[dm-crypt] Encrypted Raid 1 Btrfs on *Single Drive*

["Jorge Fábregas" <jorge.fabregas@gmail.com>]

Hi everyone,

I plan to use BTRS on an external drive.  I want to use its RAID 1
capabilities (yes, I know RAID 1 on a single drive doesn't make sense
but I want to take advantage of BTRFS's data & metadata checksumming to
help with bitrot).  The thing is, I want to use LUKS with it.

I'm not sure about the proper stacking here.  I just did a test with this:

# cryptsetup luksFormat /dev/sdc  (my external drive)

# cryptsetup luksOpen /dev/sdc vault

# fdisk /dev/mapper/vault
...and created two partitions of equal size
...afterwards I got /dev/mapper/vault1 & vault2

# mkfs.btrfs -d raid1 -m raid1 /dev/mapper/vault1 /dev/mapper/vault2

# mount /dev/mapper/vault1 /mnt
...and everything works as expected.  For btrfs you just need to mount
one of the RAID members and it automatically takes care of the rest

Now, when I wanted to undo everything, and after unmount /mnt,  I
couldn't simply just use luksClose. I got the following error:

device-mapper: remove ioctl on vault failed: Device or resource busy

I tried lucksClose with vault1 & vault2 before attempting to close vault
but couldn't.  I had to:

# dmsetup remove vault1
# dmsetup remove vault2
# dmsetup remove vault

Then the devices disappeared from /dev/mapper.  Now when I want to mount
my external drive again I have to add another step once I open the LUKS
device:

# kpartx -a /dev/mapper/vault
...so it can create /dev/mapper/vault1 & vault2 so I can use either one
to mount the btrs raid 1.

Is this the correct method:  create the two partitions on the LUKS
device so can I use BTRS RAID 1?  I thought about the other way:

1) create two partitions on raw device
2) format those two partitions with LUKS
3) unlock those two devices and give them to BTRFS...

...but then I'll have two LUKS devices to maintain etc.

Any comments will be appreciated.

Thanks!
Jorge