This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2025-04-06 01:18 PM

Tip for extending disk space without entering maintanance mode or rebooting

Hey guys,

Credit for this 100% goes to @yukaia . I wanted to share it, as Im sure a lot of people may never heard about it (I certainly never have) and would always reboot, go into maintenance mode and run lvm_manager and then extend, reboot again.

Examples that can be done and works on vm, physical box, regardless of the version/jumbo hotfix:

I always recommend take backup and/or snapshot (just in case), though in my lab, that was not needed, worked like a charm.
 
Example 1:
 
Say you want to extend / dir to 35 BG:
 
First command:
 
lvresize -L35G vg_splat/lv_current
 
Then -> xfs_growfs /
 
Example 2:
 
If you wish to extend /var/log to say 55GB

 

lvresize -L55G vg_splat/lv_log

 

xfs_growfs /var/log

 

Run df -h to verify!

WARNING: As @emmap had indicated, this would prevent you from doing major upgrades (jumbos would work on same version), and I even confirmed with R&D that there is NO WAY to bypass this requirement, since OS needs to have enough unallocated space to generate snapshot during the upgrade.

 

Andy

(1)
15 Replies
emmap
Employee
Employee
‎2025-04-06 07:14 PM

Hi, you're all adults so I'm not going to tell you what not to do with your stuff, but:

This sort of thing can remove the ability to perform in-place upgrades via CPUSE due to lack of unpartitioned space. It can also remove the ability to take snapshots for the same reason. As such it is not supported to do this on CP appliances outside of an explicit recommendation from TAC with accompanying SR/guidance. 

That said, here is the SK about adding a disk to a VM or open server that also utilises these commands:

https://support.checkpoint.com/results/sk/sk165122

 

the_rock
Legend
Legend
‎2025-04-06 07:27 PM
In response to emmap

Thank you Emma, I totally get your point, definitely something to consider. I was able to upgrade one of my lab fws today to R82, did not complain about anything.

Andy

0 Kudos
the_rock
Legend
Legend
‎2025-04-07 08:25 AM
In response to emmap

@emmap 

You are 100% correct. I tested 2 lab devices today and snapshot failed, as well as cpuse verification upgrade. Just wondering, is there any way to get around that?

Andy

0 Kudos
yukaia
Contributor
‎2025-04-07 08:36 AM
In response to the_rock

You can't shrink an xfs partition, so the only way to fix it would be to add more disk space if it's a VM.

0 Kudos
the_rock
Legend
Legend
‎2025-04-07 08:44 AM
In response to yukaia

I think so, yea...I went intomaintenance mode, but does not let me modify anything with unpartitioned space.

Andy

0 Kudos
the_rock
Legend
Legend
‎2025-04-07 08:45 AM
In response to yukaia

Unless there is another command to do it without rebooting, but I doubt it...

Andy

0 Kudos
yukaia
Contributor
‎2025-04-07 08:48 AM
In response to the_rock

Yeah, it's a limitation of xfs.

the_rock
Legend
Legend
‎2025-04-07 08:49 AM
In response to yukaia

K, fair enough. t least I extended partitions in my labs, so im happy with that 🙂

Andy

0 Kudos
emmap
Employee
Employee
‎2025-04-07 07:17 PM
In response to the_rock

With VMs you can add more virtual disks with the SK I linked to up there, but if it's an appliance and you've expanded partitions and removed all the unpartitioned space, the only way to recover is to reinstall (and re-partition) from USB. Hence why it's unsupported and not recommended to do it.

0 Kudos
the_rock
Legend
Legend
‎2025-04-07 07:24 PM
In response to emmap

Gotcha...just curious though, since its my labs, though I dont want to rebuild it, but even if I have to, not a big deal, but is there any workaround to get cpuse work after running those commands I linked in the post? Im using EVE-NG, though not sure if that makes much difference.

Andy

0 Kudos
emmap
Employee
Employee
‎2025-04-07 08:24 PM
In response to the_rock

If the failure is disk space related then no, there's no workaround that I'm aware of.

The 'autosnap' part of the process isn't something that can be skipped - as I understand it, the upgrade procedure creates a new root partition with a clean install of the new version, and then copies data from the old root over to the new one. The 'autosnap' snapshot that remains available as a rollback point is that old root partition, it's not a fresh snapshot like a manually taken one would be. So the requirement to have enough unpartitioned space isn't something that can be bypassed.

(1)
the_rock
Legend
Legend
‎2025-04-07 08:26 PM
In response to emmap

Thanks as always, amazing help from you! 

Andy

0 Kudos
Alex-
Leader Leader
Leader
‎2025-04-07 09:37 AM
In response to emmap

We still have to grapple with larger images as time goes by, for instance the latest Blink for R81.20 is 10Gb, R82T12 is already 8GB and just getting started.

We're at a point where the only way forward to upgrade some versions is to clean install as appliances  don't scale with multiple upgrades, even for the next JHF.

Deleting older folders still containing R80.x repositories in CPda and/or messing with partitions isn't the greatest feeling either, so either we get appliances shipped with TB of disk space or and advanced CPUSE which keeps the file system up to date for continuous upgrades.

(1)
the_rock
Legend
Legend
‎2025-04-07 09:56 AM
In response to Alex-

@Alex- I agree 100% with all you had said. Btw, I had a call maybe about a month ago with genetleman from Israel office (cant recall his name now, super nice guy), we discussed things about upgrades and he told me they are working on developing a script that would clean up unnecessary files/packages after the upgrade or even before major one.

Brilliant idea.

Andy

0 Kudos
yukaia
Contributor
‎2025-04-07 10:41 AM
In response to Alex-

Absolutely, it's particularly painful that the Maestro Orchestrators only come with 120gb SSDs in them.

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events