Ask Your Question
2

What is the correct way to setup the fstrim service on an encrypted SSD in Fedora 23?

asked 2015-12-04 00:12:38 -0600

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hi Everyone, This is my first post. I've been using Linux on and off for several years now but am a newbie to Fedora.

I performed a fresh Fedora 23 install and partitioned using LVM and ext4. I used the default anaconda encryption during install. The computer has both an SSD (sda) and an HDD (sdb).

After reading different posts all over the internet offering advice on how to optimize an SSD, I'm starting to get more confused than clear on what needs to be done to correctly fstrim my encrypted ssd, especially with recent advances and using Fedora 23. I can really use your expert help.


  • Preliminary checks:

$ sudo blockdev --getalignoff /dev/sda I get a 0 (which as I understand confirms alignment)

$ su -c 'hdparm -I /dev/sda' | grep TRIM I get that TRIM is supported


My goal is to to use the fstrim.service to TRIM weekly and verify that it works. From my understanding (this may be wrong), before this will work correctly, I need to enable TRIM on all the filesystem layers (LVM, ext4, and crypt). To set this up, I edited as follows:


/etc/lvm/lvm.conf set issue_discards=1


/etc/crypttab

Tried three different ways to allow discard (none seem to work) by adding the following at the end of the lines in crypttab:

  1. ...none allow-discards
  2. ...none discard
  3. ...none luks,discard

Then trying both:

  • $ sudo dracut -f

and

  • $ sudo dracut -f -I /etc/crypttab

Then after reboot:

$ sudo cryptsetup status luks-e34...11 (for the sda) I get no flags showing discard enabled


  • I also read that I'm suppose to edit /etc/default/grub... I tried:
  1. rd.luks.allow-discards=e43...11

  2. rd.luks.options=discard

  3. both (1) and (2) together

followed each time with:

$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg; reboot


Starting fstrim:

$ sudo systemctl enable fstrim.timer;

$ sudo systemctl start fstrim.service;

$ sudo systemctl status fstrim.service;

Gives: fstrim.service - Discard unused blocks Loaded: loaded (/usr/lib/systemd/system/fstrim.service; static; vendor preset: disabled) Active: inactive (dead)


  • Testing using:

$ sudo systemctl start fstrim

Gives nothing

$ sudo fstrim -all

Gives: fstrim: failed to parse length: 'l'

$ sudo fstrim -v /home

Gives: fstrim: /home: the discard operation is not supported

$ sudo lsblk -D

Does seem to show the appropriate DISC-GRAN (512B) and DISC-MAX (2G) for the ssd but shows DISC-ZERO to be 0. From my understanding, this is a sign that the command does not propagate.


Basically, when trying to test fstrim I get operation not supported. So, as you can see, I'm in need of help. Your feedback on how to correctly setup fstrim to TRIM weekly for an encrypted SSD in Fedora 23 will be greatly appreciated. Many thanks in advance.

edit retag flag offensive close merge delete

Comments

1

In your section Starting fstrim:, the command should be systemctl enable fstrim.timer, notenable fstrim.service.

florian gravatar imageflorian ( 2015-12-09 11:47:53 -0600 )edit

Yes. Thank you. I'll make the edit.

singlechair gravatar imagesinglechair ( 2015-12-09 16:07:30 -0600 )edit

Make sure you set issue_discards = 1, not issue_discards=1.

florian gravatar imageflorian ( 2015-12-10 09:55:11 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
3

answered 2015-12-08 15:53:46 -0600

Moofed gravatar image

updated 2015-12-10 10:52:09 -0600

First,

$ sudo fstrim -all

Gives: fstrim: failed to parse length: 'l'

That should be with double dashes:

$ sudo fstrim --verbose --all
/home: 157 GiB (168507719680 bytes) trimmed
/boot: 325.1 MiB (340918272 bytes) trimmed
/: 43.6 GiB (46845853696 bytes) trimmed

It seems like you have all the pieces, but maybe not all at the same time. My steps were:

In /etc/lvm/lvm.conf set issue_discards = 1

Add discard option to appropriate line in /etc/crypttab

$ sudo grubby --update-kernel=ALL --args=rd.luks.options=discard

$ sudo dracut -f

$ sudo reboot

I am not using discard in /etc/fstab and cryptsetup is showing a discards flag. My lsblk -D results are the same as yours both before and after enabling discards. I hope that helps.

edit flag offensive delete link more

Comments

Thank you for your response. I'm still missing something. Still does not work for encrypted mounts. Does not see discard... As a note, from your directions concerning grub, I did not get the rd.luks.options=discard at boot in grub configuration.

