by: Babin LonstonPosted on:
Table of Contents
Introduction
In this guide, we are about to see how to safely remove a Luks encrypted disk from Red Hat Enterprise Linux 6, 7 and variant Linux distributions. The steps are just reverse to the creation order.
Before starting with removing anything first priority we need to back-up every content from encrypted partition to any other location/File System.
Listing Luks encrypteddisk
Here I’m listing my current file system which created using the encrypted disk.
# df -h /myfiles/
Sample output:
[root@rhel7 ~]# df -h /myfiles/Filesystem Size Used Avail Use% Mounted on/dev/mapper/myfiles 990M 1.3M 938M 1% /myfiles
Cleaning up Persistent entries
Before starting with removing we need to unmount the file system, and remove the entry from crypttab and fstab for all luks encrypted disks .
# umount /myfiles/# vi /etc/crypttab# vi /etc/fstab
Remove the Luks Key from partition or Disk.
Once done with removing entries remove the added key using “luksRemoveKey“.
# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles
Type the encryption password to remove the LUKS key from the disk.
[root@rhel7 ~]# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles Enter LUKS passphrase to be deleted: [root@rhel7 ~]#
Remove the Crypt passwordstored in a file.
Remove or move the key file used for luks encrypted disk
# rm -rfv /etc/crypt_password
Sample output
[root@rhel7 ~]# rm -rfv /etc/crypt_passwordremoved `/etc/crypt_password'[root@rhel7 ~]#
Close the Luks Device:
Close the LUKS device.
# cryptsetup luksClose myfiles
Once we close the device it will disappear from the dm device list.
Before close
[root@rhel7 ~]# ls -lthr /dev/mapper/total 0crw-rw----. 1 root root 10, 58 Feb 8 02:17 controllrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol02 -> ../dm-1lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-myfiles -> ../dm-7lrwxrwxrwx. 1 root root 7 Feb 8 02:17 myfiles -> ../dm-8lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol00 -> ../dm-0lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol01 -> ../dm-5lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol06 -> ../dm-4lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol03 -> ../dm-6lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol04 -> ../dm-3lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol05 -> ../dm-2
After Close
[root@rhel7 ~]# ls -lthr /dev/mapper/total 0crw-rw----. 1 root root 10, 58 Feb 8 02:20 controllrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol02 -> ../dm-1lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol00 -> ../dm-0lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol01 -> ../dm-5lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol06 -> ../dm-4lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol03 -> ../dm-6lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol04 -> ../dm-3lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol05 -> ../dm-2lrwxrwxrwx. 1 root root 7 Feb 8 02:25 vg_rhel7-myfiles -> ../dm-7[root@rhel7 ~]#
Remove the Logical volume used as the encrypted disk.
Remove the LVM used for the encrypted file system.
# lvremove /dev/mapper/vg_rhel7-myfiles
Sample Output
[root@rhel7 ~]# lvremove /dev/mapper/vg_rhel7-myfiles Do you really want to remove active logical volume myfiles? [y/n]: y Logical volume "myfiles" successfully removed[root@rhel7 ~]#
That’s it we have done with removing the luks encrypted disk and file system.
Conclusion:
Without distracting any other disk we have safely removed the encrypted disks in Red Hat Enterprise and variant Linux. Have any query? Provide your feedback in below comment section.