How to Safely remove a Luks encrypted disk from RedHat 6, 7 Linux and variants
In this guide, we are about to see how to safely remove a Luks encrypted disk from RedHat Enterprise Linux 6, 7 and variant Linux distributions. The steps are just reverse to the creation order.
Before starting with removing anything first priority we need to back-up every content from encrypted partition to any other location/File System.
Step 1: Listing the encrypted disk:
Here I’m listing my current filesystem which created using the encrypted disk.
# df -h /myfiles/
Sample output:
[root@rhel7 ~]# df -h /myfiles/ Filesystem Size Used Avail Use% Mounted on /dev/mapper/myfiles 990M 1.3M 938M 1% /myfiles
Step 2: Unmounting the filesystem and clear the FSTAB and CRYPTTAB entry:
Before starting with removing we need to unmount the file system, and remove the entry from crypttab and fstab.
# umount /myfiles/ # vi /etc/crypttab # vi /etc/fstab
Step 3: Remove the Luks Key from partition or Disk.
Once done with removing entries remove the added key using “luksRemoveKey“.
# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles
Type the encryption password to remove the LUKS key from the disk.
[root@rhel7 ~]# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles Enter LUKS passphrase to be deleted: [root@rhel7 ~]#
Step 4: Remove the Crypt password stored in a file.
Remove or move the key file.
# rm -rfv /etc/crypt_password
Sample output:
[root@rhel7 ~]# rm -rfv /etc/crypt_password removed `/etc/crypt_password' [root@rhel7 ~]#
Step 5: Close the Luks Device:
Close the LUKS device.
# cryptsetup luksClose myfiles
Once we close the device it will disappear from the dm device list.
Before close:
[root@rhel7 ~]# ls -lthr /dev/mapper/ total 0 crw-rw----. 1 root root 10, 58 Feb 8 02:17 control lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol02 -> ../dm-1 lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-myfiles -> ../dm-7 lrwxrwxrwx. 1 root root 7 Feb 8 02:17 myfiles -> ../dm-8 lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol00 -> ../dm-0 lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol01 -> ../dm-5 lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol06 -> ../dm-4 lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol03 -> ../dm-6 lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol04 -> ../dm-3 lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol05 -> ../dm-2
After Close:
[root@rhel7 ~]# ls -lthr /dev/mapper/ total 0 crw-rw----. 1 root root 10, 58 Feb 8 02:20 control lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol02 -> ../dm-1 lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol00 -> ../dm-0 lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol01 -> ../dm-5 lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol06 -> ../dm-4 lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol03 -> ../dm-6 lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol04 -> ../dm-3 lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol05 -> ../dm-2 lrwxrwxrwx. 1 root root 7 Feb 8 02:25 vg_rhel7-myfiles -> ../dm-7 [root@rhel7 ~]#
Step 6: Remove the Logical volume used as the encrypted disk.
Remove the LVM used for the encrypted file system.
# lvremove /dev/mapper/vg_rhel7-myfiles
Sample Output:
[root@rhel7 ~]# lvremove /dev/mapper/vg_rhel7-myfiles Do you really want to remove active logical volume myfiles? [y/n]: y Logical volume "myfiles" successfully removed [root@rhel7 ~]#
That’s it we have done with removing the encrypted file system.
Conclusion:
Without distracting any other disk we have safely removed the encrypted disks in Red Hat Enterprise and variant Linux. Have any query? Provide your feedback in below comment section.
