Bcachefs: Difference between revisions
imported>Onny Add encryption example |
Console4852 (talk | contribs) github issue referenced in wiki is now fixed, so remove note. |
||
| (47 intermediate revisions by 11 users not shown) | |||
| Line 1: | Line 1: | ||
[https://bcachefs.org Bcachefs] is a next-generation CoW filesystem that aims to provide features from [[Btrfs]] and [[ZFS]] with a cleaner codebase, more stability, greater speed and a GPL-compatible license. It is built upon Bcache and is mainly developed by Kent Overstreet. | [https://bcachefs.org Bcachefs] is a next-generation CoW filesystem that aims to provide features from [[Btrfs]] and [[ZFS]] with a cleaner codebase<ref name=":0">citation needed</ref>, more stability<ref name=":0" />, greater speed<ref name=":0" /> and a GPL-compatible license. It is built upon Bcache and is mainly developed by Kent Overstreet. | ||
== Installation == | == Installation == | ||
| Line 11: | Line 11: | ||
== Usage == | == Usage == | ||
Format and mount a | Format and mount a single device | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
| Line 18: | Line 18: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Format drive with encryption enabled, unlock and mount it afterwards | Or, format and mount multiple devices | ||
<syntaxhighlight lang="console"> | |||
# bcachefs format /dev/sda:/dev/sdb:/dev/sdc | |||
# mount -t bcachefs /dev/sda:/dev/sdb:/dev/sdc | |||
</syntaxhighlight> | |||
The same works with partitions, which is probably better for future proofing depending on your specific needs | |||
<syntaxhighlight lang="console"> | |||
# bcachefs format /dev/sda1:/dev/sdb2:/dev/sdc3 | |||
# mount -t bcachefs /dev/sda1:/dev/sdb2:/dev/sdc3 | |||
</syntaxhighlight> | |||
Format drive with encryption enabled, unlock and mount it afterwards. Following bcachefs commands will ask for a password: | |||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
| Line 25: | Line 40: | ||
# mount -t bcachefs /dev/sda /mnt | # mount -t bcachefs /dev/sda /mnt | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Format a drive with compression on by default, foreground and background | |||
(Available Compression options are <code>gzip</code>, <code>lz4</code>, and <code>zstd</code>) | |||
<syntaxhighlight lang="console"> | |||
# bcachefs format --compression=lz4 --background_compression=zstd /dev/sda | |||
# mount -t bcachefs /dev/sda | |||
</syntaxhighlight> | |||
Format a multiple devices with storage tiers, so that reads and writes happen on the fastest disks, with data being stored on slower, bigger drives based on usage patterns | |||
<syntaxhighlight lang="console"> | |||
# bcachefs format \ | |||
--label=hdd.hdd1 /dev/sdc \ | |||
--label=hdd.hdd2 /dev/sdd \ | |||
--label=hdd.hdd3 /dev/sde \ | |||
--label=ssd.ssd1 /dev/sdf \ | |||
--label=ssd.ssd2 /dev/sdg \ | |||
--foreground_target=ssd \ | |||
--promote_target=ssd \ | |||
--background_target=hdd \ | |||
# mount -t bcachefs /dev/sdc:/dev/sdd:/dev/sde:/dev/sdf:/dev/sdg | |||
</syntaxhighlight> | |||
For a better mounting experience in the previous example, use the external UUID that was printed. | |||
<syntaxhighlight lang="console"> | |||
# bcachefs format \ | |||
--label=hdd.hdd1 /dev/sdc \ | |||
--label=hdd.hdd2 /dev/sdd \ | |||
--label=hdd.hdd3 /dev/sde \ | |||
--label=ssd.ssd1 /dev/sdf \ | |||
--label=ssd.ssd2 /dev/sdg \ | |||
--foreground_target=ssd \ | |||
--promote_target=ssd \ | |||
--background_target=hdd \ | |||
# mount -t bcachefs UUID=<UUID> | |||
</syntaxhighlight> | |||
Create a subvolume of a mounted bcachefs filesystem. The snapshot of the filesystem state is accessible in the directory <code>/mnt/snap1</code>. | |||
<syntaxhighlight lang="console"> | |||
# bcachefs subvolume snapshot /mnt /mnt/snap1 | |||
</syntaxhighlight> | |||
Filesystem check, fix errors and corruptions where a Bcachefs filesystem is on <code>/dev/sda</code>: | |||
<syntaxhighlight lang="console"> | |||
# bcachefs fsck /dev/sda | |||
</syntaxhighlight>Change partition encryption password for <code>/dev/sda1</code><syntaxhighlight lang="console"> | |||
# bcachefs set-passphrase /dev/sda1 | |||
</syntaxhighlight> | |||
== Configuration == | |||
Every option for the filesystem can be set by editing <code>/sys/fs/bcachefs/<uuid>/options</code>, for example the file <code>background_compression</code> will change the background compression scheme for background compression. These are persisted with the filesystems, so a bcachefs storage device being mounted on a different computer won't need to know what mount options to use to maintain the same compression levels. | |||