I added discard in /etc/crypttab -tried adding it to both drives and just to the ssd: luks-b88...c40 UUID=b88...c40 none discard luks-e35...db0 UUID=e35...db0 none discard

Edited /etc/default/grub. Now looks like: "rd.lvm.lv=fedora/root rd.luks.uuid=luks-e35...db0 rd.luks.options=discard rd.lvm.lv=fedora/swap rhgb quiet

fstrim works only for /boot

singlechair gravatar imagesinglechair ( 2015-12-09 10:43:35 -0600 )edit

I can confirm that the instructions from @Moofed work on a LVM2 (ext4) system (proven with sudo fstrim -v / and sudo fstrim -v /home).

One, thing I'd like to add from the manpage of crypttab: discard: Allow discard requests to be passed through the encrypted block device. This improves performance on SSD storage but has security implications.

florian gravatar imageflorian ( 2015-12-09 12:19:03 -0600 )edit

I have not been able to get the discard flag to show when I: sudo cryptsetup status luks-e35...db0

My crypttab file only includes the two drives:

luks-b88...c40 UUID=b88...c40 none discard

luks-e35...db0 UUID=e35...db0 none discard

Looks different than example in man crypttab (first column is not the name of the mount points eg: swap). Could this somehow be the problem? Computer boots up fine.

singlechair gravatar imagesinglechair ( 2015-12-09 15:04:00 -0600 )edit

That's fine. Your crypttab looks just as it's supposed to be.

Did you do this? sudo grubby --update-kernel=ALL --args=rd.luks.options=discard, sudo dracut -f, and then reboot?\

florian gravatar imageflorian ( 2015-12-09 16:51:12 -0600 )edit

Yes. Just tried it again and no discard flag appears when checking the status of cryptsetup and only the /boot partition is trimmed. I also tried $ sudo dracut -f -I /etc/crypttab with a reboot after editing crypttab.

Here is also what the linux command line looks in my /etc/default/grub:

GRUB_CMDLINE_LINUX="rd.lvm.lv=fedora/root rd.luks.uuid=luks-e35...db0 rd.luks.options=discard rd.lvm.lv=fedora/swap rhgb quiet"

Anything look strange here?

singlechair gravatar imagesinglechair ( 2015-12-09 20:08:49 -0600 )edit

@singlechair: Just to make sure, you placed a issue_discards = 1 in /etc/lvm/lvm.conf and saved the file?!

florian gravatar imageflorian ( 2015-12-09 21:13:46 -0600 )edit

My /etc/default/grub looks different:

GRUB_CMDLINE_LINUX="rd.lvm.lv=fedora/root rd.luks.uuid=luks-0d...d5 rd.luks.uuid=luks-fb...dc rhgb quiet"

FYI:

  • There are two luks-UUIDs in my case because my root partition is stripped over two physical SSD devices.
  • I don't have a swap
  • I didn't edit /etc/fstab (as suggested by @Moofed).
  • take a look at /boot/efi/EFI/fedora/grub.cfg (EFI system) or /boot/grub2/grub.cfg (BIOS system) to see whether the discard option has been added. You can also hit e in the grub menu before booting the kernel to see the options.
florian gravatar imageflorian ( 2015-12-09 21:17:42 -0600 )edit

After reading this article here, I strongly recommend not to do live-trimming, meaning remove the discard option from your /etc/fstab

florian gravatar imageflorian ( 2015-12-10 09:52:49 -0600 )edit

@Florian: Thanks for your help. I don't have discard in fstab. Interestingly, looking at the status of cryptsetup for my ssd shows no discard flags but my hdd does show the flag (since discard is at the end of both lines in my crypttab). I understand the hdd will not TRIM and I did confirm that I did not mix up the hdd with the sdd drives. According to: https://wiki.archlinux.org/index.php/... For the root filesystems, TRIM support for SSD needs adding the right kernel parameter to the bootloaler configuration? Do we know what that is for Fedora?

