Disclaimer: Be very careful ! This is a mini-HOWTO article, do not copy/paste commands. Modify them to fit your environment.
Hi! I’m writing this article as a mini-HOWTO on how to setup a btrfs-raid1 volume on encrypted disks (luks). This page servers as my personal guide/documentation, but you can use it with little intervention.
It is important to use disks with the exact same size and speed. Usually for raid1 purposes I prefer using the same model. Although in general someone can argue that you should have diversity of models and manufactures to reduce possible firmware issues of a specific series. The most important things to consider when working with raid1 are:
MUST be the same!
I have two Seagate FireCuda SSHD disks, manufacture model: ST1000DX002-2DV1
The system sees them as:
# find /sys/devices -type f -name model -exec cat {} \;
ST1000DX002-2DV1
ST1000DX002-2DV1
correct, now try to identify the disk from the kernel:
# dmesg
[ 3.182635] sd 1:0:0:0: [sdc] Attached SCSI disk
[ 3.182679] sd 1:0:1:0: [sdd] Attached SCSI disk
and verify by:
# hwinfo --block --short | egrep ST1000DX002
/dev/sdc ST1000DX002-2DV1
/dev/sdd ST1000DX002-2DV1
I want to use random keys to encrypt/decrypt these disks as I dont wan to type a pass-phrase for every disk.
So, create a folder to save the encrypted keys:
# mkdir -pv /etc/crypttab.keys/
and run dd against urandom:
# dd if=/dev/urandom of=/etc/crypttab.keys/ST1000DX002-2DV1.a bs=4096 count=1
# dd if=/dev/urandom of=/etc/crypttab.keys/ST1000DX002-2DV1.b bs=4096 count=1
verify that two 4k random keys exist on the above directory:
# ls -l /etc/crypttab.keys/ST1000DX002-2DV1*
-rw-r----- 1 root root 4096 Oct 15 19:01 /etc/crypttab.keys/ST1000DX002-2DV1.a
-rw-r----- 1 root root 4096 Oct 15 19:01 /etc/crypttab.keys/ST1000DX002-2DV1.b
format and encrypt the hard disks:
# cryptsetup luksFormat /dev/sdc --key-file /etc/crypttab.keys/ST1000DX002-2DV1.a
WARNING!
========
This will overwrite data on /dev/sdd irrevocably.
Are you sure? (Type uppercase yes): YES
YES
# cryptsetup luksFormat /dev/sdd --key-file /etc/crypttab.keys/ST1000DX002-2DV1.b
WARNING!
========
This will overwrite data on /dev/sdd irrevocably.
Are you sure? (Type uppercase yes): YES
YES
print block device attributes:
# blkid | tail -2
/dev/sdc: UUID="695ef3a0-80da-4edb-9c36-31666f3d970a" TYPE="crypto_LUKS"
/dev/sdd: UUID="f7773f04-bcf5-4cf1-93c9-1b28f905eac5" TYPE="crypto_LUKS"
by opening them through luks:
# cryptsetup luksOpen /dev/disk/by-uuid/695ef3a0-80da-4edb-9c36-31666f3d970a ST1000DX002-2DV1.a -d /etc/crypttab.keys/ST1000DX002-2DV1.a
# cryptsetup luksOpen /dev/disk/by-uuid/f7773f04-bcf5-4cf1-93c9-1b28f905eac5 ST1000DX002-2DV1.b -d /etc/crypttab.keys/ST1000DX002-2DV1.b
# cryptsetup status /dev/mapper/ST1000DX002-2DV1.a
/dev/mapper/ST1000DX002-2DV1.a is active.
type: LUKS1
cipher: aes-xts-plain64
keysize: 256 bits
key location: dm-crypt
device: /dev/sdc
sector size: 512
offset: 4096 sectors
size: 1953521072 sectors
mode: read/write
# cryptsetup status /dev/mapper/ST1000DX002-2DV1.b
/dev/mapper/ST1000DX002-2DV1.b is active.
