From ba2ab1cb42db29c8287c65a3f1e0b646eeba0464 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 20 Jan 2024 22:42:30 +0100 Subject: add storage_device roles --- roles/storage/luks/base/tasks/main.yml | 45 +++++------------------------ roles/storage/luks/device/defaults/main.yml | 7 +++++ roles/storage/luks/device/tasks/main.yml | 36 +++++++++++++++++++++++ 3 files changed, 51 insertions(+), 37 deletions(-) create mode 100644 roles/storage/luks/device/defaults/main.yml create mode 100644 roles/storage/luks/device/tasks/main.yml (limited to 'roles/storage/luks') diff --git a/roles/storage/luks/base/tasks/main.yml b/roles/storage/luks/base/tasks/main.yml index 7fe556a1..eca233e8 100644 --- a/roles/storage/luks/base/tasks/main.yml +++ b/roles/storage/luks/base/tasks/main.yml @@ -4,40 +4,11 @@ name: cryptsetup-bin state: present -- name: Create temporary build directory - tempfile: - state: directory - register: keyfile_dir - changed_when: False - check_mode: False - -- name: create luks volumes - block: - - name: write passphrases into temporary keyfiles - loop: "{{ luks_devices | dict2items }}" - loop_control: - label: "{{ item.key }}" - copy: - dest: "{{ keyfile_dir.path }}/{{ item.key }}" - content: "{{ item.value.passphrase }}" - mode: 0600 - changed_when: False - check_mode: False - - - name: create/open luks volumes - loop: "{{ luks_devices | dict2items }}" - loop_control: - label: "{{ item.key }} ({{ item.value.device }})" - luks_device: - name: "{{ item.key }}" - device: "{{ item.value.device }}" - keyfile: "{{ keyfile_dir.path }}/{{ item.key }}" - state: opened - - always: - - name: remove base-directory for keyfiles - file: - path: "{{ keyfile_dir.path }}" - state: absent - changed_when: False - check_mode: False +- name: create luks devices + loop: "{{ luks_devices | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + luks_device: "{{ item.value | combine({'name': item.key}) }}" + include_role: + name: storage/luks/device diff --git a/roles/storage/luks/device/defaults/main.yml b/roles/storage/luks/device/defaults/main.yml new file mode 100644 index 00000000..009d1485 --- /dev/null +++ b/roles/storage/luks/device/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# luks_device: +# name: crypto-nvme0 +# passphrase: "keep-this-very-very-secret" +# device: /dev/nvme0n1p3 + +luks_device: "{{ storage_device }}" diff --git a/roles/storage/luks/device/tasks/main.yml b/roles/storage/luks/device/tasks/main.yml new file mode 100644 index 00000000..7b84b8cc --- /dev/null +++ b/roles/storage/luks/device/tasks/main.yml @@ -0,0 +1,36 @@ +--- +- name: Create temporary build directory + check_mode: False + tempfile: + state: directory + changed_when: False + register: luks_keyfile_dir + +- name: create luks device + block: + - name: write passphrase into temporary keyfile + check_mode: False + copy: + dest: "{{ luks_keyfile_dir.path }}/{{ luks_device.name }}" + content: "{{ luks_device.passphrase }}" + mode: 0400 + changed_when: False + + - name: create/open luks device + luks_device: + name: "{{ luks_device.name }}" + device: "{{ luks_device.device }}" + keyfile: "{{ luks_keyfile_dir.path }}/{{ luks_device.name }}" + state: opened + + always: + - name: remove base-directory for keyfiles + check_mode: False + file: + path: "{{ luks_keyfile_dir.path }}" + state: absent + changed_when: False + +- name: export device path + set_fact: + storage_device_path: "/dev/mapper/{{ luks_device.name }}" -- cgit v1.2.3