Chapter 10. Managing storage devices in the web console

You can use the RHEL 8 web console to configure physical and virtual storage devices. This chapter provides instructions for these devices:

  • Mounted NFS
  • Logical Volumes
  • RAID
  • VDO

Prerequisites

  • The RHEL 8 web console has been installed.

    For details, see Installing the web console.

  • The cockpit-storaged package is installed on your system.

10.1. Managing NFS mounts in the web console

The RHEL 8 web console enables you to mount remote directories using the Network File System (NFS) protocol.

NFS makes it possible to reach and mount remote directories located on the network and work with the files as if the directory was located on your physical drive.

Prerequisites

  • NFS server name or IP address.
  • Path to the directory on the remote server.

10.1.1. Connecting NFS mounts in the web console

The following steps aim to help you with connecting a remote directory to your file system using NFS.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • NFS server name or IP address.
  • Path to the directory on the remote server.

Procedure

  1. Log in to the RHEL 8 web console.

    For details, see Logging in to the web console.

  2. Click Storage.
  3. Click + in the NFS mounts section.

    cockpit nfs plus

  4. In the New NFS Mount dialog box, enter the server or IP address of the remote server.
  5. In the Path on Server field, enter the path to the directory you want to mount.
  6. In the Local Mount Point field, enter the path where you want to find the directory in your local system.
  7. Select Mount at boot. This ensures that the directory will be reachable also after the restart of the local system.
  8. Optionally, select Mount read only if you do not want to change the content.

    cockpit new nfs mount

  9. Click Add.

At this point, you can open the mounted directory and verify that the content is accessible.

cockpit nfs mounted

To troubleshoot the connection, you can adjust it with the Custom Mount Options.

10.1.2. Customizing NFS mount options in the web console

The following section provides you with information on how to edit an existing NFS mount and shows you where to add custom mount options.

Custom mount options can help you to troubleshoot the connection or change parameters of the NFS mount such as changing timeout limits or configuring authentication.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • NFS mount added.

Procedure

  1. Log in to the RHEL 8 web console.

    For details, see Logging in to the web console.

  2. Click Storage.
  3. Click on the NFS mount you want to adjust.
  4. If the remote directory is mounted, click Unmount.

    The directory must not be mounted during the custom mount options configuration. Otherwise the web console does not save the configuration and this will cause an error.

    cockpit nfs unmount

  5. Click Edit.

    cockpit nfs edit

  6. In the NFS Mount dialog box, select Custom mount option.
  7. Enter mount options separated by a comma. For example:

    • nfsvers=4 — the NFS protocol version number
    • soft — type of recovery after an NFS request times out
    • sec=krb5 — files on the NFS server can be secured by Kerberos authentication. Both the NFS client and server have to support Kerberos authentication.

    cockpit nfs custom option

    For a complete list of the NFS mount options, enter man nfs in the command line.

  8. Click Apply.
  9. Click Mount.

Now you can open the mounted directory and verify that the content is accessible.

cockpit nfs mounted

10.2. Managing Redundant Arrays of Independent Disks in the web console

Redundant Arrays of Independent Disks (RAID) represents a way how to arrange more disks into one storage.

RAID protects data stored in the disks against disk failure with the following data distribution strategies:

  • Mirroring — data are copied to two different locations. If one disk fails, you have a copy and your data is not lost.
  • Striping — data are evenly distributed among disks.

Level of protection depends on the RAID level.

The RHEL web console supports the following RAID levels:

  • RAID 0 (Stripe)
  • RAID 1 (Mirror)
  • RAID 4 (Dedicated parity)
  • RAID 5 (Distributed parity)
  • RAID 6 (Double Distributed Parity)
  • RAID 10 (Stripe of Mirrors)

Before you can use disks in RAID, you need to:

  • Create a RAID.
  • Format it with file system.
  • Mount the RAID to the server.

Prerequisites

10.2.1. Creating RAID in the web console

This procedure aims to help you with configuring RAID in the RHEL 8 web console.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • Physical disks connected to the system. Each RAID level requires different amount of disks.

Procedure

  1. Open the RHEL 8 web console.
  2. Click Storage.
  3. Click the + icon in the RAID Devices box.

    cockpit raid add

  4. In the Create RAID Device dialog box, enter a name for a new RAID.
  5. In the RAID Level drop-down list, select a level of RAID you want to use.
  6. In the Chunk Size drop-down list, leave the predefined value as it is.

