ka
/
ansible-role-dmcrypt_devices
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

current

master
Markus Katharina Brechtel 5 years ago
parent
1e5fc618cf
commit
8aab8fd1e2
1 changed files with 6 additions and 56 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -56
      tasks/main.yml

+ 6
- 56
tasks/main.yml View File

@@ -1,8 +1,5 @@
--- ---


- setup:
gather_subset: "!all"

- name: debian apt install packages - name: debian apt install packages
apt: apt:
pkg: "{{ item }}" pkg: "{{ item }}"
@@ -19,29 +16,6 @@
when: when:
dmcrypt_devices_state == "closed" dmcrypt_devices_state == "closed"


- name: ramdisk
mount:
src: ram
fstype: ramfs
name: /ram
state: mounted
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"

- name: keyfile directory
file:
path: /ram/dmcrypt_devices/
owner: root
group: root
mode: 0700
state: directory
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"

- name: shred device - name: shred device
command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }} command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }}
with_items: "{{ dmcrypt_devices }}" with_items: "{{ dmcrypt_devices }}"
@@ -49,25 +23,17 @@
dmcrypt_devices_state == "wiped" or dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "erased" dmcrypt_devices_state == "erased"



- name: keyfile
copy:
content: "{{ item.key }}"
dest: /ram/dmcrypt_devices/{{ item.name }}
with_items: "{{ dmcrypt_devices }}"
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"

- name: luksFormat - name: luksFormat
command: command:
cryptsetup luksFormat cryptsetup luksFormat
--key-file=- --batch-mode
--cipher {{ item.cipher }} --cipher {{ item.cipher }}
--hash {{ item.hash }} --hash {{ item.hash }}
--key-size {{ item.key_size }} --key-size {{ item.key_size }}
{{ item.device }} {{ item.device }}
/ram/dmcrypt_devices/{{ item.name }} /ram/dmcrypt_devices/{{ item.name }}
args:
stdin: "{{ item.key }}"
with_items: "{{ dmcrypt_devices }}" with_items: "{{ dmcrypt_devices }}"
when: when:
dmcrypt_devices_state == "formated" or dmcrypt_devices_state == "formated" or
@@ -76,29 +42,13 @@
- name: open - name: open
command: command:
cryptsetup open --type luks cryptsetup open --type luks
--key-file=/ram/dmcrypt_devices/{{ item.name }}
--key-file=- --batch-mode
{{ item.discard | default(false) | ternary('--allow-discards','') }} {{ item.discard | default(false) | ternary('--allow-discards','') }}
{{ item.device }} {{ item.device }}
{{ item.name }} {{ item.name }}
args:
stdin: "{{ item.key }}"
with_items: "{{ dmcrypt_devices }}" with_items: "{{ dmcrypt_devices }}"
when: when:
dmcrypt_devices_state == "formated" or dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "opened" dmcrypt_devices_state == "opened"

- name: wipe keyfile
command: shred /ram/dmcrypt_devices/{{ item.name }}
with_items: "{{ dmcrypt_devices }}"
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"

- name: remove keyfile
file:
path: /ram/dmcrypt_devices/{{ item.name }}
state: absent
with_items: "{{ dmcrypt_devices }}"
when:
dmcrypt_devices_state == "formated" or
dmcrypt_devices_state == "wiped" or
dmcrypt_devices_state == "opened"

Write Preview
Loading…
Cancel
Save