Check Point Gaia – Extending your disk

This is a guide on how to increase your disk size on a Check Point Gaia Security Management node.
Extending disk size is not supported by Check Point as far as I have gathered, so use the following guide at own risk – and as always; keep a fresh backup of your system. =)

So what would the “Check Point official” guide on extending your disk look like?
To be honest, I do not know – but I reckon it would involve an upgrade_export, reinstallation and upgrade_import.
This procedure is, in fact, fairly easy, not very time consuming and would be my preferred method, but some times this may not be feasable.

Read on to see how a disk expansion can be done.

Expand your physical / virtual disk
First off you need to expand your disk. If you are using a virtual machine, just simply expand the disk in the VM management tool.
If you are using a physical machine, then you need to do some hardware magic, cloning the content to a new disk and so forth, which is not my forte. (Sorry)
And my advice would be to reinstall the SM, rather than trying to expand the disk.

Starting point
Here is my starting point. A SM with 10GB of disk, which I will expand to 60GB.

 [Expert@fw-disk-expand-test:0]# df -lh
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current
                      7.8G  3.3G  4.2G  44% /
/dev/sda1             145M   19M  119M  14% /boot
tmpfs                 472M     0  472M   0% /dev/shm
/dev/mapper/vg_splat-lv_log
                      992M   37M  905M  4% /var/log

 

Editing the partition table
At this point, we will delete the existing partition and add a new and bigger partition. Shiny.
To summarize the output below:
– Delete exisiting partition
– Create a new partition
– Change the system type of the new partition to LVM Linux
– Write the changes

[Expert@fw-disk-expand-test:0]# fdisk /dev/sda

The number of cylinders for this disk is set to 7832.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

Command (m for help): p

Disk /dev/sda: 64.4 GB, 64424509440 bytes
255 heads, 63 sectors/track, 7832 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          19      152586   83  Linux
/dev/sda2              20         149     1044225   82  Linux swap / Solaris
/dev/sda3             150        2610    19767982+  8e  Linux LVM

Command (m for help): d 
Partition number (1-4): 3

Command (m for help): p

Disk /dev/sda: 64.4 GB, 64424509440 bytes
255 heads, 63 sectors/track, 7832 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          19      152586   83  Linux
/dev/sda2              20         149     1044225   82  Linux swap / Solaris

Command (m for help): n 
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First cylinder (150-7832, default 150):  [Leave it to default] 
Using default value 150
Last cylinder or +size or +sizeM or +sizeK (150-7832, default 7832):   [Leave it to default] 
Using default value 7832

Command (m for help): p 

Disk /dev/sda: 64.4 GB, 64424509440 bytes
255 heads, 63 sectors/track, 7832 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          19      152586   83  Linux
/dev/sda2              20         149     1044225   82  Linux swap / Solaris
/dev/sda3             150        7832    61713697+  83  Linux

Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): l

 0  Empty           1e  Hidden W95 FAT1 80  Old Minix       be  Solaris boot   
 1  FAT12           24  NEC DOS         81  Minix / old Lin bf  Solaris        
 2  XENIX root      39  Plan 9          82  Linux swap / So c1  DRDOS/sec (FAT-
 3  XENIX usr       3c  PartitionMagic  83  Linux           c4  DRDOS/sec (FAT-
 4  FAT16 <32M      40  Venix 80286     84  OS/2 hidden C:  c6  DRDOS/sec (FAT-
 5  Extended        41  PPC PReP Boot   85  Linux extended  c7  Syrinx         
 6  FAT16           42  SFS             86  NTFS volume set da  Non-FS data    
 7  HPFS/NTFS       4d  QNX4.x          87  NTFS volume set db  CP/M / CTOS / .
 8  AIX             4e  QNX4.x 2nd part 88  Linux plaintext de  Dell Utility   
 9  AIX bootable    4f  QNX4.x 3rd part 8e  Linux LVM       df  BootIt         
 a  OS/2 Boot Manag 50  OnTrack DM      93  Amoeba          e1  DOS access     
 b  W95 FAT32       51  OnTrack DM6 Aux 94  Amoeba BBT      e3  DOS R/O        
 c  W95 FAT32 (LBA) 52  CP/M            9f  BSD/OS          e4  SpeedStor      
 e  W95 FAT16 (LBA) 53  OnTrack DM6 Aux a0  IBM Thinkpad hi eb  BeOS fs        
 f  W95 Ext'd (LBA) 54  OnTrackDM6      a5  FreeBSD         ee  EFI GPT        
10  OPUS            55  EZ-Drive        a6  OpenBSD         ef  EFI (FAT-12/16/
11  Hidden FAT12    56  Golden Bow      a7  NeXTSTEP        f0  Linux/PA-RISC b
12  Compaq diagnost 5c  Priam Edisk     a8  Darwin UFS      f1  SpeedStor      
14  Hidden FAT16 <3 61  SpeedStor       a9  NetBSD          f4  SpeedStor      
16  Hidden FAT16    63  GNU HURD or Sys ab  Darwin boot     f2  DOS secondary  
17  Hidden HPFS/NTF 64  Novell Netware  b7  BSDI fs         fd  Linux raid auto
18  AST SmartSleep  65  Novell Netware  b8  BSDI swap       fe  LANstep        
1b  Hidden W95 FAT3 70  DiskSecure Mult bb  Boot Wizard hid ff  BBT            
1c  Hidden W95 FAT3 75  PC/IX          
Hex code (type L to list codes): 8e
Changed system type of partition 3 to 8e (Linux LVM)