singlechair gravatar imagesinglechair ( 2015-12-10 10:06:04 -0600 )edit

Didn't link the article. Sorry, not able to edit comment. So, here is the URL: http://blog.neutrino.es/2013/howto-pr...

florian gravatar imageflorian ( 2015-12-10 10:15:12 -0600 )edit

Regarding bootloader configuration. That is what I wrote in one of the previous comments. You can check bootloader configuration in grub.cfg (see above, location depending on EFI/BIOS system). Don't edit grub.cfg manually! It will generated using grubby. Now, I'd suggest you make sure the syntax in your lvm.conf is correct (issue_discards = 1)(with spaces), remove the discard option from your HDD (double check with sudo blkid) , and then run 1.) sudo grubby --update-kernel=ALL --args=rd.luks.options=discard, 2.) sudo dracut -f, 3.) sudo reboot.

florian gravatar imageflorian ( 2015-12-10 10:20:08 -0600 )edit

@Florian: Is your root directory encrypted? My root directory is encrypted.

singlechair gravatar imagesinglechair ( 2015-12-10 10:22:18 -0600 )edit

@singlechair: Yes, my root dir and my home dir are encrypted.

florian gravatar imageflorian ( 2015-12-10 10:30:03 -0600 )edit

so, what happens if you run sudo fstrim --all (did you notice that you have a typo in that command in your initial question? needs double dashes: --all)?

florian gravatar imageflorian ( 2015-12-10 10:31:08 -0600 )edit

Did exactly as you suggested (all the steps again). Only difference now is that the discard flag that was showing up for hdd is gone. Ssd still doesn't see discard flag in crypttab. As before, when I run sudo fstrim --verbose --all; only the /boot is trimmed...

singlechair gravatar imagesinglechair ( 2015-12-10 10:45:56 -0600 )edit

Weird. su -c 'hdparm -I /dev/sdX' | grep TRIM where X is and a, b, or .. (your SSD device) gives you what? How does grub.cfg looks like? Before booting your computer, when you do have the selection of kernels to boot in grub menu, press e to see the kernel cmdline with options. Is discard there?

florian gravatar imageflorian ( 2015-12-10 11:01:43 -0600 )edit
1

@Florian As the article you linked says, the possibility of lower performance is why I am not using discard as a fstab option.

@singlechair To confirm the kernel option is being read, does rd.luks.options=discard appear in dmesg | grep 'Command line' ?

Moofed gravatar imageMoofed ( 2015-12-10 11:05:42 -0600 )edit

And your /boot is located where? On the SSD, I assume. So, that doesn't seem to be the problem. My guess is that the kernel you are booting is missing the discard option rd.luks.options=discard.

florian gravatar imageflorian ( 2015-12-10 11:11:10 -0600 )edit

Yes. Output looks like:

BOOT_IMAGE=/vmlinuz-4.2.6-301.fc23.x86_64 root=/dev/mapper/fedora-root ro rd.lvm.lv=fedora/root rd.luks.uuid=luks-e35...db0 rd.lvm.lv=fedora/swap rhgb quiet rd.luks.options=discard

Not sure what the ro is doing in there but yes it shows up.

singlechair gravatar imagesinglechair ( 2015-12-10 11:14:22 -0600 )edit

That looks totally fine! (ro means that root device is mounted read-only on boot. That's the default setting, all OK).

I am clueless why it doesn't work.

florian gravatar imageflorian ( 2015-12-10 12:25:19 -0600 )edit

My boot is on the ssd and I'm booting using the correct kernel (4.2.6-301.fc23.x86_64). As I mention in my preliminary checks above, my drive does support TRIM. Returns:

Data Set Management TRIM supported (limit 1 block)

singlechair gravatar imagesinglechair ( 2015-12-10 12:57:30 -0600 )edit

Question Tools

3 followers

Stats

Asked: 2015-12-04 00:12:38 -0600

Seen: 13,753 times

Last updated: Dec 10 '15