4

I would like to build a RAID1/BTRFS/Luks setup. What I found about it so far is:

An encrypted Btrfs file system can be created on top of the dm_crypt disk encryption subsystem and Linux Unified Key Setup (LUKS) layer, which supports a variety of encryption standards. However, this approach disables some of the capabilities and advantages of using Btrfs on raw block devices, such as automatic solid-state disk support and detection.

What's the best approach to implement this solution?

/dev/sda1 < 500 Gb 
/dev/sdb1 < 500 Gb 

/dev/md0 < RAID1 stripe < Luks < BTRFS < snapshots

Would a setup like this work?

I can't see other way of doing it without losing BTRFS-es snapshot capabilities. I could setup the raid without mdadm with btrfs like:

mkfs.btrfs -m raid1 -d raid1 /dev/sda /dev/sdb

but then I got btrfs right on the top where I can only drop luks encrypted images. Even if 1 bit changes inside an image will affect the snapshots of btrfs (aka it will copy the whole image file again)..

Halfgaar
  • 8,084
  • 6
  • 45
  • 86
Doodle
  • 41
  • 1
  • 2
  • I don't know what automatic SSD support entails, but one of the features would be trim/discard, I guess. However, as best I know, you still can't trim a (normal) RAID(1) array. – Halfgaar Jul 08 '14 at 10:13
  • With Oracle Solaris, the encryption capability in ZFS[46] is embedded into the I/O pipeline. << Maybe using ZFS instead can take care all the problems in one (Raid, Encryption, File system snapshots). – Doodle Jul 08 '14 at 10:44
  • Is ZFS on Linux stable these days? – Halfgaar Jul 08 '14 at 11:02
  • 1
    LUKS is perfectly capable of passing through discard. Exactly from where did you "find out" this information? – Michael Hampton Jul 08 '14 at 13:51

2 Answers2

4

The important thing to note is that if you use md for the mirroring and create btrfs on top of it with "-d single" you will lose the ability to recover from bitrot errors (btrfs will still detect them)

So the best solution for your case would be your second example:

raw device -> LUKS -> btrfs RAID1 from the LUKS devices

loan already answered the TRIM/discard part for you and there is nothing for me to add there

Marek Mikoczy
  • 41
  • 5
3

However, this approach disables some of the capabilities and advantages of using Btrfs on raw block devices, such as automatic solid-state disk support and detection.

cryptsetup supports passing TRIM requests; you just need to use the argument --allow-discards when doing a cryptsetup open, or using discard as an option when using /etc/crypttab. Do this before executing mkfs.btrfs and you'll see that it detects the SSD and turns on TRIM. You may also want to ensure you use discard,ssd as options when later mounting the filesystem.

Even if 1 bit changes inside an image will affect the snapshots of btrfs (aka it will copy the whole image file again)..

BTRFS will detect any bit corruption in a data/metadata block and correct that block using the other copy (it won't copy the file). Snapshots reference existing data/metadata blocks and don't normally take up extra space. Should part of a block (part of a file) later change, a copy will be made and referenced separately (it won't copy the file unless the block contains the whole file). The unchanged block will not be copied, just referenced.

Ioan
  • 141
  • 1