community.general.crypttab – Encrypted Linux block devices
Note
This plugin is part of the community.general collection (version 3.8.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.crypttab
.
Synopsis
Control Linux encrypted block devices that are set up during system boot in
/etc/crypttab
.
Parameters
Parameter |
Comments |
---|---|
Path to the underlying block device or file, or the UUID of a block-device prefixed with UUID=. |
|
Name of the encrypted block device as it appears in the |
|
A comma-delimited list of options. See |
|
Encryption password, the path to a file containing the password, or |
|
Path to file to use instead of This might be useful in a chroot environment. Default: “/etc/crypttab” |
|
Use present to add a line to Use absent to remove a line with matching name. Use opts_present to add options to those already present; options with different values will be updated. Use opts_absent to remove options from the existing set. Choices:
|
Examples
- name: Set the options explicitly a device which must already exist
community.general.crypttab:
name: luks-home
state: present
opts: discard,cipher=aes-cbc-essiv:sha256
- name: Add the 'discard' option to any existing options for all devices
community.general.crypttab:
name: '{{ item.device }}'
state: opts_present
opts: discard
loop: '{{ ansible_mounts }}'
when: "'/dev/mapper/luks-' in {{ item.device }}"
Authors
Steve (@groks)