    The Chunk Size value specifies how large is each block for data writing. If the chunk size is 512 KiB, the system writes the first 512 KiB to the first disk, the second 512 KiB is written to the second disk, and the third chunk will be written to the third disk. If you have three disks in your RAID, the fourth 512 KiB will be written to the first disk again.

  7. Select disks you want to use for RAID.

    cockpit raid create

  8. Click Create.

In the Storage section, you can see the new RAID in the RAID devices box and format it.

cockpit raid created

Now you have the following options how to format and mount the new RAID in the web console:

10.2.2. Formatting RAID in the web console

This section describes formatting procedure of the new software RAID device which is created in the RHEL 8 web interface.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • Physical disks are connected and visible by RHEL 8.
  • RAID is created.
  • Consider the file system which will be used for the RAID.
  • Consider creating of a partitioning table.

Procedure

  1. Open the RHEL 8 web console.
  2. Click Storage.
  3. In the RAID devices box, choose the RAID you want to format by clicking on it.
  4. In the RAID details screen, scroll down to the Content part.
  5. Click to the newly created RAID.

    cockpit raid unrecognized

  6. Click the Format button.
  7. In the Erase drop-down list, select:

    • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
    • Overwrite existing data with zeros — the RHEL web console rewrites the whole disk with zeros. This option is slower because the program has to go through the whole disk. Use this option if the RAID includes any data and you need to rewrite it.
  8. In the Type drop-down list, select a XFS file system, if you do not have another strong preference.
  9. Enter a name of the file system.
  10. In the Mounting drop down list, select Custom.

    The Default option does not ensure that the file system will be mounted on the next boot.

  11. In the Mount Point field, add the mount path.
  12. Select Mount at boot. cockpit raid format
  13. Click the Format button.

    Formatting can take several minutes depending on the used formatting options and size of RAID.

    After successful finish, you can see the details of the formatted RAID on the Filesystem tab.

    cockpit raid formatted

  14. To use the RAID, click Mount.

At this point, the system uses mounted and formatted RAID.

10.2.3. Using the web console for creating a partition table on RAID

RAID requires formatting as any other storage device. You have two options:

  • Format the RAID device without partitions
  • Create a partition table with partitions

This section describes formatting RAID with the partition table on the new software RAID device created in the RHEL 8 web interface.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • Physical disks are connected and visible by RHEL 8.
  • RAID is created.
  • Consider the file system used for the RAID.
  • Consider creating a partitioning table.

Procedure

  1. Open the RHEL 8 web console.
  2. Click Storage.
  3. In the RAID devices box, select the RAID you want to edit.
  4. In the RAID details screen, scroll down to the Content part.
  5. Click to the newly created RAID.

    cockpit raid unrecognized

  6. Click the Create partition table button.
  7. In the Erase drop-down list, select:

    • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
    • Overwrite existing data with zeros — the RHEL web console rewrites the whole RAID with zeros. This option is slower because the program has to go through the whole RAID. Use this option if RAID includes any data and you need to rewrite it.
  8. In the Partitioning drop-down list, select:

    • Compatible with modern system and hard disks > 2TB (GPT) — GUID Partition Table is a modern recommended partitioning system for large RAIDs with more than four partitions.
    • Compatible with all systems and devices (MBR) — Master Boot Record works with disks up to 2 TB in size. MBR also support four primary partitions max.

      cockpit raid partition table

  9. Click Format.

At this point, the partitioning table has been created and you can create partitions.

For creating partitions, see Using the web console for creating partitions on RAID.

10.2.4. Using the web console for creating partitions on RAID

This section describes creating a partition in the existing partition table.

Prerequisites

Procedure

  1. Open the RHEL 8 web console.
  2. Click Storage.
  3. In the RAID devices box, click to the RAID you want to edit.
  4. In the RAID details screen, scroll down to the Content part.
  5. Click to the newly created RAID.
  6. Click Create Partition.
  7. In the Create partition dialog box, set up the size of the first partition.
  8. In the Erase drop-down list, select:

    • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
    • Overwrite existing data with zeros — the RHEL web console rewrites the whole RAID with zeros. This option is slower because the program have to go through the whole RAID. Use this option if RAID includes any data and you need to rewrite it.
  9. In the Type drop-down list, select a XFS file system, if you do not have another strong preference.
  10. Enter any name for the file system. Do not use spaces in the name.
  11. In the Mounting drop down list, select Custom.

