Replacing filesystems in LUKS volumes I created in Cockpit

This system uses F35 Server. I was setting up some brand new drives to use for serving media files and backups of my home folder from my workstation. I never got around to actually putting any files on these drives.

Each drive had a single LUKS partition, and I did the setup in Cockpit. I want to go a different direction now than I originally intended. The drives I set up are using ext4 and I want to use btrfs instead.

I’m assuming I should wipe the filesystems off the drives and start over. I’m going to do everything in the command line this time instead of using Cockpit. Unfortunately, this is an area where I’m still lacking in knowledge and experience. I’m guessing I should use wipefs to handle wiping the drives, and then I can make the LUKS partitions and then the btrfs filesystem. I can find a tutorial on this and read the docs from btrfs, Fedora, and Red Hat.

My question is, once I umount and wipefs the drives, is there anything else I should do to properly clean things up before I begin again setting up the drives? Should I be looking at /etc/fstab/ and /etc/crypttab/? I don’t want anything left over from what I had set up in Cockpit. Is there anything that would have been written to my boot disk that I would want to remove?

If all you want is to replace ext4 with btrfs, you just need to run mkfs.btrfs on the unlocked LUKS device.
You don’t even need to run wipefs first, mkfs will remove the existing format (it will ask for confirmation). If it isn’t unlocked, first run cryptsetup luksOpen /dev/sdxY <name> and then mkfs.btrfs /dev/mapper/<name>.
You don’t need to recreate the LUKS partition so no changes to /etc/crypttab are needed. You’ll need to change /etc/fstab – filesystem type and UUID for the device will be different, you can get UUID of the newly created btrfs filesystem from lsblk -f.

4 Likes

Thanks for your reply, @vtrefny . I had read it in email and it was helpful for me.

I noticed that Cockpit had formatted the drives in LUKS1 and cryptsetup at this point defaults to LUKS2. I figure I’m overthinking this tremendously, but are there any added steps I should take to properly remove the original LUKS1 volumes so I can reformat in LUKS2? I had one drive left that was still unformatted so I put my first LUKS2 partition on that one.

I can run wipefs -a on the other drives but I’m not sure how important that step is.

Is it important that I use cryptsetup luksRemoveKey to remove the passphrase, then cryptsetup remove to delete the LUKS1 volume? Or, can I jump straight to cryptsetup luksFormat to reformat with the new LUKS2 volume?

If you want to replace the LUKS too just run cryptsetup luksFormat .... Most storage tools (this includes mkfs) will detect that there is an existing filesystem on the device and will either ask if you want to remove it or tell you to use some option like --force and that’s the same as running wipefs -a manually first.

You don’t need to run luksRemoveKey first, luksFormat will overwrite the metadata with zeroes first (and the area with the old key will be overwritten by the new keyslot anyway).

It’s interesting that Cockpit still creates LUKS1, LUKS2 should be default everywhere.