Create Linux dm-crypt BTRFS RAID 1

To do this you need two empty drives, with the guide below all data on the drive will be lost if it is not empty!

1. Install cryptsetup

apt-get install cryptsetup

2. Create the dm-crypt

cryptsetup -y -v luksFormat /dev/sdb
cryptsetup -y -v luksFormat /dev/sdc

(Make sure to use the correct device. To show available devices use “lsblk”.)

3. Mount the cryptsetup disk

cryptsetup luksOpen /dev/sdb disk1
cryptsetup luksOpen /dev/sdc disk2

4. Check if this was successful

ls -l /dev/mapper/disk*

sudo cryptsetup -v status disk1
sudo cryptsetup -v status disk2

5. Create BTRFS volume RAID 1, this means all data and meta-data is mirrored, which means if you use 2 drives with i.e. 4TB each you can only use 4TG over all in the BTRFS mounted volume.

mkfs.btrfs -m raid1 -d raid1 /dev/mapper/disk1 /dev/mapper/disk2

You could list more than two drive, for example to increase redundancy, but if you want to use more drive to increase storage you would have to use a different Raid level.

6. Once you created a multi-device file system, you can use any device in the FS for the mount command

mount -t btrfs -o noatime,compress=zstd /dev/mapper/disk1 /mnt/btrfs

7. Creat a subvolume for each purpose/for each data storage folder you want to use the RAID 1 for

btrfs subvolume create /mnt/btrfs/subvolume1_data

For example if you want to store you /srv/http and your /var/lib/mysql on the BTRFS RAID drive you should create one subvolume for each, of them, i.e.

btrfs subvolume create /mnt/btrfs/subvolume_http
btrfs subvolume create /mnt/btrfs/subvolume_mysql

Those subvolumes can than be mounted in the respective folders. Before you mount them you should set the permissions/ownership of the folder as same as their mount folder (in this case check permissions of /srv/www and /var/lib/mysql), then move all files and folders from the current folder to the subvolume (see how to mount it below) and then mount the subvolume to the folder).

8. Mount the subvolume

mount -t btrfs -o subvolume=subvolume1_data,noatime,compress=zstd /dev/mapper/disk1 /mnt/data

This uses zstd compression for the mount, this is invoked only by setting the mount parameter. For details on compression see here.

You can mount this subvolume, also the main btrfs volume, to any folder you want, lets assume you want to mount it to /home/$USER/data, so instead of the last command you want to do this (if already mounted before, just do “umount /mnt/data” if you already mounted it)

mount -t btrfs -o subvolume=subvolume1_data,noatime,compress=zstd /dev/mapper/disk1 /home/$USER/data

(folder must exists, “mkdir /home/$USER/data” if you want to create it)

Now the subvolume is available in /home/$USER/data, see “df -h” to check.

The output will contain a line like this:
/dev/mapper/disk1 3.7T 17M 3.7T 1% /home/YOUR_USER_NAME/data

9. Change permission of the subvolume

chown -R $USER:$USER ~/data

Now you can write and read from the folder, you have full access to it, which also means you have full access to the subvolume content and the permissions are inherited by folders and files you create in the folder “data”.

10. Show BTRFS filesystem

sudo btrfs filesystem show

The output will look like this

Label: none  uuid: 690fbca6-f764-4873-9f2c-f60c40197a14
        Total devices 2 FS bytes used 656.00KiB
        devid    1 size 3.64TiB used 2.03GiB path /dev/mapper/disk2
        devid    2 size 3.64TiB used 2.03GiB path /dev/mapper/disk1

There is a great cheat sheet for BTRFS here.

Please leave a comment if you have a suggestion.