Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Forsaken_61
Explorer

Security Gateway Resize lv_log Logical Volume - Problems

Dear all,

I have a Security Gateway that runs on R81.20, JHF Take 90.

I'm having some disk space issues under the lv_log volume. Only 5GB available, getting some errors about this in my Smart Console.

If I run "lvm_manager" in expert mode and then choose nr 1 "View LVM storage overview". I then have a row that Is called "unallocated space", 27GB available. I have confirmed that this "unallocated space" Is in the same Volume Group.

Then i run "lvm_manager" again in expert mode and choose nr 2 "Resize lv_current/lv_log Logical Volume", I'm getting this message.

Resizing logical volumes is supported in maintenance mode only.
Please boot in maintenance mode and re-run lvm_manager to resize the logical volume.

press ENTER to continue.

I dont find any related SKs on how to solve this problem at all. How do I boot my Security Gateway into maintenence mode?

Thanks

0 Kudos
18 Replies
Lesley
Leader Leader
Leader

Connect with serial cable and with putty. Output will show when you did correct baud rate. When you reboot gateway during boot it will show you an option to enter maintenance mode and that you have to press a key

-------
If you like this post please give a thumbs up(kudo)! 🙂
AkosBakos
Leader Leader
Leader

And don't forget the GRUB password...

----------------
\m/_(>_<)_\m/
0 Kudos
Forsaken_61
Explorer

My Security Gateway Is a virtual machine.

Is It possible to just reboot It from the cli and then jump into maintenence mode?

0 Kudos
AkosBakos
Leader Leader
Leader

Sure! But you will need console access to the VM.

Press any key here (not at the VM's boot menu)

maintanance1.png

Then maintanance mode:

maintanance2.png

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Forsaken_61
Explorer

Super! Thanks.

And how about the GRUB password? 

0 Kudos
AkosBakos
Leader Leader
Leader

Hi,

Check this SK: https://support.checkpoint.com/results/sk/sk177687

I could login to my VM without grub password. As I see this related only appliances.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
(1)
Forsaken_61
Explorer

Thanks thanks! I will try this out

0 Kudos
Bob_Zimmerman
Authority
Authority

Note: the unallocated space is where snapshots go. If you allocate too much to lv_log, you won't be able to take a snapshot, and upgrading might require reinstalling the OS.

0 Kudos
(1)
Forsaken_61
Explorer

Oooh allright, that was god information.

Is your recommendation then to add a virtual disk into the virtual machine?
sk94671

0 Kudos
PhoneBoy
Admin
Admin

That's the recommended procedure in this case, yes.

0 Kudos
Bob_Zimmerman
Authority
Authority

Note: adding a second drive might result in problems upgrading later. I know on a management, multiple drives passed to a VM typically results in the message "Your partitions are not in Check Point standard format, and an upgrade is not possible.", but I don't know if that also happens on firewalls.

I would try to clear out space from the existing /var/log tree first. 'du -h -d 1 .' tells you the size of each directory in the current directory. Start in /var/log, pick the biggest directory, cd into it, and repeat. You'll find what is taking up the space. Almost every time my firewalls have more than maybe 10 GB used in lv_log, it's due to local traffic logs. The second most common offender is CPUSE packages (a few firewalls kept a lot of jumbos and major version installers longer than they should have).

How did you build the firewall VM? Did you use the R81.20 ISO, or did you start from a CloudGuard image? If the latter, you may be able to expand the existing drive in place, then use some of the unallocated space to expand lv_log. Check to see if the file /etc/autogrow exists. If it does, it may be worth trying the procedure in sk106242 (in short: remove the file, shut down the VM, expand the drive in the hypervisor, boot the VM).

0 Kudos
AkosBakos
Leader Leader
Leader

Hi,

"Your partitions are not in Check Point standard format, and an upgrade is not possible."

My experece is that, it happens when the disk size is extended (as we usually do on Windows VMs) instead of addig a new disk, and extend the volume.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Forsaken_61
Explorer

Okey that doesn't sound good. My log volume (lv_log) Is only 30GB In total, and I've now used 24GB.

Yes I used the R81.20 ISO and Installed It that way. The directory ./files_repository Is in total 11GB.
Bunch of stuff In there. 

Not quite sure what files I'm deleting there and could give an negative impact. 

0 Kudos
AkosBakos
Leader Leader
Leader

Never delete actual version related stuff! This is my first advise.

Extend the partition, according to the SK. Be cautious, and you will succeed. I have done lot of times.

In this case VMware snapshot is not a backup. Do system backup, double check it after dowloaded it (MD5).

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Bob_Zimmerman
Authority
Authority

That's pretty small, yeah. And with only 27 GB of space to expand into, it sounds like your drive is maybe 120 GB total? If you have access to the hypervisor, you can check there, or you can use the command 'vgs' to see the capacity of the volume groups (swap and a tiny boot partition aren't included in the size reported by 'vgs').

Is this gateway clustered?

It's likely you can work around this for now by removing some junk and taking some unallocated space for lv_log, but I would plan to rebuild the VM with a bigger drive in the next 3-6 months.

0 Kudos
Forsaken_61
Explorer

It's 150GB In total, no cluster at all. Single gateway.

What do you mean by rebuild the VM with a bigger drive?

Following along here, sk94671
Is not good enough? 

0 Kudos
Bob_Zimmerman
Authority
Authority

That process is the one I have seen cause the "Your partitions are not in Check Point standard format, and an upgrade is not possible." message in the past.

And I mean it sounds like all processes for expanding an existing VM's "physical storage" can result in the upgrade failure. The only guaranteed way to not get that failure when you want to upgrade later is to give the VM a bigger disk (say, 300 GB) and reinstall the OS from the ISO image. That probably isn't necessary right this second, so you can wait for a good maintenance window. Could even wait until you want to upgrade.

0 Kudos
AkosBakos
Leader Leader
Leader

I followed this sk more than 10 times in the last two year. There was no issue, worked az expected.

If you are not familiar with this process - and I would suggest it to you based on my first time - create a new CP VM -> add a disk as described, and extend the partition. Testing is free, and give a lot of experences. It worked in the LAB, than you can move forward to the productive environment.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events