    The Default option does not ensure that the file system will be mounted on the next boot.

  12. In the Mount Point field, add the mount path.
  13. Select Mount at boot.
  14. Click Create partition.

    cockpit raid partition create

Formatting can take several minutes depending on used formatting options and size of RAID.

After successful finish, you can continue with creating other partitions.

At this point, the system uses mounted and formatted RAID.

10.2.5. Using the web console for creating a volume group on top of RAID

This section shows you how to build a volume group from software RAID.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • RAID device, which is not formatted and mounted.

Procedure

  1. Open the RHEL 8 web console.
  2. Click Storage.
  3. Click the + icon in the Volume Groups box.
  4. In the Create Volume Group dialog box, enter a name for the new volume group.
  5. In the Disks list, select a RAID device.

    If you do not see the RAID in the list, unmount the RAID from the system. The RAID device must not be used by the RHEL 8 system.

    cockpit raid vg

  6. Click Create.

The new volume group has been created and you can continue with creating a logical volume.

cockpit raid vg created

10.3. Using the web console for configuring LVM logical volumes

Red Hat Enterprise Linux 8 supports the LVM logical volume manager. When you install a Red Hat Enterprise Linux 8, it will be installed on LVM automatically created during the installation.

cockpit lvm rhel

The screenshot shows you a clean installation of the RHEL 8 system with two logical volumes in the RHEL 8 web console automatically created during the installation.

To find out more about logical volumes, follow the sections describing:

Prerequisites

  • Physical drives, RAID devices, or any other type of block device from which you can create the logical volume.

10.3.1. Logical Volume Manager in the web console

The RHEL 8 web console provides a graphical interface to create LVM volume groups and logical volumes.

Volume groups create a layer between physical and logical volumes. It makes you possible to add or remove physical volumes without influencing logical volume itself. Volume groups appear as one drive with capacity consisting of capacities of all physical drives included in the group.

You can join physical drives into volume groups in the web console.

Logical volumes act as a single physical drive and it is built on top of a volume group in your system.

Main advantages of logical volumes are:

  • Better flexibility than the partitioning system used on your physical drive.
  • Ability to connect more physical drives into one volume.
  • Possibility of expanding (growing) or reducing (shrinking) capacity of the volume on-line, without restart.
  • Ability to create snapshots.

Additional resources

10.3.2. Creating volume groups in the web console

The following describes creating volume groups from one or more physical drives or other storage devices. Logical volumes are created from volume groups.

Each volume group can include multiple logical volumes.

For details, see Volume groups.

Prerequisites

  • Physical drives or other types of storage devices from which you want to create volume groups.

Procedure

  1. Log in to the RHEL 8 web console.
  2. Click Storage.
  3. Click the + icon in the Volume Groups box.

    cockpit adding volume groups

  4. In the Name field, enter a name of a group without spaces.
  5. Select the drives you want to combine to create the volume group.

    cockpit create volume group

    It might happen that you cannot see devices as you expected. The RHEL web console displays only unused block devices. Used devices means, for example:

    • Devices formatted with a file system
    • Physical volumes in another volume group
    • Physical volumes being a member of another software RAID device

      If you do not see the device, format it to be empty and unused.

  6. Click Create.

The web console adds the volume group in the Volume Groups section. After clicking the group, you can create logical volumes that are allocated from that volume group.

cockpit volume group

10.3.3. Creating logical volumes in the web console

The following steps describe how to create LVM logical volumes.

Prerequisites

Procedure

  1. Log in to the RHEL 8 web console.
  2. Click Storage.
  3. Click the volume group in which you want to create logical volumes.
  4. Click Create new Logical Volume.
  5. In the Name field, enter a name for the new logical volume without spaces.
  6. In the Purpose drop down menu, select Block device for filesystems.

    This configuration enables you to create a logical volume with the maximum volume size which is equal to the sum of the capacities of all drives included in the volume group.

    cockpit lv block dev

  7. Define the size of the logical volume. Consider:

    • How much space the system using this logical volume will need.
    • How many logical volumes you want to create.

