ka
/
ansible-role-dmcrypt_devices
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

current

master
Markus Katharina Brechtel 8 years ago
parent
b0ef055542
commit
67806fe1b0
2 changed files with 58 additions and 10 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      defaults/main.yml
  2. +57
    -10
      tasks/main.yml

+ 1
- 0
defaults/main.yml View File

@@ -0,0 +1 @@
dmcrypt_devices_shred_iterations: 1

+ 57
- 10
tasks/main.yml View File

@@ -1,19 +1,26 @@
--- ---


- name: shred device
command:
shred
--iterations=1
{{ item.device }}
when: item.wipe is defined and item.wipe
with_items: "{{ dmcrypt_devices }}"
- setup:
gather_subset: "!all"


- name: debian apt install packages
apt:
pkg: "{{ item }}"
state: installed
with_items:
- cryptsetup
when: ansible_os_family == "Debian"
- name: ramdisk - name: ramdisk
mount: mount:
src: ram src: ram
fstype: ramfs fstype: ramfs
name: /ram name: /ram
state: mounted state: mounted
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"


- name: keyfile directory - name: keyfile directory
file: file:
@@ -22,12 +29,38 @@
group: root group: root
mode: 0700 mode: 0700
state: directory state: directory
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"


- name: keyfile - name: keyfile
copy: copy:
content: "{{ item.key }}"
content: "{{ item.key | default( lookup('pipe','pass show '+dmcrypt_key_pass_folder+'/'+item.name) ) }}"
dest: /ram/dmcrypt_devices/{{ item.name }} dest: /ram/dmcrypt_devices/{{ item.name }}
with_items: "{{ dmcrypt_devices }}" with_items: "{{ dmcrypt_devices }}"
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"

- name: close
command:
cryptsetup close
{{ item.name }}
with_items: "{{ dmcrypt_devices }}"
when:
#dmcrypt_devices_state == "formated" or
#dmcrypt_devices_state == "wiped" or
#dmcrypt_devices_state == "erased" or
dmcrypt_devices_state == "closed"

- name: shred device
command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }}
with_items: "{{ dmcrypt_devices }}"
when:
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "erased"


- name: luksFormat - name: luksFormat
command: command:
@@ -38,21 +71,35 @@
{{ item.device }} {{ item.device }}
/ram/dmcrypt_devices/{{ item.name }} /ram/dmcrypt_devices/{{ item.name }}
with_items: "{{ dmcrypt_devices }}" with_items: "{{ dmcrypt_devices }}"
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped"


- name: luksOpen
- name: open
command: command:
cryptsetup luksOpen
cryptsetup open --type luks
--key-file=/ram/dmcrypt_devices/{{ item.name }} --key-file=/ram/dmcrypt_devices/{{ item.name }}
{{ item.device }} {{ item.device }}
{{ item.name }} {{ item.name }}
with_items: "{{ dmcrypt_devices }}" with_items: "{{ dmcrypt_devices }}"
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "opened"


- name: wipe keyfile - name: wipe keyfile
command: shred /ram/dmcrypt_devices/{{ item.name }} command: shred /ram/dmcrypt_devices/{{ item.name }}
with_items: "{{ dmcrypt_devices }}" with_items: "{{ dmcrypt_devices }}"
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"


- name: remove keyfile - name: remove keyfile
file: file:
path: /ram/dmcrypt_devices/{{ item.name }} path: /ram/dmcrypt_devices/{{ item.name }}
state: absent state: absent
with_items: "{{ dmcrypt_devices }}" with_items: "{{ dmcrypt_devices }}"
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"

Write Preview
Loading…
Cancel
Save