Skip to content

Instantly share code, notes, and snippets.

@bartprokop

bartprokop/usb-hdd-luks-btrfs.sh

Last active June 11, 2022 14:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bartprokop/594d7147cb61a04b38caf96d70caf571 to your computer and use it in GitHub Desktop.
Save bartprokop/594d7147cb61a04b38caf96d70caf571 to your computer and use it in GitHub Desktop.
Download ZIP
Arch Linux, connecting External USB drive, LUKS2 and btrfs in RAID mode
Raw
usb-hdd-luks-btrfs.sh
#
# https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions
# https://man.archlinux.org/man/crypttab.5.en
# https://www.schneier.com/wp-content/uploads/2016/02/paper-truecrypt-dfs.pdf
#
pacman -S hdparm
pacman -S smartmontools
dd if=/dev/urandom of=/dev/sdb bs=4096 status=progress
dd if=/dev/urandom of=/dev/sdc bs=4096 status=progress
cat /proc/sys/kernel/random/entropy_avail
# 416 <- Ensure you have very high entropy, ideally above 4K
ls /dev/disk/by-id/
# ata-ST500DM002-1BD142_Z6ELFDJY ata-ST500DM002-1BD142_Z6ELFDJY-part2 usb-WD_Elements_25A3_325347385955384A-0:0 wwn-0x5000c5007b87a760-part1
# ata-ST500DM002-1BD142_Z6ELFDJY-part1 usb-WD_Elements_25A3_3145475530334A5A-0:0 wwn-0x5000c5007b87a760 wwn-0x5000c5007b87a760-part2
ls /dev/disk/by-label/
# EFI t20sda2
ls /dev/disk/by-partuuid/
# 41e0082e-4360-6740-a650-4ac9e13d9105 65265a7a-961d-1547-af8a-48e1ec0c159b
ls /dev/disk/by-path/
# pci-0000:00:14.0-usb-0:5:1.0-scsi-0:0:0:0 pci-0000:00:1f.2-ata-1 pci-0000:00:1f.2-ata-1.0-part1 pci-0000:00:1f.2-ata-1-part1
# pci-0000:00:14.0-usb-0:6:1.0-scsi-0:0:0:0 pci-0000:00:1f.2-ata-1.0 pci-0000:00:1f.2-ata-1.0-part2 pci-0000:00:1f.2-ata-1-part2