    You do not have to use the whole space. If necessary, you can grow the logical volume later.

    cockpit lv size

  8. Click Create.

To verify the settings, click your logical volume and check the details.

cockpit lv details

At this stage, the logical volume has been created and you need to create and mount a file system with the formatting process.

10.3.4. Formatting logical volumes in the web console

Logical volumes act as physical drives. To use them, you need to format them with a file system.

Warning

Formatting logical volumes will erase all data on the volume.

The file system you select determines the configuration parameters you can use for logical volumes. For example, some the XFS file system does not support shrinking volumes. For details, see Resizing logical volumes in the web console.

The following steps describe the procedure to format logical volumes.

Prerequisites

Procedure

  1. Log in to the RHEL web console.
  2. Click Storage.
  3. Click the volume group in which the logical volume is placed.
  4. Click the logical volume.
  5. Click on the Unrecognized Data tab.

    cockpit lv details

  6. Click Format.
  7. In the Erase drop down menu, select:

    • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
    • Overwrite existing data with zeros — the RHEL web console rewrites the whole disk with zeros. This option is slower because the program have to go through the whole disk. Use this option if the disk includes any data and you need to overwrite it.
  8. In the Type drop down menu, select a file system:

    • XFS file system supports large logical volumes, switching physical drives online without outage, and growing an existing file system. Leave this file system selected if you do not have a different strong preference.

      XFS does not support reducing the size of a volume formatted with an XFS file system

    • ext4 file system supports:

      • Logical volumes
      • Switching physical drives online without outage
      • Growing a file system
      • Shrinking a file system

    You can also select a version with the LUKS (Linux Unified Key Setup) encryption, which allows you to encrypt the volume with a passphrase.

  9. In the Name field, enter the logical volume name.
  10. In the Mounting drop down menu, select Custom.

    The Default option does not ensure that the file system will be mounted on the next boot.

  11. In the Mount Point field, add the mount path.
  12. Select Mount at boot.

    cockpit lv format

  13. Click Format.

    Formatting can take several minutes depending on the volume size and which formatting options are selected.

    After the formatting has completed successfully, you can see the details of the formatted logical volume on the Filesystem tab.

    cockpit lv formatted

  14. To use the logical volume, click Mount.

At this point, the system can use mounted and formatted logical volume.

10.3.5. Resizing logical volumes in the web console

This section describes how to resize logical volumes. You can extend or even reduce logical volumes. Whether you can resize a logical volume depends on which file system you are using. Most file systems enable you to extend (grow) the volume online (without outage).

You can also reduce (shrink) the size of logical volumes, if the logical volume contains a file system which supports shrinking. It should be available, for example, in the ext3/ext4 file systems.

Warning

You cannot reduce volumes that contains GFS2 or XFS filesystem.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • Existing logical volume containing a file system which supports resizing logical volumes.

Procedure

The following steps provide the procedure for growing a logical volume without taking the volume offline:

  1. Log in to the RHEL web console.
  2. Click Storage.
  3. Click the volume group in which the logical volume is placed.
  4. Click the logical volume.
  5. On the Volume tab, click Grow.
  6. In the Grow Logical Volume dialog box, adjust volume space.

    cockpit lv grow

  7. Click Grow.

LVM grows the logical volume without system outage.

10.4. Using the web console for configuring thin logical volumes

Thinly-provisioned logical volumes enables you to allocate more space for designated applications or servers than how much space logical volumes actually contain.

For details, see Thinly-provisioned logical volumes (thin volumes).

The following sections describe:

Prerequisites

  • Physical drives or other types of storage devices from which you want to create volume groups.

10.4.1. Creating pools for thin logical volumes in the web console

The following steps show you how to create a pool for thinly provisioned volumes:

Prerequisites

Procedure

  1. Log in to the RHEL 8 web console.
  2. Click Storage.
  3. Click the volume group in which you want to create thin volumes.
  4. Click Create new Logical Volume.
  5. In the Name field, enter a name for the new pool of thin volumes without spaces.
  6. In the Purpose drop down menu, select Pool for thinly provisioned volumes. This configuration enables you to create the thin volume.

    cockpit lv thin pool add

  7. Define the size of the pool of thin volumes. Consider:

    • How many thin volumes you will need in this pool?
    • What is the expected size of each thin volume?