Change encryption password for Bcachefs formatted device <code>/dev/sda1</code> | |||
<syntaxhighlight lang="console"> | |||
# bcachefs set-passphrase /dev/sda1 | |||
</syntaxhighlight> | |||
Enable zstd compression for device <code>/dev/sda1</code> at mount time | |||
{{file|/etc/nixos/hardware-configuration.nix|nix|<nowiki> | |||
fileSystems."/" = | |||
{ device = "/dev/sda1"; | |||
fsType = "bcachefs"; | |||
options = [ "compression=zstd" ]; | |||
}; | |||
</nowiki>}} | |||
== Tips and tricks == | |||
=== NixOS installation on bcachefs === | |||
Using the installation media generated above, continue the installation as usual following the [https://nixos.org/manual/nixos/stable/index.html#ch-installation instructions of the NixOS manual]. | |||
For a UEFI installation, the partitioning needs to be adjusted as following | |||
{{note|Be sure on which disk you'll perform these filesystem operations. All existing data on it will be erased.}} | |||
<syntaxhighlight lang="console"> | |||
# parted /dev/sda -- mklabel gpt | |||
# parted /dev/sda -- mkpart ESP fat32 1MB 512MB | |||
# parted /dev/sda -- set 1 esp on | |||
# parted /dev/sda -- mkpart primary 512MB 100% | |||
</syntaxhighlight> | |||
Formatting the boot partition <code>/dev/sda1</code> and the root filesystem <code>/dev/sda2</code> | |||
<syntaxhighlight lang="console"> | |||
# mkfs.fat -F 32 -n boot /dev/sda1 | |||
# nix shell -p bcachefs-tools | |||
# mkfs.bcachefs -L nixos /dev/sda2 | |||
</syntaxhighlight> | |||
Formatting and unlocking the encrypted partition would look like this | |||
<syntaxhighlight lang="console"> | |||
# nix-shell -p keyutils --run 'keyctl link @u @s' | |||
# nix-shell -p bcachefs-tools | |||
# bcachefs format --encrypted /dev/sda2 | |||
# bcachefs unlock /dev/sda2 | |||
</syntaxhighlight> | |||
Mount filesystems | |||
There are two ways to mount a bcachefs filesystem. First, by device: | |||
<syntaxhighlight lang="console"> | |||
# mount /dev/sda2 /mnt | |||
# mkdir /mnt/boot | |||
# mount /dev/disk/by-label/boot /mnt/boot | |||
</syntaxhighlight> | |||
For better reliability as with any other filesystem, one should mount the filesystem by UUID, by replacing any drive specifiers with it. | |||
When you formatted, there was an external UUID shown, but if you lost it, you can retrieve it using | |||
<syntaxhighlight lang="console"> | |||
# lsblk -o +uuid,fsType | grep bcachefs | |||
</syntaxhighlight> | |||
And using it like <code>UUID=<UUID></code> in place of <code>/dev/sda1:/dev/sdb1</code> or even just <code>/dev/sda</code>. | |||
Continue installation as recommended by the [https://nixos.org/manual/nixos/stable/index.html#ch-installation NixOS manual]. | |||
=== Remote encrypted disk unlocking === | |||
See article on [[Remote disk unlocking#Bcachefs unlocking|remote disk unlocking]] for a guide on how to enable SSH decryption of Bcachefs enabled systems. | |||
=== Automatically mount encrypted device on boot === | |||
Since the Bcachefs mount options do [https://github.com/koverstreet/bcachefs-tools/pull/266 not support supplying a key file yet], we could use the <code>bcachefs</code> command and run it on boot using a [[Systemd]] unit:<syntaxhighlight lang="nix"> | |||
systemd.services."bcachefs-mount" = { | |||
after = [ "local-fs.target" ]; | |||
wantedBy = [ "multi-user.target" ]; | |||
environment = { | |||
DEVICE_PATH = "/dev/sda1"; | |||
MOUNT_POINT = "/mnt"; | |||
}; | |||
script = '' | |||
#!${pkgs.runtimeShell} -e | |||
${pkgs.keyutils}/bin/keyctl link @u @s | |||
# Check if the device path exists | |||
if [ ! -b "$DEVICE_PATH" ]; then | |||
echo "Error: Device path $DEVICE_PATH does not exist." | |||
exit 1 | |||
fi | |||
# Check if the drive is already mounted | |||
if ${pkgs.util-linux}/bin/mountpoint -q "$MOUNT_POINT"; then | |||
echo "Drive already mounted at $MOUNT_POINT. Skipping..." | |||
exit 0 | |||
fi | |||
# Wait for the device to become available | |||
while [ ! -b "$DEVICE_PATH" ]; do | |||
echo "Waiting for $DEVICE_PATH to become available..." | |||
sleep 5 | |||
done | |||
# Mount the device | |||
${pkgs.bcachefs-tools}/bin/bcachefs mount -f /etc/keyfile_test "$DEVICE_PATH" "$MOUNT_POINT" | |||
''; | |||
serviceConfig = { | |||
Type = "oneshot"; | |||
User = "root"; | |||
}; | |||
}; | |||
</syntaxhighlight>This example unit mounts the Bcachefs encrypted partition <code>/dev/sda1</code> to the target <code>/mnt</code> by using the key file <code>/etc/keyfile_test</code>. | |||
[[Category:Filesystem]] | |||