1 changed files with 19 additions and 20 deletions
Unified View
Diff Options
-
+19 -20tasks/main.yml
+ 19
- 20
tasks/main.yml
View File
| @@ -10,7 +10,15 @@ | |||||
| with_items: | with_items: | ||||
| - cryptsetup | - cryptsetup | ||||
| when: ansible_os_family == "Debian" | when: ansible_os_family == "Debian" | ||||
| - name: close | |||||
| command: | |||||
| cryptsetup close | |||||
| {{ item.name }} | |||||
| with_items: "{{ dmcrypt_devices }}" | |||||
| when: | |||||
| dmcrypt_devices_state == "closed" | |||||
| - name: ramdisk | - name: ramdisk | ||||
| mount: | mount: | ||||
| src: ram | src: ram | ||||
| @@ -34,33 +42,23 @@ | |||||
| dmcrypt_devices_state == "wiped" or | dmcrypt_devices_state == "wiped" or | ||||
| dmcrypt_devices_state == "opened" | dmcrypt_devices_state == "opened" | ||||
| - name: keyfile | |||||
| copy: | |||||
| content: "{{ item.key | default( lookup('pipe','pass show '+dmcrypt_key_pass_folder+'/'+item.name) ) }}" | |||||
| dest: /ram/dmcrypt_devices/{{ item.name }} | |||||
| - name: shred device | |||||
| command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }} | |||||
| with_items: "{{ dmcrypt_devices }}" | with_items: "{{ dmcrypt_devices }}" | ||||
| when: | when: | ||||
| dmcrypt_devices_state == "formated" or | |||||
| dmcrypt_devices_state == "wiped" or | dmcrypt_devices_state == "wiped" or | ||||
| dmcrypt_devices_state == "opened" | |||||
| dmcrypt_devices_state == "erased" | |||||
| - name: close | |||||
| command: | |||||
| cryptsetup close | |||||
| {{ item.name }} | |||||
| with_items: "{{ dmcrypt_devices }}" | |||||
| when: | |||||
| #dmcrypt_devices_state == "formated" or | |||||
| #dmcrypt_devices_state == "wiped" or | |||||
| #dmcrypt_devices_state == "erased" or | |||||
| dmcrypt_devices_state == "closed" | |||||
| - name: shred device | |||||
| command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }} | |||||
| - name: keyfile | |||||
| copy: | |||||
| content: "{{ item.key }}" | |||||
| dest: /ram/dmcrypt_devices/{{ item.name }} | |||||
| with_items: "{{ dmcrypt_devices }}" | with_items: "{{ dmcrypt_devices }}" | ||||
| when: | when: | ||||
| dmcrypt_devices_state == "formated" or | |||||
| dmcrypt_devices_state == "wiped" or | dmcrypt_devices_state == "wiped" or | ||||
| dmcrypt_devices_state == "erased" | |||||
| dmcrypt_devices_state == "opened" | |||||
| - name: luksFormat | - name: luksFormat | ||||
| command: | command: | ||||
| @@ -79,6 +77,7 @@ | |||||
| command: | command: | ||||
| cryptsetup open --type luks | cryptsetup open --type luks | ||||
| --key-file=/ram/dmcrypt_devices/{{ item.name }} | --key-file=/ram/dmcrypt_devices/{{ item.name }} | ||||
| {{ item.discard | default(false) | ternary('--allow-discards','') }} | |||||
| {{ item.device }} | {{ item.device }} | ||||
| {{ item.name }} | {{ item.name }} | ||||
| with_items: "{{ dmcrypt_devices }}" | with_items: "{{ dmcrypt_devices }}" | ||||