Sidebar
Table of Contents
Trim LUKS encrypted filesystems in LVM environment
One of the possible problems you run in when you use a luks encrypted filesystem in a LVM is that you can not trim your filesystem what you want to do if you use an SSD drive.
Lets try if it works
[root@alphaframe ~]$ fstrim -v /home fstrim: /home: FITRIM ioctl failed: Operation not supported
Okay lets fix this, the problem here is that the fstrim had to be passed through luks and lvm.
/etc/fstab
Start with your /etc/fstab, add a discard to every partion you want to trim
/dev/mapper/luks-XXXXX-XXX-XXX-XXXX-XXXX / xfs defaults,discard,x-systemd.device-timeout=0 0 0 UUID=XXXXX-XXX-XXX-XXXX-XXXX /boot xfs defaults,discard 0 0 UUID=XXXX-XXXX /boot/efi vfat umask=0077,shortname=winnt 0 0 /dev/mapper/luks-XXXXX-XXX-XXX-XXXX-XXXX /home xfs defaults,discard,x-systemd.device-timeout=0 0 0 /dev/mapper/luks-XXXXX-XXX-XXX-XXXX-XXXX swap swap defaults,x-systemd.device-timeout=0 0 0 tmpfs /tmp tmpfs nodev,nosuid,size=2G 0 0
LVM configuration
open /etc/lvm/lvm.conf an enable the issue_discards option
issue_discards = 1
LUKS configuration
This part can by a bit tricky, because there are depending on your distribution.
To check out which command you had to use see man crypttab and look for the discard part
I had to add luks,discard
Next, edit the file /etc/crypttab
luks-XXXXX-XXX-XXX-XXXX-XXXX UUID=XXXXX-XXX-XXX-XXXX-XXXX none luks,discard luks-XXXXX-XXX-XXX-XXXX-XXXX UUID=XXXXX-XXX-XXX-XXXX-XXXX none luks,discard
rebuild initramfs
Finally you had to rebuild your initramfs and include your new crypttab in it.
This part depends on your distribution
On gentoo:
genkernel initramfs --ramdisk-modules --no-mrproper --no-clean --lvm --luks
On RedHat Systems:
dracut --force -I /etc/crypttab
Daily cronjob for fstrim
vim /etc/cron.daily/fstrim
#!/bin/sh TRIM=$(which fstrim) $TRIM /boot $TRIM /home $TRIM /
testing
reboot your system now and test the fstrim against /home again.
[root@alphaframe ~]$ fstrim -v /home /home: 332 GiB (356417228800 bytes) trimmed
