While recently installing some memory and a new Patriot 120 GB SSD into an older laptop that I was going to use as a test server, or I should say a install an OS, perform penetration tests on it and possibly (99.9% chance that I would bork it) wipe it clean only to reinstall the OS on it again, it dawned on me, that it would be nice if I could revert it back to an earlier time (not the fresh install state) without having to use backup software. While DD is my go to product, it can be time consuming. This particular laptop is a Lenovo Z585 that I was using for my Windows 7 & 10 projects and I wanted to install Windows Server 2016 and GNS3 so that I could learn active directory domain services on the Windows Server 2016 partition and with the Cent OS partition I could start learning the rpm package management system and the different commands that come with Red Hat, CentOS and Fedora versions of Linux.
I decided to install Windows Server 2016 on the first 60 GB partition and CentOS on the remaining 60 GB partition and I would have the original 500 GB hard drive as internal storage which would be split down the middle. This dual boot setup would give me the opportunity to learn how to put two different OS’es and two different file systems on the same SSD and I was up for the challenge. While installing Windows 206 I reached a point in the setup where I had to format the SSD and I was presented with a few choices for the file system on that was going to be on the Linux box, mainly ext4 and BtrFS. This is were I ended the setup and called upon my trusty friend Google. I needed to know more about BtrFS, as I knew a little bit about the ext4 journaling file system and since this would be a new SSD I had a few concerns about using discard, noatime and nodiratime.
BtrFS filesystem in Linux provides the following Features and Capabilities
Built-in copy on write
Powerful snapshot capabilities
Built-in volume management with subvolumes
Massive Scalability upto 16 Exabytes
Built-in data integrity (checksums)
RAID built in BtrFS
Online filesystem management
Data and metadata integrity
In-place conversion from ext2/3/4 and ReiserFS
Online expansion and reduction of filesystem size
Object level RAID
Support for multiple devices
To start out Wikipedia has some good information and links on BtrFS, however I was just looking for some information and not another college course. I hope that this article helps someone out there fill in the gaps. A BtrFS filesystem partition cannot be encrypted which means that PII that has to be encrypted will not work for you. What will work is using BtrFS for the filesystem and using EXT4 on a storage partition. Also BtrFS was removed from RHEL 8 in 2019 which was surprising because by some accounts it is going to be the next generation general purpose Linux file system. I think the lack of FDE is hurting BtrFS. One of the major advantages of BtrFS is it offers advanced reliability along with snapshots and a core feature called “copy-on-write.” Btrfs was designed to overcome fault tolerance, management and data protection.
The copy-on-write function is sort of like a file that was just written to a partition and a copy of that file is just a reference to the original file location, however when the copy (or the original) is changed then the two files separate from one another. If you can picture an empty disk, then a file with the contents of 1,2,3,4,5,6 is written to that disk along with some metadata blocks that make up that filesystem. Now imagine that the disk has one file with the contents 1,2,3,4,5,6. In a regular filesystem if you change that file the original file is overwritten. Remember that when you open a file, a copy is created on the hard drive and you are actually editing that copy and when you close that file the changes are written to the original file and the copy is deleted. In copy-on-write, using our example from above if you open up the file and change the 5,6 in the file to 7,8, what happens is the 7,8 is written to a new part of the hard disk and this new file’s metadata is changed to reference this new data. The original file with the 1,2,3,4,5,6 still contains 1,2,3,4,5,6 however the metadata will be changed to reflect that the spaces of 5,6 can be overwritten.
By not updating the original location it eliminates the risk of a partial update or data corruption during a power failure, and the copy-on-write nature of Btrfs also facilitates file system features such as replication, migration, backup, and restoration of data. Btrfs provides efficient storage for small files. Because all Linux file systems address storage in block sizes of 4 KB this means that if we have a file that is smaller than 4KB then we have space on the hard disk that is wasted. Btrfs utilizes these smaller files by directly storing them in the metadata, thereby providing a significant performance advantage over other file systems when creating and reading small files.
Interesting enough, Btrfs lets you to make readable and writable snapshots. These snapshots are copies of a sub-volume that were taken at some point in time. When opened these snapshots appear as directories that you can access the same way you would access a normal Linux directory. Writable snapshots will let you revert a filesystem to a position that includes a previous state. This allows you the flexibility to administer a system patch and reboot into the snapshot if the system is not performing as expected. By default all snapshots are writable, however you have the ability to create read-only snapshots. Read only snapshots are useful for off site backups. Btrfs is included in the mainline Linux kernel.
BEWARE: The installer for CentOS 6 does not allow the creation of a Btrfs filesystem, so it has to be done with ETX4 and then converted post-install. As I mentioned earlier RHEL is not supporting Btrfs, so it would be a good guess that CentOS and Fedora may follow ship. Time will tell.
1.) Btrfs utilities are installed using the btrfs-progs software package. ON a RHEL system use this following command to display the files provided:
# rpm –ql btrfs-progs2
2.) Use the mkfs.btrfs command to create a Btrfs file system. The syntax is:
3.) To create a Btrfs file system on two block devices (for example, /dev/sdb and /dev/sdc): # mkfs.btrfs /dev/sdb /dev/sdc
The default configuration for a file system with multiple devices is:
-d raid0 – Stripe the file system data across all devices.
-m raid1 – Mirror the file system metadata across all devices.
4.) To create a Btrfs file system with multiple devices (/dev/sdb and /dev/sdc) and stripe both the data and the metadata: # mkfs.btrfs –m raid0 /dev/sdb /dev/sdc
5.) To create a Btrfs file system with multiple devices (/dev/sdb and /dev/sdc) and mirror both the data and the metadata: # mkfs.btrfs –d raid1 /dev/sdb /dev/sdc
6.)When you specify a single device, metadata is duplicated on that device unless you specify only a single copy. To create a Btrfs file system on a single block device (for example, /dev/sdb) and to specify not to duplicate the metadata: # mkfs.btrfs –m single /dev/sdb
7.) Use the mount command or make an entry in /etc/fstab as you would when mounting any other type of Linux file system. You can reference either device when your file system contains multiple devices. You can also reference the file system label or the UUID. Example: # mount /dev/sdb /btrfs
Make sure you have the entry in /etc/fstab (Example below uses UUID of the Btrfs device): # vi /etc/fstab UUID=e7e5c123-fg76-5gxx-a87d-gt5fed9r768e /data btrfs defaults 0 0
If you would like more information on the various file formats including NTFS and EXT4 you can go to Wikipedia.
Windows does not natively work with Btrfs, however there is an open source Btrfs driver for Windows that allows Windows to utilize Btrfs as a storage device. This project is still under development and is having great success.