ls /dev/disk/by-uuid/
# 381dc812-9bde-4a4e-8af1-cd6546ffec6e C043-FAA5
smartctl -i /dev/sdb
# smartctl 7.3 2022-02-28 r5338 [x86_64-linux-5.17.5-arch1-1] (local build)
# Copyright (C) 2002-22, Bruce Allen, Christian Franke, www.smartmontools.org
#
# === START OF INFORMATION SECTION ===
# Model Family: Western Digital Ultrastar He10/12
# Device Model: WDC WD80EMAZ-00WJTA0
# Serial Number: 2SG8YU8J
# LU WWN Device Id: 5 000cca 27dc412e4
# Firmware Version: 83.H0A83
# User Capacity: 8,001,563,222,016 bytes [8.00 TB]
# Sector Sizes: 512 bytes logical, 4096 bytes physical
# Rotation Rate: 5400 rpm
# Form Factor: 3.5 inches
# Device is: In smartctl database 7.3/5319
# ATA Version is: ACS-2, ATA8-ACS T13/1699-D revision 4
# SATA Version is: SATA 3.2, 6.0 Gb/s (current: 6.0 Gb/s)
# Local Time is: Mon May 2 09:55:34 2022 BST
# SMART support is: Available - device has SMART capability.
# SMART support is: Enabled
smartctl -i /dev/sdc
# smartctl 7.3 2022-02-28 r5338 [x86_64-linux-5.17.5-arch1-1] (local build)
# Copyright (C) 2002-22, Bruce Allen, Christian Franke, www.smartmontools.org
#
# === START OF INFORMATION SECTION ===
# Model Family: Western Digital Ultrastar He10/12
# Device Model: WDC WD80EMAZ-00WJTA0
# Serial Number: 1EGU03JZ
# LU WWN Device Id: 5 000cca 27ecb5db4
# Firmware Version: 83.H0A83
# User Capacity: 8,001,563,222,016 bytes [8.00 TB]
# Sector Sizes: 512 bytes logical, 4096 bytes physical
# Rotation Rate: 5400 rpm
# Form Factor: 3.5 inches
# Device is: In smartctl database 7.3/5319
# ATA Version is: ACS-2, ATA8-ACS T13/1699-D revision 4
# SATA Version is: SATA 3.2, 6.0 Gb/s (current: 6.0 Gb/s)
# Local Time is: Mon May 2 09:55:40 2022 BST
# SMART support is: Available - device has SMART capability.
# SMART support is: Enabled
cryptsetup --label 2SG8YU8J luksFormat /dev/sdb
# WARNING!
# ========
# This will overwrite data on /dev/sdb irrevocably.
#
# Are you sure? (Type 'yes' in capital letters): YES
# Enter passphrase for /dev/sdb:
# Verify passphrase:
cryptsetup --label 1EGU03JZ luksFormat /dev/sdc
# WARNING!
# ========
# This will overwrite data on /dev/sdc irrevocably.
#
# Are you sure? (Type 'yes' in capital letters): YES
# Enter passphrase for /dev/sdc:
# Verify passphrase:
lsblk -f
# NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
# sdb crypto_LUKS 2 2SG8YU8J 32abd742-704f-4464-9eb4-5bb6959ea959
# sdc crypto_LUKS 2 1EGU03JZ 26f3edb2-7c31-4eab-9598-ed607b5af1df
blkid
# /dev/sdb: UUID="32abd742-704f-4464-9eb4-5bb6959ea959" LABEL="2SG8YU8J" TYPE="crypto_LUKS"
# /dev/sdc: UUID="26f3edb2-7c31-4eab-9598-ed607b5af1df" LABEL="1EGU03JZ" TYPE="crypto_LUKS"
cryptsetup luksDump /dev/sdb
cryptsetup luksDump /dev/sdc
mkdir /etc/cryptsetup-keys.d
dd bs=512 count=4 if=/dev/random of=/etc/cryptsetup-keys.d/2SG8YU8J.key iflag=fullblock
dd bs=512 count=4 if=/dev/random of=/etc/cryptsetup-keys.d/1EGU03JZ.key iflag=fullblock
chmod 600 /etc/cryptsetup-keys.d/*
cryptsetup luksAddKey /dev/sdb /etc/cryptsetup-keys.d/2SG8YU8J.key
cryptsetup luksAddKey /dev/sdc /etc/cryptsetup-keys.d/1EGU03JZ.key
nano /etc/crypttab
# 2SG8YU8J LABEL=2SG8YU8J
# 1EGU03JZ LABEL=1EGU03JZ
reboot
lsblk -f
# NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
# sdb crypto_LUKS 2 1EGU03JZ 26f3edb2-7c31-4eab-9598-ed607b5af1df
# └─1EGU03JZ
# sdc crypto_LUKS 2 2SG8YU8J 32abd742-704f-4464-9eb4-5bb6959ea959
# └─2SG8YU8J
# check the raw performance
dd if=/dev/zero of=/dev/mapper/1EGU03JZ bs=4096 status=progress
# 1186412+0 records in
# 1186412+0 records out
# 4859543552 bytes (4.9 GB, 4.5 GiB) copied, 28.5782 s, 170 MB/s
dd if=/dev/zero of=/dev/mapper/2SG8YU8J bs=4096 status=progress
# 1146035+0 records in
# 1146035+0 records out
# 4694159360 bytes (4.7 GB, 4.4 GiB) copied, 27.4358 s, 171 MB/s
mkfs.btrfs -m raid1 -d raid1 -L t20raid /dev/mapper/1EGU03JZ /dev/mapper/2SG8YU8J