    You do not have to use the whole space. If necessary, you can grow the pool later.

    cockpit lv thin pool size

  8. Click Create.

    The pool for thin volumes has been created and you can add thin volumes.

10.4.2. Creating thin logical volumes in the web console

The following text describes creating a thin logical volume in the pool. The pool can include multiple thin volumes and each thin volume can be as large as the pool for thin volumes itself.

Important

Using thin volumes requires regular checkup of actual free physical space of the logical volume.

Prerequisites

Procedure

  1. Log in to the RHEL 8 web console.
  2. Click Storage.
  3. Click the volume group in which you want to create thin volumes.
  4. Click the desired pool.
  5. Click Create Thin Volume.

    cockpit lv pool tab

  6. In the Create Thin Volume dialog box, enter a name for the thin volume without spaces.
  7. Define the size of the thin volume.

    cockpit lv thin size

  8. Click Create.

At this stage, the thin logical volume has been created and you need to format it.

10.4.3. Formatting logical volumes in the web console

Logical volumes act as physical drives. To use them, you need to format them with a file system.

Warning

Formatting logical volumes will erase all data on the volume.

The file system you select determines the configuration parameters you can use for logical volumes. For example, some the XFS file system does not support shrinking volumes. For details, see Resizing logical volumes in the web console.

The following steps describe the procedure to format logical volumes.

Prerequisites

Procedure

  1. Log in to the RHEL web console.
  2. Click Storage.
  3. Click the volume group in which the logical volume is placed.
  4. Click the logical volume.
  5. Click on the Unrecognized Data tab.

    cockpit lv details

  6. Click Format.
  7. In the Erase drop down menu, select:

    • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
    • Overwrite existing data with zeros — the RHEL web console rewrites the whole disk with zeros. This option is slower because the program have to go through the whole disk. Use this option if the disk includes any data and you need to overwrite it.
  8. In the Type drop down menu, select a file system:

    • XFS file system supports large logical volumes, switching physical drives online without outage, and growing an existing file system. Leave this file system selected if you do not have a different strong preference.

      XFS does not support reducing the size of a volume formatted with an XFS file system

    • ext4 file system supports:

      • Logical volumes
      • Switching physical drives online without outage
      • Growing a file system
      • Shrinking a file system

    You can also select a version with the LUKS (Linux Unified Key Setup) encryption, which allows you to encrypt the volume with a passphrase.

  9. In the Name field, enter the logical volume name.
  10. In the Mounting drop down menu, select Custom.

    The Default option does not ensure that the file system will be mounted on the next boot.

  11. In the Mount Point field, add the mount path.
  12. Select Mount at boot.

    cockpit lv format

  13. Click Format.

    Formatting can take several minutes depending on the volume size and which formatting options are selected.

    After the formatting has completed successfully, you can see the details of the formatted logical volume on the Filesystem tab.

    cockpit lv formatted

  14. To use the logical volume, click Mount.

At this point, the system can use mounted and formatted logical volume.

10.5. Using the web console for changing physical drives in volume groups

The following text describes how to change the drive in a volume group using the RHEL 8 web console.

The change of physical drives consists of the following procedures:

Prerequisites

  • A new physical drive for replacing the old or broken one.
  • The configuration expects that physical drives are organized in a volume group.

10.5.1. Adding physical drives to volume groups in the web console

The RHEL 8 web console enables you to add a new physical drive or other type of volume to the existing logical volume.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • A volume group must be created.
  • A new drive connected to the machine.

Procedure

  1. Log in to the RHEL 8 web console.
  2. Click Storage.
  3. In the Volume Groups box, click the volume group in which you want to add a physical volume.
  4. In the Physical Volumes box, click the + icon.

    cockpit lv disk add

  5. In the Add Disks dialog box, select the preferred drive and click Add.

    cockpit lv disk selected

As a result, the RHEL 8 web console adds the physical volume. You can see it in the Physical Volumes section, and the logical volume can immediately start to write on the drive.

10.5.2. Removing physical drives from volume groups in the web console

If a logical volume includes multiple physical drives, you can remove one of the physical drives online.

The system moves automatically all data from the drive to be removed to other drives during the removal process. Notice that it can take some time.