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table.
The new table will be used at the next reboot.
Syncing disks.
[Expert@fw-disk-expand-test:0]# reboot



Resizing your volumes
Now the partition table should be sorted and we do some actual resizing of disks. We will start with the physical volume:

[Expert@fw-disk-expand-test:0]# pvdisplay 
  --- Physical volume ---
  PV Name               /dev/sda3
  VG Name               vg_splat
  PV Size               18.85 GB / not usable 8.67 MB
  Allocatable           yes 
  PE Size (KByte)       32768
  Total PE              603
  Free PE               315
  Allocated PE          288
  PV UUID               FnRU0K-g4HN-KIfK-F0KT-a9Ti-0UDD-hYpYZu
   

[Expert@fw-disk-expand-test:0]# pvresize /dev/sda3
  Physical volume "/dev/sda3" changed
  1 physical volume(s) resized / 0 physical volume(s) not resized
[Expert@fw-disk-expand-test:0]# pvdisplay 
  --- Physical volume ---
  PV Name               /dev/sda3
  VG Name               vg_splat
  PV Size               58.85 GB / not usable 11.09 MB
  Allocatable           yes 
  PE Size (KByte)       32768
  Total PE              1883
  Free PE               1595
  Allocated PE          288
  PV UUID               FnRU0K-g4HN-KIfK-F0KT-a9Ti-0UDD-hYpYZu

Next we will resize the logical volume by “simply allocating” disk the volumes as we please.

      
[Expert@fw-disk-expand-test:0]# lvresize -L +20GB /dev/vg_splat/lv_current 
  /dev/hdc: open failed: Read-only file system
  Extending logical volume lv_current to 28.00 GB
  Logical volume lv_current successfully resized
[Expert@fw-disk-expand-test:0]# lvresize -L +20GB /dev/vg_splat/lv_log      
  /dev/hdc: open failed: Read-only file system
  Extending logical volume lv_log to 21.00 GB
  Logical volume lv_log successfully resized
[Expert@fw-disk-expand-test:0]# lvdisplay
  --- Logical volume ---
  LV Name                /dev/vg_splat/lv_current
  VG Name                vg_splat
  LV UUID                oRD48w-3ueh-uJUF-p8y5-3knq-tEZO-c3dtKE
  LV Write Access        read/write
  LV Status              available
  # open                 1
  LV Size                28.00 GB
  Current LE             896
  Segments               2
  Allocation             inherit
  Read ahead sectors     0
  Block device           253:0
   
  --- Logical volume ---
  LV Name                /dev/vg_splat/lv_log
  VG Name                vg_splat
  LV UUID                3A3NoY-uuQG-MMKf-rusG-cKS9-m0bQ-rrxPe5
  LV Write Access        read/write
  LV Status              available
  # open                 1
  LV Size                21.00 GB
  Current LE             672
  Segments               2
  Allocation             inherit
  Read ahead sectors     0
  Block device           253:1

We will still not see the disk space if we issue df -lh. So the file system needs to resized as well.

  Expert@fw-disk-expand-test:0]# df -lh
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current
                      7.8G  3.3G  4.2G  44% /
/dev/sda1             145M   19M  119M  14% /boot
tmpfs                 472M     0  472M   0% /dev/shm
/dev/mapper/vg_splat-lv_log
                      992M   37M  904M   4% /var/log



Running checks and resizing the file system
At this point we will need to reboot into maintenance mode (reboot and bring up the boot menu by pressing any key within the 5 second timer before Gaia start up).

Check the file system prior to resizing it

sh-3.1# umount -a
sh-3.1# e2fsck -f /dev/mapper/vg_splat-lv_log
sh-3.1# e2fsck -f /dev/mapper/vg_splat-lv_current



Resize the file system – reboot, once again into maintennce mode

sh-3.1# resize2fs /dev/vg_splat/lv_log
sh-3.1# resize2fs /dev/vg_splat/lv_current
sh-3.1# umount -a
sh-3.1# e2fsck -f /dev/mapper/vg_splat-lv_log
sh-3.1# e2fsck -f /dev/mapper/vg_splat-lv_current


Finally: Reboot and rejoice! =)

5.00 avg. rating (98% score) - 1 vote

7 Responses to Check Point Gaia – Extending your disk

  1. Thanks for info!
    But I got problem when tryed to resize root partition with resize2fs.
    It does not want to do it.
    It’s some kind of a bug in linux e2fstools that sheeped with gaia R77.20. So I had to download livecd linux – grml – it is small.
    After I booted to livecd:
    “vgchange -a -y” – activated lvm volume groups
    then checked and resized successfully with resize2fs /dev/vg_splat/lv_current. It worked like a charm now.

    So the easiest way to resize is to do it via any livecd. It does not need reboots of system.

  2. Pingback: Resize Checkpoint Firewall’s Disk/Partition Space (Gaia and Splat Platform) | Network Security Memo

  3. Hi,

    A tool exist on Gaia to resize LVM partition : lvm_manager.
    Since R77.20, this tool is included in Gaia.

    See sk95566 on the CP usercenter for more informations.

    Regards,
    David

  4. you need to remount the root partition with RW before resizing it. its mounted read-only in maintenance mode, so resize2fs won’t work.

    sh3.1# mount -o remount,rw /dev/mapper/vg_spat-lv_current /
    sh3.1# resize2fs /dev/mapper/vg_spat-lv_current

Leave a Reply

Your email address will not be published. Required fields are marked *