- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: Security Gateway Resize lv_log Logical Volume ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Security Gateway Resize lv_log Logical Volume - Problems
Dear all,
I have a Security Gateway that runs on R81.20, JHF Take 90.
I'm having some disk space issues under the lv_log volume. Only 5GB available, getting some errors about this in my Smart Console.
If I run "lvm_manager" in expert mode and then choose nr 1 "View LVM storage overview". I then have a row that Is called "unallocated space", 27GB available. I have confirmed that this "unallocated space" Is in the same Volume Group.
Then i run "lvm_manager" again in expert mode and choose nr 2 "Resize lv_current/lv_log Logical Volume", I'm getting this message.
Resizing logical volumes is supported in maintenance mode only.
Please boot in maintenance mode and re-run lvm_manager to resize the logical volume.
press ENTER to continue.
I dont find any related SKs on how to solve this problem at all. How do I boot my Security Gateway into maintenence mode?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Connect with serial cable and with putty. Output will show when you did correct baud rate. When you reboot gateway during boot it will show you an option to enter maintenance mode and that you have to press a key
If you like this post please give a thumbs up(kudo)! 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And don't forget the GRUB password...
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My Security Gateway Is a virtual machine.
Is It possible to just reboot It from the cli and then jump into maintenence mode?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure! But you will need console access to the VM.
Press any key here (not at the VM's boot menu)
Then maintanance mode:
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Super! Thanks.
And how about the GRUB password?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Check this SK: https://support.checkpoint.com/results/sk/sk177687
I could login to my VM without grub password. As I see this related only appliances.
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks thanks! I will try this out
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Note: the unallocated space is where snapshots go. If you allocate too much to lv_log, you won't be able to take a snapshot, and upgrading might require reinstalling the OS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oooh allright, that was god information.
Is your recommendation then to add a virtual disk into the virtual machine?
sk94671
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's the recommended procedure in this case, yes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Note: adding a second drive might result in problems upgrading later. I know on a management, multiple drives passed to a VM typically results in the message "Your partitions are not in Check Point standard format, and an upgrade is not possible.", but I don't know if that also happens on firewalls.
I would try to clear out space from the existing /var/log tree first. 'du -h -d 1 .' tells you the size of each directory in the current directory. Start in /var/log, pick the biggest directory, cd into it, and repeat. You'll find what is taking up the space. Almost every time my firewalls have more than maybe 10 GB used in lv_log, it's due to local traffic logs. The second most common offender is CPUSE packages (a few firewalls kept a lot of jumbos and major version installers longer than they should have).
How did you build the firewall VM? Did you use the R81.20 ISO, or did you start from a CloudGuard image? If the latter, you may be able to expand the existing drive in place, then use some of the unallocated space to expand lv_log. Check to see if the file /etc/autogrow exists. If it does, it may be worth trying the procedure in sk106242 (in short: remove the file, shut down the VM, expand the drive in the hypervisor, boot the VM).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
"Your partitions are not in Check Point standard format, and an upgrade is not possible."
My experece is that, it happens when the disk size is extended (as we usually do on Windows VMs) instead of addig a new disk, and extend the volume.
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okey that doesn't sound good. My log volume (lv_log) Is only 30GB In total, and I've now used 24GB.
Yes I used the R81.20 ISO and Installed It that way. The directory ./files_repository Is in total 11GB.
Bunch of stuff In there.
Not quite sure what files I'm deleting there and could give an negative impact.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Never delete actual version related stuff! This is my first advise.
Extend the partition, according to the SK. Be cautious, and you will succeed. I have done lot of times.
In this case VMware snapshot is not a backup. Do system backup, double check it after dowloaded it (MD5).
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's pretty small, yeah. And with only 27 GB of space to expand into, it sounds like your drive is maybe 120 GB total? If you have access to the hypervisor, you can check there, or you can use the command 'vgs' to see the capacity of the volume groups (swap and a tiny boot partition aren't included in the size reported by 'vgs').
Is this gateway clustered?
It's likely you can work around this for now by removing some junk and taking some unallocated space for lv_log, but I would plan to rebuild the VM with a bigger drive in the next 3-6 months.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's 150GB In total, no cluster at all. Single gateway.
What do you mean by rebuild the VM with a bigger drive?
Following along here, sk94671
Is not good enough?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That process is the one I have seen cause the "Your partitions are not in Check Point standard format, and an upgrade is not possible." message in the past.
And I mean it sounds like all processes for expanding an existing VM's "physical storage" can result in the upgrade failure. The only guaranteed way to not get that failure when you want to upgrade later is to give the VM a bigger disk (say, 300 GB) and reinstall the OS from the ISO image. That probably isn't necessary right this second, so you can wait for a good maintenance window. Could even wait until you want to upgrade.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I followed this sk more than 10 times in the last two year. There was no issue, worked az expected.
If you are not familiar with this process - and I would suggest it to you based on my first time - create a new CP VM -> add a disk as described, and extend the partition. Testing is free, and give a lot of experences. It worked in the LAB, than you can move forward to the productive environment.
Akos
\m/_(>_<)_\m/