# btrfs-progs v5.17
# See http://btrfs.wiki.kernel.org for more information.
#
# NOTE: several default settings have changed in version 5.15, please make sure
# this does not affect your deployments:
# - DUP for metadata (-m dup)
# - enabled no-holes (-O no-holes)
# - enabled free-space-tree (-R free-space-tree)
#
# Label: t20raid
# UUID: 9f65175e-ec44-4fbf-a28d-cc10ef1a799e
# Node size: 16384
# Sector size: 4096
# Filesystem size: 14.55TiB
# Block group profiles:
# Data: RAID1 1.00GiB
# Metadata: RAID1 1.00GiB
# System: RAID1 8.00MiB
# SSD detected: no
# Zoned device: no
# Incompat features: extref, skinny-metadata, no-holes
# Runtime features: free-space-tree
# Checksum: crc32c
# Number of devices: 2
# Devices:
# ID SIZE PATH
# 1 7.28TiB /dev/mapper/1EGU03JZ
# 2 7.28TiB /dev/mapper/2SG8YU8J
lsblk -f
# NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
# sda
# ├─sda1 vfat FAT32 EFI C043-FAA5 929.8M 9% /efi
# └─sda2 btrfs t20sda2 381dc812-9bde-4a4e-8af1-cd6546ffec6e 460.7G 0% /home
# /
# sdb crypto_LUKS 2 1EGU03JZ 26f3edb2-7c31-4eab-9598-ed607b5af1df
# └─1EGU03JZ btrfs t20raid 9f65175e-ec44-4fbf-a28d-cc10ef1a799e
# sdc crypto_LUKS 2 2SG8YU8J 32abd742-704f-4464-9eb4-5bb6959ea959
# └─2SG8YU8J btrfs t20raid 9f65175e-ec44-4fbf-a28d-cc10ef1a799e
blkid
# /dev/sdb: UUID="26f3edb2-7c31-4eab-9598-ed607b5af1df" LABEL="1EGU03JZ" TYPE="crypto_LUKS"
# /dev/sdc: UUID="32abd742-704f-4464-9eb4-5bb6959ea959" LABEL="2SG8YU8J" TYPE="crypto_LUKS"
# /dev/mapper/1EGU03JZ: LABEL="t20raid" UUID="9f65175e-ec44-4fbf-a28d-cc10ef1a799e" UUID_SUB="4bc67374-8888-4d3f-840c-dec1413a7e40" BLOCK_SIZE="4096" TYPE="btrfs"
# /dev/mapper/2SG8YU8J: LABEL="t20raid" UUID="9f65175e-ec44-4fbf-a28d-cc10ef1a799e" UUID_SUB="653d8280-3e90-403b-87a2-d176552314bf" BLOCK_SIZE="4096" TYPE="btrfs"
mkdir /mnt/raid
nano /etc/fstab
# # UUID=9f65175e-ec44-4fbf-a28d-cc10ef1a799e
# LABEL=t20raid /mnt/raid btrfs rw,noatime,nodiratime,compress=zstd:3,space_cache=v2 0 0
#########
# Scrub
btrfs filesystem usage /mnt/t20raid/
# Overall:
# Device size: 14.55TiB
# Device allocated: 234.02GiB
# Device unallocated: 14.33TiB
# Device missing: 0.00B
# Used: 231.57GiB
# Free (estimated): 7.16TiB (min: 7.16TiB)
# Free (statfs, df): 7.16TiB
# Data ratio: 2.00
# Metadata ratio: 2.00
# Global reserve: 141.06MiB (used: 0.00B)
# Multiple profiles: no
#
# Data,RAID1: Size:116.00GiB, Used:115.62GiB (99.67%)
# /dev/mapper/1EGU03JZ 116.00GiB
# /dev/mapper/2SG8YU8J 116.00GiB
#
# Metadata,RAID1: Size:1.00GiB, Used:174.27MiB (17.02%)
# /dev/mapper/1EGU03JZ 1.00GiB
# /dev/mapper/2SG8YU8J 1.00GiB
#
# System,RAID1: Size:8.00MiB, Used:48.00KiB (0.59%)
# /dev/mapper/1EGU03JZ 8.00MiB
# /dev/mapper/2SG8YU8J 8.00MiB
#
# Unallocated:
# /dev/mapper/1EGU03JZ 7.16TiB
# /dev/mapper/2SG8YU8J 7.16TiB
btrfs scrub status /mnt/t20raid
# UUID: 9f65175e-ec44-4fbf-a28d-cc10ef1a799e
# no stats available
# Total to scrub: 231.57GiB
# Rate: 0.00B/s
# Error summary: no errors found
btrfs scrub start /mnt/t20raid
# scrub started on /mnt/t20raid, fsid 9f65175e-ec44-4fbf-a28d-cc10ef1a799e (pid=736)
btrfs scrub status /mnt/t20raid
# UUID: 9f65175e-ec44-4fbf-a28d-cc10ef1a799e
# Scrub started: Sat Jun 11 15:27:20 2022
# Status: running
# Duration: 0:06:06
# Time left: 0:07:15
# ETA: Sat Jun 11 15:40:42 2022
# Total to scrub: 231.57GiB
# Bytes scrubbed: 105.69GiB (45.64%)
# Rate: 295.70MiB/s
# Error summary: no errors found
btrfs scrub status -d /mnt/t20raid
# UUID: 9f65175e-ec44-4fbf-a28d-cc10ef1a799e
#
# Scrub device /dev/mapper/1EGU03JZ (id 1) status
# Scrub started: Sat Jun 11 15:27:20 2022
# Status: running
# Duration: 0:09:26
# Time left: 0:04:02
# ETA: Sat Jun 11 15:40:50 2022
# Total to scrub: 117.01GiB
# Bytes scrubbed: 81.91GiB (70.00%)
# Rate: 148.18MiB/s
# Error summary: no errors found
#
# Scrub device /dev/mapper/2SG8YU8J (id 2) status
# Scrub started: Sat Jun 11 15:27:20 2022
# Status: running
# Duration: 0:09:26
# Time left: 0:04:02
# ETA: Sat Jun 11 15:40:50 2022
# Total to scrub: 117.01GiB
# Bytes scrubbed: 81.92GiB (70.01%)
# Rate: 148.20MiB/s
# Error summary: no errors found
btrfs scrub status /mnt/t20raid
# UUID: 9f65175e-ec44-4fbf-a28d-cc10ef1a799e
# Scrub started: Sat Jun 11 15:27:20 2022
# Status: finished
# Duration: 0:13:19
# Total to scrub: 231.57GiB
# Rate: 296.79MiB/s
# Error summary: no errors found
#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment