2015-05-26 09:41:11 -04:00
---
2021-03-13 13:06:18 -05:00
lang: en
2015-05-26 09:41:11 -04:00
layout: doc
2021-06-16 22:56:25 -04:00
permalink: /doc/secondary-storage/
2015-10-11 03:04:59 -04:00
redirect_from:
2015-10-28 18:14:40 -04:00
- /en/doc/secondary-storage/
2015-10-11 03:04:59 -04:00
- /doc/SecondaryStorage/
- /wiki/SecondaryStorage/
2021-03-13 13:06:18 -05:00
ref: 187
2021-06-16 02:19:45 -04:00
title: Secondary Storage
2015-05-26 09:41:11 -04:00
---
2018-02-05 10:48:44 -05:00
Suppose you have a fast but small primary SSD and a large but slow secondary HDD.
You want to store a subset of your AppVMs on the HDD.
2015-05-26 09:41:11 -04:00
2021-03-13 12:03:23 -05:00
## Instructions
2015-05-26 09:41:11 -04:00
2021-03-13 12:03:23 -05:00
Qubes 4.0 is more flexible than earlier versions about placing different VMs on different disks.
2018-02-05 10:48:44 -05:00
For example, you can keep templates on one disk and AppVMs on another, without messy symlinks.
2015-05-26 09:41:11 -04:00
2018-04-01 03:43:10 -04:00
These steps assume you have already created a separate [volume group ](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/logical_volume_manager_administration/vg_admin#VG_create ) and [thin pool ](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/logical_volume_manager_administration/thinly_provisioned_volume_creation ) (not thin volume) for your HDD.
2018-08-21 09:52:11 -04:00
See also [this example ](https://www.linux.com/blog/how-full-encrypt-your-linux-system-lvm-luks ) if you would like to create an encrypted LVM pool (but note you can use a single logical volume if preferred, and to use the `-T` option on `lvcreate` to specify it is thin). You can find the commands for this example applied to Qubes at the bottom of this R4.0 section.
2018-04-01 03:43:10 -04:00
First, collect some information in a dom0 terminal:
2015-05-26 09:41:11 -04:00
2021-03-13 12:03:23 -05:00
```
sudo pvs
sudo lvs
```
2015-05-26 09:41:11 -04:00
2018-02-03 11:11:11 -05:00
Take note of the VG and thin pool names for your HDD, then register it with Qubes:
2015-05-26 09:41:11 -04:00
2021-03-13 12:03:23 -05:00
```shell_session
# <pool_name> is a freely chosen pool name
# <vg_name> is LVM volume group name
# <thin_pool_name> is LVM thin pool name
qvm-pool --add < pool_name > lvm_thin -o volume_group=< vg_name > ,thin_pool=< thin_pool_name > ,revisions_to_keep=2
```
2018-02-03 11:11:11 -05:00
Now, you can create qubes in that pool:
2021-03-13 12:03:23 -05:00
```
qvm-create -P < pool_name > --label red < vmname >
```
2018-02-03 11:11:11 -05:00
2018-02-05 10:48:44 -05:00
It isn't possible to directly migrate an existing qube to the new pool, but you can clone it there, then remove the old one:
2018-02-03 11:11:11 -05:00
2021-03-13 12:03:23 -05:00
```
qvm-clone -P < pool_name > < sourceVMname > < cloneVMname >
qvm-remove < sourceVMname >
```
2018-02-03 11:11:11 -05:00
2018-02-05 10:48:44 -05:00
If that was a template, or other qube referenced elsewhere (NetVM or such), you will need to adjust those references manually after moving.
2018-02-03 11:11:11 -05:00
For example:
2021-03-13 12:03:23 -05:00
```
qvm-prefs < appvmname_based_on_old_template > template < new_template_name >
```
2018-02-03 11:11:11 -05:00
2018-02-05 10:48:44 -05:00
In theory, you can still use file-based disk images ("file" pool driver), but it lacks some features such as you won't be able to do backups without shutting down the qube.
2018-02-03 11:11:11 -05:00
2021-03-13 12:03:23 -05:00
### Example HDD setup
2018-08-21 09:52:11 -04:00
Assuming the secondary hard disk is at /dev/sdb (it will be completely erased), you can set it up for encryption by doing in a dom0 terminal (use the same passphrase as the main Qubes disk to avoid a second password prompt at boot):
2021-03-13 12:03:23 -05:00
```
sudo cryptsetup luksFormat --hash=sha512 --key-size=512 --cipher=aes-xts-plain64 --verify-passphrase /dev/sdb
sudo blkid /dev/sdb
```
2018-08-21 09:52:11 -04:00
Note the device's UUID (in this example "b209..."), we will use it as its luks name for auto-mounting at boot, by doing:
2021-03-13 12:03:23 -05:00
```
sudo nano /etc/crypttab
```
2018-08-21 09:52:11 -04:00
And adding this line (change both "b209..." for your device's UUID from blkid) to crypttab:
2021-03-13 12:03:23 -05:00
```
luks-b20975aa-8318-433d-8508-6c23982c6cde UUID=b20975aa-8318-433d-8508-6c23982c6cde none
```
2018-08-21 09:52:11 -04:00
Reboot the computer so the new luks device appears at /dev/mapper/luks-b209... and we can then create its pool, by doing this on a dom0 terminal (substitute the b209... UUIDs with yours):
2018-08-22 06:35:16 -04:00
First create the physical volume
2021-03-13 12:03:23 -05:00
```
sudo pvcreate /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde
```
2018-08-22 06:35:16 -04:00
Then create the LVM volume group, we will use for example "qubes" as the < vg_name > :
2021-03-13 12:03:23 -05:00
```
sudo vgcreate qubes /dev/mapper/luks-b20975aa-8318-433d-8508-6c23982c6cde
```
2018-08-22 06:35:16 -04:00
And then use "poolhd0" as the < thin_pool_name > (LVM thin pool name):
2021-03-13 12:03:23 -05:00
```
sudo lvcreate -T -n poolhd0 -l +100%FREE qubes
```
2018-08-22 06:35:16 -04:00
Finally we will tell Qubes to add a new pool on the just created thin pool
2021-03-13 12:03:23 -05:00
```
qvm-pool --add poolhd0_qubes lvm_thin -o volume_group=qubes,thin_pool=poolhd0,revisions_to_keep=2
```
2018-08-21 09:52:11 -04:00
2018-08-22 06:35:16 -04:00
By default VMs will be created on the main Qubes disk (i.e. a small SSD), to create them on this secondary HDD do the following on a dom0 terminal:
2018-08-21 09:52:11 -04:00
2021-03-13 12:03:23 -05:00
```
qvm-create -P poolhd0_qubes --label red unstrusted-hdd
```
2018-08-21 09:52:11 -04:00