type: LUKS1
cipher: aes-xts-plain64
keysize: 256 bits
key location: dm-crypt
device: /dev/sdd
sector size: 512
offset: 4096 sectors
size: 1953521072 sectors
mode: read/write
by using mkfs and choosing label, metadata and data to be on both disks (mirror):
# mkfs.btrfs \
-L ST1000DX002 \
-m raid1 \
-d raid1 \
/dev/mapper/ST1000DX002-2DV1.a \
/dev/mapper/ST1000DX002-2DV1.b
again in one-liner:
# mkfs.btrfs -L ST1000DX002 -m raid1 -d raid1 /dev/mapper/ST1000DX002-2DV1.a /dev/mapper/ST1000DX002-2DV1.b
output:
btrfs-progs v4.17.1
See http://btrfs.wiki.kernel.org for more information.
Label: ST1000DX002
UUID: 93b7a2be-1526-4123-9c07-ba9e0c8a0c47
Node size: 16384
Sector size: 4096
Filesystem size: 1.82TiB
Block group profiles:
Data: RAID1 1.00GiB
Metadata: RAID1 1.00GiB
System: RAID1 8.00MiB
SSD detected: no
Incompat features: extref, skinny-metadata
Number of devices: 2
Devices:
ID SIZE PATH
1 931.51GiB /dev/mapper/ST1000DX002-2DV1.a
2 931.51GiB /dev/mapper/ST1000DX002-2DV1.b
Notice that both disks have only one UUID (Universal Unique IDentifier) number:
UUID: 93b7a2be-1526-4123-9c07-ba9e0c8a0c47
# blkid | tail -2
/dev/mapper/ST1000DX002-2DV1.a: LABEL="ST1000DX002" UUID="93b7a2be-1526-4123-9c07-ba9e0c8a0c47" UUID_SUB="af3caf05-ab0f-4830-ad98-de1a337426c7" TYPE="btrfs"
/dev/mapper/ST1000DX002-2DV1.b: LABEL="ST1000DX002" UUID="93b7a2be-1526-4123-9c07-ba9e0c8a0c47" UUID_SUB="a831f1e0-51a7-4f6e-b7ff-aaa36d01aadf" TYPE="btrfs"
again, be aware of the same UUID: 93b7a2be-1526-4123-9c07-ba9e0c8a0c47on both disks !
first, create a new mount point:
# mkdir -pv /mnt/ST1000DX002
mkdir: created directory '/mnt/ST1000DX002'
and then append the below entry on /etc/fstab
# echo 'UUID=93b7a2be-1526-4123-9c07-ba9e0c8a0c47 /mnt/ST1000DX002 auto defaults,noauto,user,exec 0 0' >> /etc/fstab
finally, mount it !
# mount /mnt/ST1000DX002/
# df -h /mnt/ST1000DX002/
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/ST1000DX002-2DV1.a 932G 17M 931G 1% /mnt/ST1000DX002
btrfs filesystem disk usage:
# btrfs filesystem df /mnt/ST1000DX002/
Data, RAID1: total=1.00GiB, used=512.00KiB
System, RAID1: total=8.00MiB, used=16.00KiB
Metadata, RAID1: total=1.00GiB, used=112.00KiB
GlobalReserve, single: total=16.00MiB, used=0.00B
btrfs filesystem show:
# btrfs filesystem show /mnt/ST1000DX002/
Label: 'ST1000DX002' uuid: 93b7a2be-1526-4123-9c07-ba9e0c8a0c47
Total devices 2 FS bytes used 640.00KiB
devid 1 size 931.51GiB used 2.01GiB path /dev/mapper/ST1000DX002-2DV1.a
devid 2 size 931.51GiB used 2.01GiB path /dev/mapper/ST1000DX002-2DV1.b
that’s it !
-ebal