Skip to content

Instantly share code, notes, and snippets.

@GeorgFleig

GeorgFleig/btrfs-guide.md

Forked from MaxXor/btrfs-guide.md
Created May 1, 2020 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save GeorgFleig/884b64acb9ab1714ed034efbce4c973d to your computer and use it in GitHub Desktop.
Save GeorgFleig/884b64acb9ab1714ed034efbce4c973d to your computer and use it in GitHub Desktop.
Download ZIP
Btrfs guide for initial setup of an LUKS-encrypted btrfs raid with included recovery guide
Raw
btrfs-guide.md

Btrfs guide

Initial setup with LUKS/dm-crypt

This exemplary initial setup uses two devices /dev/sdb and /dev/sdc but can be applied to any amount of devices by following the steps with additional devices.

Create keyfile:

dd bs=64 count=1 if=/dev/urandom of=/etc/cryptkey iflag=fullblock
chmod 600 /etc/cryptkey

Encrypt devices:

cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sdb /etc/cryptkey
cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sdc /etc/cryptkey

Backup LUKS header:

cryptsetup luksHeaderBackup --header-backup-file ~/sdb.header.bak /dev/sdb
cryptsetup luksHeaderBackup --header-backup-file ~/sdc.header.bak /dev/sdc

Automatically unlock LUKS devices on boot by editing /etc/crypttab:

data1 UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /etc/cryptkey luks,noearly #,discard (for SSDs)
data2 UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /etc/cryptkey luks,noearly #,discard (for SSDs)
# Use 'blkid /dev/sdb' to get the UUID

Unlock encrypted devices now to create the filesystem in next step:

cryptsetup open --key-file=/etc/cryptkey --type luks /dev/sdb data1
cryptsetup open --key-file=/etc/cryptkey --type luks /dev/sdc data2

Create filesystem:

mkfs.btrfs -m raid1 -d raid1 /dev/mapper/data1 /dev/mapper/data2

Mount filesystem:

mount -t btrfs -o defaults,noatime,compress=zstd /dev/mapper/data1 /mnt/data

Automatically mount btrfs filesystem on boot by editing /etc/fstab:

/dev/mapper/data1 /mnt/data btrfs defaults,noatime,compress=zstd 0 2
# Add option 'autodefrag' to allow automatic defragmentation: useful for files with lot of random writes like databases or virtual machine images

Recovery from device failure

Example with one failed device:

  • /dev/mapper/data1 working device
  • /dev/mapper/data2 failed device
  • /dev/mapper/data3 new device
  • /mnt/data mountpoint

In case of failing/failed device, mount in degraded mode with the working device:

mount -t btrfs -o defaults,noatime,compress=zstd,degraded /dev/mapper/data1 /mnt/data

NOTE: Encrypt the new device before using it in the btrfs raid by following the steps above. Add new device to btrfs raid:

btrfs device add /dev/mapper/data3 /mnt/data

Remove the missing device (NOTE: missing is a special device name and not a placeholder):

btrfs device delete missing /mnt/data

Re-balance data of btrfs raid:

btrfs balance start /mnt/data

The fstab entry is left unmodified with one of the working devices:

/dev/mapper/data1 /mnt/data btrfs defaults,noatime,compress=zstd 0 2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment