/lvname
    

    Screenshot showing the code that checks information for the local volume. The results are highlighted.

  15. Check the file system utilization:

    df -h /mountpoint
    

    Screenshot showing the code that checks utilization of the file system. The results are highlighted.

  16. Resize the LV:

    sudo lvresize -r -L +2G /dev/vgname/lvname
    

    Screenshot showing the code that resizes the local volume. The results are highlighted.

    Here we use the -r option to also resize the file system.

  17. Check the LV information:

    sudo lvdisplay vgname/lvname
    

    Screenshot showing the code that gets information about the local volume. The results are highlighted.

  18. Check the file system utilization:

    df -h /mountpoint
    

    Screenshot showing the code that checks the file system utilization. The results are highlighted.

Apply the same resizing procedure to any other LV that requires it.

Next steps

Troubleshoot Azure Disk Encryption