From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jorge.fabregas@gmail.com>
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com
 [IPv6:2607:f8b0:4002:c07::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri, 14 Mar 2014 12:09:10 +0100 (CET)
Received: by mail-yk0-f178.google.com with SMTP id 79so6228998ykr.9
 for <dm-crypt@saout.de>; Fri, 14 Mar 2014 04:09:08 -0700 (PDT)
Received: from biodora.local ([70.45.26.78])
 by mx.google.com with ESMTPSA id z24sm14431862yhk.21.2014.03.14.04.09.08
 for <dm-crypt@saout.de>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 14 Mar 2014 04:09:08 -0700 (PDT)
Message-ID: <5322E353.9090602@gmail.com>
Date: Fri, 14 Mar 2014 07:09:07 -0400
From: =?UTF-8?B?Sm9yZ2UgRsOhYnJlZ2Fz?= <jorge.fabregas@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: [dm-crypt] Encrypted Raid 1 Btrfs on *Single Drive*
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Hi everyone,

I plan to use BTRS on an external drive.  I want to use its RAID 1
capabilities (yes, I know RAID 1 on a single drive doesn't make sense
but I want to take advantage of BTRFS's data & metadata checksumming to
help with bitrot).  The thing is, I want to use LUKS with it.

I'm not sure about the proper stacking here.  I just did a test with this:

# cryptsetup luksFormat /dev/sdc  (my external drive)

# cryptsetup luksOpen /dev/sdc vault

# fdisk /dev/mapper/vault
...and created two partitions of equal size
...afterwards I got /dev/mapper/vault1 & vault2

# mkfs.btrfs -d raid1 -m raid1 /dev/mapper/vault1 /dev/mapper/vault2

# mount /dev/mapper/vault1 /mnt
...and everything works as expected.  For btrfs you just need to mount
one of the RAID members and it automatically takes care of the rest

Now, when I wanted to undo everything, and after unmount /mnt,  I
couldn't simply just use luksClose. I got the following error:

device-mapper: remove ioctl on vault failed: Device or resource busy

I tried lucksClose with vault1 & vault2 before attempting to close vault
but couldn't.  I had to:

# dmsetup remove vault1
# dmsetup remove vault2
# dmsetup remove vault

Then the devices disappeared from /dev/mapper.  Now when I want to mount
my external drive again I have to add another step once I open the LUKS
device:

# kpartx -a /dev/mapper/vault
...so it can create /dev/mapper/vault1 & vault2 so I can use either one
to mount the btrs raid 1.

Is this the correct method:  create the two partitions on the LUKS
device so can I use BTRS RAID 1?  I thought about the other way:

1) create two partitions on raw device
2) format those two partitions with LUKS
3) unlock those two devices and give them to BTRFS...

...but then I'll have two LUKS devices to maintain etc.

Any comments will be appreciated.

Thanks!
Jorge