ka
/
ansible-role-dmcrypt_devices
1
0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commit
1 分支
24KB
目錄樹: 1e5fc618cf
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from '1e5fc618cf'
${ noResults }
ansible-role-dmcrypt_devices/tasks/main.yml

105 line
2.5KB
原始文件 Blame 文件歷史 

  1. ---

  2. 

  3. - setup:

  4.     gather_subset: "!all"

  5. 

  6. - name: debian apt install packages

  7.   apt:

  8.     pkg: "{{ item }}"

  9.     state: installed

  10.   with_items:

  11.     - cryptsetup

  12.   when: ansible_os_family == "Debian"

  13. 

  14. - name: close

  15.   command:

  16.     cryptsetup close

  17.     {{ item.name }}

  18.   with_items: "{{ dmcrypt_devices }}"

  19.   when:

  20.     dmcrypt_devices_state == "closed"

  21. 

  22. - name: ramdisk

  23.   mount:

  24.     src: ram

  25.     fstype: ramfs

  26.     name: /ram

  27.     state: mounted

  28.   when:

  29.     dmcrypt_devices_state == "formated" or

  30.     dmcrypt_devices_state == "wiped" or

  31.     dmcrypt_devices_state == "opened"

  32. 

  33. - name: keyfile directory

  34.   file:

  35.     path: /ram/dmcrypt_devices/

  36.     owner: root

  37.     group: root

  38.     mode: 0700

  39.     state: directory

  40.   when:

  41.     dmcrypt_devices_state == "formated" or

  42.     dmcrypt_devices_state == "wiped" or

  43.     dmcrypt_devices_state == "opened"

  44. 

  45. - name: shred device

  46.   command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }}

  47.   with_items: "{{ dmcrypt_devices }}"

  48.   when:

  49.     dmcrypt_devices_state == "wiped" or

  50.     dmcrypt_devices_state == "erased"

  51. 

  52. 

  53. - name: keyfile

  54.   copy:

  55.     content: "{{ item.key }}"

  56.     dest: /ram/dmcrypt_devices/{{ item.name }}

  57.   with_items: "{{ dmcrypt_devices }}"

  58.   when:

  59.     dmcrypt_devices_state == "formated" or

  60.     dmcrypt_devices_state == "wiped" or

  61.     dmcrypt_devices_state == "opened"

  62. 

  63. - name: luksFormat

  64.   command:

  65.     cryptsetup luksFormat

  66.     --cipher {{ item.cipher }}

  67.     --hash {{ item.hash }}

  68.     --key-size {{ item.key_size }}

  69.     {{ item.device }}

  70.     /ram/dmcrypt_devices/{{ item.name }}

  71.   with_items: "{{ dmcrypt_devices }}"

  72.   when:

  73.     dmcrypt_devices_state == "formated" or

  74.     dmcrypt_devices_state == "wiped"

  75. 

  76. - name: open

  77.   command:

  78.     cryptsetup open --type luks

  79.     --key-file=/ram/dmcrypt_devices/{{ item.name }}

  80.     {{ item.discard | default(false) | ternary('--allow-discards','') }}

  81.     {{ item.device }}

  82.     {{ item.name }}

  83.   with_items: "{{ dmcrypt_devices }}"

  84.   when:

  85.     dmcrypt_devices_state == "formated" or

  86.     dmcrypt_devices_state == "opened"

  87. 

  88. - name: wipe keyfile

  89.   command: shred /ram/dmcrypt_devices/{{ item.name }}

  90.   with_items: "{{ dmcrypt_devices }}"

  91.   when:

  92.     dmcrypt_devices_state == "formated" or

  93.     dmcrypt_devices_state == "wiped" or

  94.     dmcrypt_devices_state == "opened"

  95. 

  96. - name: remove keyfile

  97.   file:

  98.     path: /ram/dmcrypt_devices/{{ item.name }}

  99.     state: absent

  100.   with_items: "{{ dmcrypt_devices }}"

  101.   when:

  102.     dmcrypt_devices_state == "formated" or

  103.     dmcrypt_devices_state == "wiped" or

  104.     dmcrypt_devices_state == "opened"