crypttab – Encrypted Linux block devices¶
New in version 1.9.
Synopsis¶
- Control Linux encrypted block devices that are set up during system boot in
/etc/crypttab.
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
backing_device
-
|
Path to the underlying block device or file, or the UUID of a block-device prefixed with UUID=.
|
|
|
name
-
/ required
|
Name of the encrypted block device as it appears in the
/etc/crypttab file, or optionally prefixed with /dev/mapper/, as it appears in the filesystem. /dev/mapper/ will be stripped from name. |
|
|
opts
-
|
A comma-delimited list of options. See
crypttab(5 ) for details. |
|
|
password
-
|
Default: "none"
|
Encryption password, the path to a file containing the password, or
none or - if the password should be entered at boot. |
|
path
-
|
Default: "/etc/crypttab"
|
Path to file to use instead of
/etc/crypttab. This might be useful in a chroot environment. |
|
state
-
/ required
|
|
Use present to add a line to
/etc/crypttab or update it's definition if already present. Use absent to remove a line with matching name. Use opts_present to add options to those already present; options with different values will be updated. Use opts_absent to remove options from the existing set. |
Examples¶
- name: Set the options explicitly a device which must already exist
crypttab:
name: luks-home
state: present
opts: discard,cipher=aes-cbc-essiv:sha256
- name: Add the 'discard' option to any existing options for all devices
crypttab:
name: '{{ item.device }}'
state: opts_present
opts: discard
with_items: '{{ ansible_mounts }}'
when: "'/dev/mapper/luks-' in {{ item.device }}"
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Steve (@groks)
Hint
If you notice any issues in this documentation you can edit this document to improve it.