Today I built a new server for us to start testing out splunk. When I built it I used LVM. I also agreed to the default layout using split partitions on the Debian 6 install. So I ended up with a partition for / /var and /home and /tmp. I always like splitting partitions up like this, and I ALWAYS use LVM. Once the new server was booted up and ready for me to begin the splunk install I did so using their deb package. That put everything for splunk into /opt which did not have its own partition, and as a result I needed to add a new disk, and create a partition that could be mounted to /opt. Since I used LVM this became a trivial task. I will show you the steps to take if you need to do what I did.
First we need to stop splunk and move it out of /opt for a moment.
Once you see this info you should be ready to move splunk:
Shutting down. Please wait, as this may take a few minutes.
Stopping splunk helpers…
Next we will move the splunk install to /tmp while we do this disk stuff. If you do not move it you will notice once the new opt is created that splunk is gone (sort of, its really just hidden), so its best to just move it for now.
mv /opt/splunk /tmp
This will move the splunk install to /tmp.
Next, I am going to assume your new disk is already accessible to the system. If its not then make it that way, so we can partition it with fdisk
sdb Was the disk I added to my system. Here I am going to create a new primary partition and set its type to 8e which is Linux LVM. I want to use the whole disk but you may want to only allocate a small amount of it.. Once you have written the changes and fdisk is done its time to begin the LVM steps.
The first step is to create a disk using pvcreate
You should get a message like this:
Physical volume “/dev/sdb1” successfully created
If so we can move on to the next step. In my setup I want to add this new disk to the existing volume group which is named splunk. To do that I will use vgextend
vgextend splunk /dev/sdb1
If the command was successful you should be greeted with the following message:
Volume group “splunk” successfully extended
You can verify this using vgdisplay
You should see something similar showing the new Free PE or the Total PE as being larger. In my case the Total increased by 10G, and the Free shows I now have 10G free.
— Volume group —
VG Name splunk
Metadata Areas 2
Metadata Sequence No 8
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 6
Open LV 6
Max PV 0
Cur PV 2
Act PV 2
VG Size 29.75 GiB
PE Size 4.00 MiB
Total PE 7617
Alloc PE / Size 5058 / 19.76 GiB
Free PE / Size 2559 / 10.00 GiB
VG UUID DtBgbf-pDPY-JLFo-cjv2-ydUC-nyiH-lzqzys
Now I can create a new logical volume. I am only going to use 8 of the 10G I added, and name it “opt” since that will be its mount point:
lvcreate -L 8G -nopt splunk
If that command was successful you will see a message like mine:
Logical volume “opt” created
You can look at the info about the new volume using lvdisplay
Here is the opt section of my output
— Logical volume —
LV Name /dev/splunk/opt
VG Name splunk
LV UUID 5fAiFp-fpmd-dlUa-mgHl-nNcy-kX9G-RLHDaC
LV Write Access read/write
LV Status available
# open 0
LV Size 8.00 GiB
Current LE 2048
Read ahead sectors auto
– currently set to 256
Block device 254:6
Now all thats left is adding a filesystem to this volume and mounting it. I am using ext3, so I will use the following command:
mke2fs -j /dev/mapper/splunk-opt
After the normal output from mke2fs I need to amend my fstab to auto mount my new filesystem for me on boot.
I will add the following to that file:
/dev/mapper/splunk-opt /opt ext3 defaults 0 2
Save this file. Now mount the new file system. You should also move anything else that is currently in /opt to /tmp while you do this or it will also appear to be gone.. To mount the new file system simply:
This will mount the new logical volume to /opt for you. Verify that with df or mount. Once its verified that it is in fact mounted you can safely move all your data back to /opt
mv /tmp/splunk /opt
Now you can start splunk back up