Hi all!
I have 2 SSDs with the same size in the laptop. When I installed Aurora-dx a few months back I only selected one of them as the target, with manual partitioning but the recommended partition layout created by Anaconda, disk encryption selected.
Now I would like to expand the btrfs filesystem with an encrypted partition created over the second SSD, just like how Anaconda would have created it if I were to select both SSDs at installation time.
There is a lot of outdated and/or conflicting info regarding this on the web, especially not considering the rpm-ostree based system, and I wouldn’t want to mess up my system.
Can you pls help in how I should achieve this the best?
Current partition layout:
❯ lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
sda
├─sda1 vfat FAT32 uuid_efi 586.2M 2% /boot/efi
├─sda2 ext4 1.0 uuid_boot 427.3M 49% /boot
└─sda3 crypto_LUKS 2 uuid_luks1
└─luks-uuid_luks1 btrfs hname uuid_btrfs 166.3G 28% /usr/bin/swtpm
/var/home
/var
/sysroot/ostree/deploy/default/var
/usr
/etc
/
/sysroot
sdb
sdc
sdd
zram0 [SWAP]
Kargs:
❯ rpm-ostree kargs
rd.luks.uuid=luks-uuid_luks1 rhgb quiet root=UUID=uuid_btrfs rootflags=subvol=root rw ostree=/ostree/boot.0/default/4eb2f99de89447355bd6f1d8defc92881ce7ac0a1593840918b9a3dd11ee6d9d/0
❯ sudo cat /etc/crypttab
luks-uuid_luks1 UUID=uuid_luks1 none discard
❯ sudo cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sun Nov 10 13:10:23 2024
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
UUID=uuid_btrfs / btrfs subvol=root,compress=zstd:1,x-systemd.device-timeout=0 0 0
UUID=uuid_boot /boot ext4 defaults 1 2
UUID=uuid_efi /boot/efi vfat umask=0077,shortname=winnt 0 2
UUID=uuid_btrfs /home btrfs subvol=home,compress=zstd:1,x-systemd.device-timeout=0 0 0
UUID=uuid_btrfs /var btrfs subvol=var,compress=zstd:1,x-systemd.device-timeout=0 0 0
❯ sudo btrfs fi show
Label: 'hname' uuid: uuid_btrfs
Total devices 1 FS bytes used 65.73GiB
devid 1 size 236.87GiB used 81.02GiB path /dev/mapper/luks-uuid_luks1
What I was able to gather so far:
sudo cryptsetup luksFormat /dev/sdb
(and enter same password as for existing luks partition)sudo cryptsetup open /dev/sdb luks-uuid_luks2
sudo btrfs device add /dev/mapper/luks-uuid_luks2 /
sudo btrfs balance start -mconvert=raid1 /
(I would like duplicated metadata on both drives.)- How to modify crypttab? Directly in the file or through kargs or both? (Currently both contain reference to
uuid_luks1
.) - How to modify fstab if at all?
systemctl daemon-reload
needed as stated in fstab? - Any initramfs to regenerate? If yes, how?
- I remember reading somewhere that adding
cryptsetup.target (or similar??)
is needed somewhere so that systemd waits for both disks to be decrypted before continuing with boot. Do you maybe have more info on this? - Anything else that I missed?
Thank you!