The web console also verifies, if there is enough space for removing the physical drive.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • A volume group with more than one physical drive connected.

Procedure

The following steps describe how to remove a drive from the volume group without causing outage in the RHEL web console.

  1. Log in to the RHEL 8 web console.
  2. Click Storage.
  3. Click the volume group in which you have the logical volume.
  4. In the Physical Volumes section, locate the preferred volume.
  5. Click the - icon.

    The RHEL 8 web console verifies, if the logical volume has enough free space for removing the disk. If not, you cannot remove the disk and it is necessary to add another disk first. For details, see Adding physical drives to logical volumes in the web console.

    cockpit lv disk remove

As results, the RHEL 8 web console removes the physical volume from the created logical volume without causing an outage.

10.6. Using the web console for managing Virtual Data Optimizer volumes

This chapter describes the Virtual Data Optimizer (VDO) configuration using the RHEL 8 web console. After reading it, you will be able to:

  • Create VDO volumes
  • Format VDO volumes
  • Extend VDO volumes

Prerequisites

10.6.1. VDO volumes in the web console

Red Hat Enterprise Linux 8 supports Virtual Data Optimizer (VDO). VDO is a block virtualization technology that combines:

Compression
For details, see Enabling or disabling compression in VDO.
Deduplication
For details, see Enabling or disabling deduplication in VDO.
Thin provisioning
For details, see Thinly-provisioned logical volumes (thin volumes).

Using these technologies, VDO:

  • Saves storage space inline
  • Compresses files
  • Eliminates duplications
  • Enables you to allocate more virtual space than how much the physical or logical storage provides
  • Enables you to extend the virtual storage by growing

VDO can be created on top of many types of storage. In the RHEL 8 web console, you can configure VDO on top of:

  • LVM

    Note

    It is not possible to configure VDO on top of thinly-provisioned volumes.

  • Physical volume
  • Software RAID

For details about placement of VDO in the Storage Stack, see System Requirements.

Additional resources

10.6.2. Creating VDO volumes in the web console

This section helps you to create a VDO volume in the RHEL web console.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • Physical drives, LVMs, or RAID from which you want to create VDO.

Procedure

  1. Log in to the RHEL 8 web console.

    For details, see Logging in to the web console.

  2. Click Storage.
  3. Click the + icon in the VDO Devices box.

    cockpit adding vdo

  4. In the Name field, enter a name of a VDO volume without spaces.
  5. Select the drive that you want to use.
  6. In the Logical Size bar, set up the size of the VDO volume. You can extend it more than ten times, but consider for what purpose you are creating the VDO volume:

    • For active VMs or container storage, use logical size that is ten times the physical size of the volume.
    • For object storage, use logical size that is three times the physical size of the volume.

    For details, see Deploying VDO.

  7. In the Index Memory bar, allocate memory for the VDO volume.

    For details about VDO system requirements, see System Requirements.

  8. Select the Compression option. This option can efficiently reduce various file formats.

    For details, see Enabling or disabling compression in VDO.

  9. Select the Deduplication option.

    This option reduces the consumption of storage resources by eliminating multiple copies of duplicate blocks. For details, see Enabling or disabling deduplication in VDO.

  10. [Optional] If you want to use the VDO volume with applications that need a 512 bytes block size, select Use 512 Byte emulation. This reduces the performance of the VDO volume, but should be very rarely needed. If in doubt, leave it off.
  11. Click Create.

    cockpit create vdo dialog

If the process of creating the VDO volume succeeds, you can see the new VDO volume in the Storage section and format it with a file system.

cockpit vdo created

10.6.3. Formatting VDO volumes in the web console

VDO volumes act as physical drives. To use them, you need to format them with a file system.

Warning

Formatting VDO will erase all data on the volume.

The following steps describe the procedure to format VDO volumes.

Prerequisites

Procedure

  1. Log in to the RHEL 8 web console.

    For details, see Logging in to the web console.

  2. Click Storage.
  3. Click the VDO volume.
  4. Click on the Unrecognized Data tab.
  5. Click Format.

    cockpit vdo format

  6. In the Erase drop down menu, select:

    Don’t overwrite existing data
    The RHEL web console rewrites only the disk header. The advantage of this option is the speed of formatting.
    Overwrite existing data with zeros
    The RHEL web console rewrites the whole disk with zeros. This option is slower because the program has to go through the whole disk. Use this option if the disk includes any data and you need to rewrite them.
  7. In the Type drop down menu, select a filesystem:

    • The XFS file system supports large logical volumes, switching physical drives online without outage, and growing. Leave this file system selected if you do not have a different strong preference.

