btrfs creating adding and deleting encrytped disks

Adding and deleting disks is less straight forward when you have an encryption layer.


The best way to do this currently is with the dm-crypt, according to the source. Similar to other filesystems, for an array you get better performance by encrypting each disk individually, then assembling them into the array. In this way you get one thread per disk, rather than than one thread for the whole array.

Note: this is not about encrypting your boot disk. We'll save that for a different note.

# Install cryptsetup and format those disks. You could in theory use a partition rather than a whole disk if needed
apt-get install cryptsetup
cryptsetup luksFormat /dev/sdc
cryptsetup luksFormat /dev/sdd
cryptsetup luksFormat /dev/sde

# Now open them as mapped devices
cryptsetup luksOpen /dev/sdc crypt1
cryptsetup luksOpen /dev/sdd crypt2
cryptsetup luksOpen /dev/sd3 crypt3

# Create an array
mkfs.btrfs /dev/mapper/crypt1 /dev/mapper/crypt2 /dev/mapper/crypt3

# Mount the filesystem (you can use any of the members)
sudo mount -o noatime,compress=lzo /dev/mapper/crypt1 /mnt

If you want this partition to be mounted during boot, you'll need to create a keyfile and you can search for that info (I've not done it). If however, you just want to mount manually, here is a handy script to help with opening multiple disks (assuming you used the same password). We're using blkid here, since that's better for removable disks that tend to get shuffled around in their sdb, sdc, etc order.

Get the UUIDs with the blkid command
sudo blkid
/dev/sdc: UUID="21a70419-911a-4e6e-9e0a-b43d82f58532" TYPE="crypto_LUKS"
/dev/sdd: UUID="67ae3c98-0af2-4d32-bcb8-b545291aaaf9" TYPE="crypto_LUKS"

Put those in the following script

vim array_start


# The blk IDs of the crypto_LUKS disks

# The blk ID of the btrfs volume

echo -n LUKS Password:
read -s PASSWORD

echo $PASSWORD | sudo cryptsetup luksOpen /dev/disk/by-uuid/$DISK1 crypt1
echo $PASSWORD | sudo cryptsetup luksOpen /dev/disk/by-uuid/$DISK2 crypt2

sudo mount -o noatime,compress=lzo UUID=$VOL1 /mnt

vim array_stop


sudo umount /mnt

sudo cryptsetup luksClose crypt1
sudo cryptsetup luksClose crypt2

To Delete a disk from the array;

List the devices in your array

sudo mount -o noatime,compress=lzo /dev/mapper/crypt1 /mnt

sudo btrfs fi show --all-devices

Label: none  uuid: dfea5d9a-90d3-4906-b504-623b2523944a
Total devices 6 FS bytes used 3.17TB
devid    2 size 931.51GB used 668.03GB path /dev/dm-0
devid    1 size 931.51GB used 668.04GB path /dev/dm-1
devid    3 size 931.51GB used 668.03GB path /dev/dm-2
devid    4 size 931.51GB used 668.03GB path /dev/dm-3
   devid    5 size 931.51GB used 668.03GB path /dev/dm-4
devid    7 size 931.51GB used 668.03GB path /dev/dm-5
devid    8 size 931.51GB used 668.03GB path /dev/dm-6

Get the mapping of those devices to the physical disks


sda               8:0    0 931.5G  0 disk
└─crypt2 (dm-1) 252:1    0 931.5G  0 crypt
sdb               8:16   0 931.5G  0 disk
└─crypt1 (dm-0) 252:0    0 931.5G  0 crypt
sdc               8:32   0 931.5G  0 disk
└─crypt3 (dm-2) 252:2    0 931.5G  0 crypt
sdd               8:48   0 931.5G  0 disk
└─crypt4 (dm-3) 252:3    0 931.5G  0 crypt
sde               8:64   0 931.5G  0 disk
└─crypt5 (dm-4) 252:4    0 931.5G  0 crypt
sdf               8:80   0 931.5G  0 disk
└─crypt6 (dm-5) 252:5    0 931.5G  0 crypt
sdg               8:96   0 931.5G  0 disk
└─crypt7 (dm-6) 252:6    0 931.5G  0 crypt

Get details on the specific disk

sudo smartctl -a /dev/sde

Model Family:     Western Digital Caviar Green
Device Model:     WDC WD10EACS-00ZJB0
Serial Number:    WD-WMASJ0007332

Remove that disk from the array (This can take a while, so we start a screen session)

screen -S disk-delete
sudo btrfs device delete crypt5 /mnt/6TB/

Close the disk, and remove it from the kernel

sudo cryptsetup luksClose crypt5

# Must become root for the device delete command
sudo -i
echo 1 > /sys/block/sde/device/delete

Run some traffic to the disk (so you know which one to grab, assuming your syste



You'll notice the drives show up in the Unity Bar. You can right click and blacklist them, or adjust as in this article.

dm-crypt and btrfs