Installing Debian 10 Buster with Encrypted LVM and btrfs Subvolumes

From Paritybit.ca Wiki

Introduction

Difficulty: Intermediate

With the arrival of Debian Buster, many people will be re-installing their systems to try out some of the new features and to just "start fresh". With this comes the opportunity to try out new configurations that require starting fresh. Namely, btrfs on root. Debian currently supports formatting partitions with btrfs, but doesn't support creating subvolumes from within the installer. This tutorial will demonstrate how to set up a Debian 10 Buster system with btrfs using subvolumes on your root filesystem during the installation process. It will also cover how to do this with LVM encrypted volumes for those who want their installations to be encrypted.

Once you're familiar with this procedure, you will find that it is actually a lot easier than it seemed at first!

This procedure has been adapted from this video found on YouTube: Debian 9 | Installation mit Btrfs Subvolumes (Debian Wochen) by YouTube user "unicks.eu". This video is in German but you don't need to understand the language to follow the steps on screen. This tutorial aims to expand on the content of the video by approaching it from the perspective of wanting encrypted partitions and it also provides an English-language reference to the content of the video. Procedure

Procedure

The first step is to get a copy of the Debian operating system. Get any of the images that aren't a "live" image since these live images don't let you enter into Expert install mode. I prefer the netinstall image since it is a small initial download and I can pull in whichever packages I need using the internet (my connection is reliable and fast enough to support this).

After downloading the image and putting it on a CD/DVD/USB, boot this image and choose Advanced options > Expert install (or Graphical expert install if you want).

Run through the installation as normal until you reach the section on partitioning:

The Debian installer partition menu showing 3 guided options and 1 manual option

Partitioning

On this screen, if you want an encrypted root file system (recommended) then choose the option Guided - use entire disk and set up encrypted LVM. Otherwise choose the first option. If you are working with a disk that already has an operating system on it which you wish to keep or if you have more complicated partitioning needs, you will have to choose Manual and create the partitions necessary for your configuration.

Once you have run through the setup of the partitions you should now see a screen similar to the one below:

The screen showing the overview of your currently configured partitions and mount points step.

Select your root file system (the one with the / as the mount point), change the Use as: field to btrfs journaling file system and select Done setting up the partition. After this, select Finish partitioning and write changes to disk, following the prompts until you arrive back in the installation menu. This will apply the chosen partitioning scheme.

After this and before continuing with the installation, type Ctrl + Alt + F2 to be put into a shell. Press Enter to activate this shell and follow the following procedure to set up subvolumes:

Setting up Subvolumes

The busybox terminal on tty2.

Use the df command to view what the current mounted partitions are. In my case there is /dev/mapper/debianbtrfs--vg-root mounted to /target and /dev/vda1 mounted to /target/boot. /target is the place where the Debian system files will be installed. We need to change and set some things up so that it becomes a btrfs subvolume.

The output of the df command.

The first step is to unmount both /target/boot and then /target using the umount command.

Then, mount the btrfs root volume (i.e. the volume that used to be mounted to /target hereby referred to as BTRFS_VOLUME) to /mnt and then cd /mnt.

Create your desired subvolumes with btrfs subvolume create SUBVOLUME_NAME. I have created @, @home, and @snapshots.

Following this, cd back out of /mnt and unmount it. Then mount the root subvolume to /target like so: mount -o noatime,compress=lzo,space_cache,subvol=@ BTRFS_VOLUME /target. Then remount this BTRFS_VOLUME to /mnt and cd into it again.

Now we want to mkdir -p /target/etc and copy /mnt/etc/fstab (and /mnt/etc/crypttab if you are using encrypted LVM volumes) into /target/etc. Once this is done we can rm -r /mnt/boot /mnt/etc /mnt/media otherwise these directories will remain in your final installation (which isn't a big deal but this is done just for the sake of cleanliness). When this is done, unmount /mnt again.

The next step is to make the necessary subdirectories in /target for your subvolumes. I did: mkdir -p /target/home /target/.snapshots. Now, mount the rest of the subvolumes the same way as before like we did for the root subvolume. Also, mount the boot partition (which in my case resides on /dev/vda1 to /target/boot/efi (or just /target/boot for a legacy BIOS system). The following screenshots show the exact commands that I ran:

All of the commands run as described above (minus mounting boot). Mounting the boot partition.

Mounting Subvolumes at Boot

Now, edit /target/etc/fstab (you must use nano as unfortunately there is no version of vi in this busybox configuration) and add the relevant entries to mount your subvolumes on boot. These should look the same as the entry that already exists but you will have to change the options from default to the ones that we used above when mounting our subvolumes and you will have to change the mount points. For example, the line for mounting the root filesystem will go from:

/dev/mapper/debianbtrfs--vg-root / btrfs defaults 0 0

to:

/dev/mapper/debianbtrfs--vg-root / btrfs noatime,compress=lzo,space_cache,subvol=@ 0 0

Where the other lines will look similar:

The contents of the /target/etc/fstab file after modification.

Once this is all done and you have saved your changes, you may exit out of this terminal (Ctrl + D) and return to the installation (Ctrl + Alt + F1). Proceed with the installation as normal and, when you boot, you should have a btrfs filesystem working with subvolumes!

If you get stuck somewhere try asking in the many helpful areas of the internet such as the Debian User Forums, the #debian IRC channel on the Freenode network, or the debian-user mailing list. See this resource for more information on getting help with Debian.