      XFS does not support shrinking volumes. Therefore, you will not be able to reduce volume formatted with XFS.

    • The ext4 file system supports logical volumes, switching physical drives online without outage, growing, and shrinking.

    You can also select a version with the LUKS (Linux Unified Key Setup) encryption, which allows you to encrypt the volume with a passphrase.

  8. In the Name field, enter the logical volume name.
  9. In the Mounting drop down menu, select Custom.

    The Default option does not ensure that the file system will be mounted on the next boot.

  10. In the Mount Point field, add the mount path.
  11. Select Mount at boot.

    cockpit lv format

  12. Click Format.

    Formatting can take several minutes depending on the used formatting options and the volume size.

    After a successful finish, you can see the details of the formatted VDO volume on the Filesystem tab.

    cockpit vdo formatted

  13. To use the VDO volume, click Mount.

At this point, the system uses the mounted and formatted VDO volume.

10.6.4. Extending VDO volumes in the web console

This section describes extending VDO volumes in the RHEL 8 web console.

Prerequisites

  • The cockpit-storaged package is installed on your system.
  • The VDO volume created.

Procedure

  1. Log in to the RHEL 8 web console.

    For details, see Logging in to the web console.

  2. Click Storage.
  3. Click your VDO volume in the VDO Devices box.

    cockpit vdo created

  4. In the VDO volume details, click the Grow button.
  5. In the Grow logical size of VDO dialog box, extend the logical size of the VDO volume.

    cockpit vdo grow done

    Original size of the logical volume from the screenshot was 6 GB. As you can see, the RHEL web console enables you to grow the volume to more than ten times the size and it works correctly because of the compression and deduplication.

  6. Click Grow.

If the process of growing VDO succeeds, you can see the new size in the VDO volume details.

cockpit vdo grow details

10.7. Locking data with LUKS password in the RHEL web console

In the web console’s Storage tab, you can now create, lock, unlock, resize, and otherwise configure encrypted devices using the LUKS (Linux Unified Key Setup) version 2 format.

This new version of LUKS offers:

  • More flexible unlocking policies
  • Stronger cryptography
  • Better compatibility with future changes

10.7.1. LUKS disk encryption

The Linux Unified Key Setup-on-disk-format (LUKS) enables you to encrypt block devices and it provides a set of tools that simplifies managing the encrypted devices. LUKS allows multiple user keys to decrypt a master key, which is used for the bulk encryption of the partition.

RHEL utilizes LUKS to perform block device encryption. By default, the option to encrypt the block device is unchecked during the installation. If you select the option to encrypt your disk, the system prompts you for a passphrase every time you boot the computer. This passphrase “unlocks” the bulk encryption key that decrypts your partition. If you choose to modify the default partition table, you can choose which partitions you want to encrypt. This is set in the partition table settings.

What LUKS does

  • LUKS encrypts entire block devices and is therefore well-suited for protecting contents of mobile devices such as removable storage media or laptop disk drives.
  • The underlying contents of the encrypted block device are arbitrary, which makes it useful for encrypting swap devices. This can also be useful with certain databases that use specially formatted block devices for data storage.
  • LUKS uses the existing device mapper kernel subsystem.
  • LUKS provides passphrase strengthening which protects against dictionary attacks.
  • LUKS devices contain multiple key slots, allowing users to add backup keys or passphrases.

What LUKS does not do

  • Disk-encryption solutions like LUKS protect the data only when your system is off. Once the system is on and LUKS has decrypted the disk, the files on that disk are available to anyone who would normally have access to them.
  • LUKS is not well-suited for scenarios that require many users to have distinct access keys to the same device. The LUKS1 format provides eight key slots, LUKS2 up to 32 key slots.
  • LUKS is not well-suited for applications requiring file-level encryption.

