A quick how-to with the set of instructions to move /var/log partition to a different drive. Done on CentOS 7.5.1804 with all partitions managed by LVM, while /var/log is moved to a USB key.
The tricky part with /var/log is that there is always something being written to it, and although simple archive/restore might work, you risk to lose changes from the moment you create archive till the moment you restore it. Depending on how big /var/log is it could be minutes/hours of data. The procedure below assumes an outage since it will be performed offline, however it assures that no data will be lost.
First, get the Minimal CentOS 7 ISO image from the closest mirror. Luckily, the Minimal ISO contains all necessary tools needed.
Boot from the Minimal ISO, and at the boot prompt choose Troubleshooting, then Rescue a CentOS system, followed by Skip to shell.
Scan for existing LVM groups and volumes:
% lvm vgscan -v
Wiping cache of LVM-capable devices
Wiping internal VG cache
Reading volume groups from cache.
Found volume group “centos7-tmpl” using metadata type lvm2
Activate all logical volumes in the group:
% lvm vgchange –a y
5 logical volume(s) in volume group “centos7-tmpl” now active
Get the names of activated volumes:
% lvm lvscan
ACTIVE ‘/dev/centos7-tmpl/root’ [<3.73 GiB] inherit
ACTIVE ‘/dev/centos7-tmpl/swap’ [1.86 GiB] inherit
ACTIVE ‘/dev/centos7-tmpl/usr’ [<4.66 GiB] inherit
ACTIVE ‘/dev/centos7-tmpl/tmp’ [488.00 MiB] inherit
ACTIVE ‘/dev/centos7-tmpl/var’ [8.38 GiB] inherit
Attach and identify the USB key:
% dmesg | grep -i kingston
[ 5.337421] usb 4-6: Manufacturer: Kingston
[ 6.392790] scsi 3:0:0:0: Direct-Access Kingston DT Workspace KS13 PQ: 0 ANSI: 6
% dmesg | grep -i 3:0:0:0
[ 6.392790] scsi 3:0:0:0: Direct-Access Kingston DT Workspace KS13 PQ: 0 ANSI: 6
[ 11.634432] sd 3:0:0:0: [sdo] 60974698 512-byte logical blocks: (31.2 GB/29.0 GiB)
[ 11.634726] sd 3:0:0:0: [sdo] Write Protect is off
[ 11.634729] sd 3:0:0:0: [sdo] Mode Sense: 2b 00 10 08
[ 11.635069] sd 3:0:0:0: [sdo] Write cache: enabled, read cache: enabled, supports DPO and FUA
[ 11.639422] sd 3:0:0:0: [sdo] Attached SCSI disk
[ 16.221124] sd 3:0:0:0: Attached scsi generic sg15 type 0
Partition and format the USB key if needed.
Mount /root and /var partitions along with the USB key:
% mkdir /mnt/root /mnt/oldvarlog /mnt/newvarlog
% mount /dev/centos7-tmpl/root /mnt/root
% mount /dev/centos7-tmpl/var /mnt/oldvarlog
% mount /dev/sdo1 /mnt/newvarlog
Sync the old /var/log to the USB key. Note that there is a trailing slash at the end of both paths -- without it you will end up with /mnt/newvarlog/log (/var/log/log/ while mounted):
% rsync –a /mnt/oldvarlog/log/ /mnt/newvarlog/
Backup the old /var/log to be on a safe side:
% mv /mnt/oldvarlog/log /mnt/oldvarlog/log.old
Edit fstab file to indicate a new drive for /var/log, and reboot with the ISO file detached:
% vi /mnt/root/etc/fstab
/dev/sdo1 /var/log xfs defaults 0 0
Confirm that /var/log is indeed populated with the recent entries. /var/log.old could be safely deleted afterwards.