Table of Contents
Introduction
In this guide, we are about to see how to safely remove a Luks encrypted disk from Red Hat Enterprise Linux 6, 7 and variant Linux distributions. The steps are just reverse to the creation order.
Before starting with removing anything first priority we need to back-up every content from encrypted partition to any other location/File System.
Listing Luks encrypted disk
Here I’m listing my current file system which created using the encrypted disk.
# df -h /myfiles/Sample output:
[root@rhel7 ~]# df -h /myfiles/
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/myfiles 990M 1.3M 938M 1% /myfilesCleaning up Persistent entries
Before starting with removing we need to unmount the file system, and remove the entry from crypttab and fstab for all luks encrypted disks .
# umount /myfiles/
# vi /etc/crypttab
# vi /etc/fstabRemove the Luks Key from partition or Disk.
Once done with removing entries remove the added key using “luksRemoveKey“.
# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfilesType the encryption password to remove the LUKS key from the disk.
[root@rhel7 ~]# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles
Enter LUKS passphrase to be deleted:
[root@rhel7 ~]#Remove the Crypt password stored in a file.
Remove or move the key file used for luks encrypted disk
# rm -rfv /etc/crypt_passwordSample output
[root@rhel7 ~]# rm -rfv /etc/crypt_password
removed `/etc/crypt_password'
[root@rhel7 ~]#Close the Luks Device:
Close the LUKS device.
# cryptsetup luksClose myfilesOnce we close the device it will disappear from the dm device list.
Before close
[root@rhel7 ~]# ls -lthr /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Feb 8 02:17 control
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol02 -> ../dm-1
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-myfiles -> ../dm-7
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 myfiles -> ../dm-8
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol00 -> ../dm-0
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol01 -> ../dm-5
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol06 -> ../dm-4
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol03 -> ../dm-6
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol04 -> ../dm-3
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol05 -> ../dm-2After Close
[root@rhel7 ~]# ls -lthr /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Feb 8 02:20 control
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol02 -> ../dm-1
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol00 -> ../dm-0
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol01 -> ../dm-5
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol06 -> ../dm-4
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol03 -> ../dm-6
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol04 -> ../dm-3
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol05 -> ../dm-2
lrwxrwxrwx. 1 root root 7 Feb 8 02:25 vg_rhel7-myfiles -> ../dm-7
[root@rhel7 ~]#Remove the Logical volume used as the encrypted disk.
Remove the LVM used for the encrypted file system.
# lvremove /dev/mapper/vg_rhel7-myfilesSample Output
[root@rhel7 ~]# lvremove /dev/mapper/vg_rhel7-myfiles
Do you really want to remove active logical volume myfiles? [y/n]: y
Logical volume "myfiles" successfully removed
[root@rhel7 ~]#That’s it we have done with removing the luks encrypted disk and file system.
Conclusion:
Without distracting any other disk we have safely removed the encrypted disks in Red Hat Enterprise and variant Linux. Have any query? Provide your feedback in below comment section.