Ciphers

The default cipher used for LUKS is aes-xts-plain64. The default key size for LUKS is 512 bits. The default key size for LUKS with Anaconda (XTS mode) is 512 bits. Ciphers that are available are:

  • AES - Advanced Encryption Standard - FIPS PUB 197
  • Twofish (a 128-bit block cipher)
  • Serpent

10.7.2. Configuring the LUKS passphrase in the web console

If you want to add encryption to an existing logical volume on your system, you can only do so through formatting the volume.

Prerequisites

  • The web console must be installed and accessible.

    For details, see Installing the web console.

  • The cockpit-storaged package is installed on your system.
  • Available existing logical volume without encryption.

Procedure

  1. Log in to the RHEL 8 web console.

    For details, see Logging in to the web console.

  2. Click Storage.
  3. Select the storage device you want to format.
  4. Click the menu icon and select Format option.
  5. Select the Encrypt data box to activate encryption on your storage device.

    cockpit encryption

  6. Set and confirm your new passphrase.
  7. [Optional] Modify further encryption options.
  8. Finalize formatting settings.
  9. Click Format.

10.7.3. Changing the LUKS passphrase in the web console

This procedure describes how to change a LUKS passphrase on an encrypted disk or partition in the web console.

Prerequisites

  • The web console must be installed and accessible.

    For details, see Installing the web console.

  • The cockpit-storaged package is installed on your system.

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console.

  2. Click Storage
  3. In the Drives table, select the disk with encrypted data.
  4. In Content, select the encrypted partition.
  5. Click Encryption.
  6. In the Keys table, click the pen icon.

    cockpit luks change

  7. In the Change passphrase dialog window:

    1. Enter your current passphrase.
    2. Enter your new passphrase.
    3. Confirm your new passphrase.

      cockpit change passphrase menu

  8. Click Save

10.8. Configuring automated unlocking using a Tang key in the web console

Use the following steps to configure automated unlocking of a LUKS-encrypted storage device using a key provided by a Tang server.

Prerequisites

  • The cockpit and cockpit-storaged packages are present.
  • The cockpit.socket service is running at port 9090.
  • The clevis, tang, and clevis-dracut packages are installed.
  • A Tang server is running.

Procedure

  1. Open the RHEL web console by entering the following address in a web browser:

    https://localhost:9090

    Replace the localhost part by the remote server’s host name or IP address when you connect to a remote system.

  2. Provide your credentials and click Storage. Select an encrypted device and click Encryption in the Content part:
  3. Click + in the Keys section to add a Tang key:

    RHEL web console: Encryption
  4. Provide the address of your Tang server and a password that unlocks the LUKS-encrypted device. Click Add to confirm:

    RHEL web console: Add Tang key
  5. The following dialog window provides a command to verify that the key hash matches. RHEL 8.2 introduced the tang-show-keys script, and you can obtain the key hash using the following command on the Tang server running on the port 7500:

    # tang-show-keys 7500
    3ZWS6-cDrCG61UPJS2BMmPU4I54

    On RHEL 8.1 and earlier, obtain the key hash using the following command:

    # curl -s localhost:7500/adv | jose fmt -j- -g payload -y -o- | jose jwk use -i- -r -u verify -o- | jose jwk thp -i-
    3ZWS6-cDrCG61UPJS2BMmPU4I54
  6. Click Trust key when the key hashes in the web console and in the output of previously listed commands are the same:

    RHEL web console: Verify Tang key
  7. To enable the early boot system to process the disk binding, click Terminal at the bottom of the left navigation bar and enter the following commands:

    # yum install clevis-dracut
    # dracut -fv --regenerate-all

Verification steps

  1. Check that the newly added Tang key is now listed in the Keys section with the Keyserver type:

    RHEL web console: A keyserver key is listed
  2. Verify that the bindings are available for the early boot, for example:

    # lsinitrd | grep clevis
    clevis
    clevis-pin-sss
    clevis-pin-tang
    clevis-pin-tpm2
    -rwxr-xr-x   1 root     root         1600 Feb 11 16:30 usr/bin/clevis
    -rwxr-xr-x   1 root     root         1654 Feb 11 16:30 usr/bin/clevis-decrypt
    ...
    -rwxr-xr-x   2 root     root           45 Feb 11 16:30 usr/lib/dracut/hooks/initqueue/settled/60-clevis-hook.sh
    -rwxr-xr-x   1 root     root         2257 Feb 11 16:30 usr/libexec/clevis-luks-askpass

Additional resources