W3cubDocs

/Ansible

crypttab - Encrypted Linux block devices

New in version 1.9.

Synopsis

Control Linux encrypted block devices that are set up during system boot in /etc/crypttab.

Options

parameter required default choices comments
backing_device
no
Path to the underlying block device or file, or the UUID of a block-device prefixed with UUID=
name
yes
Name of the encrypted block device as it appears in the /etc/crypttab file, or optionaly prefixed with /dev/mapper/, as it appears in the filesystem. /dev/mapper/ will be stripped from name.
opts
no
A comma-delimited list of options. See crypttab(5 ) for details.
password
no none
Encryption password, the path to a file containing the password, or 'none' or '-' if the password should be entered at boot.
path
no /etc/crypttab
Path to file to use instead of /etc/crypttab. This might be useful in a chroot environment.
state
yes
  • present
  • absent
  • opts_present
  • opts_absent
Use present to add a line to /etc/crypttab or update it's definition if already present. Use absent to remove a line with matching name. Use opts_present to add options to those already present; options with different values will be updated. Use opts_absent to remove options from the existing set.

Examples

- name: Set the options explicitly a device which must already exist
  crypttab: name=luks-home state=present opts=discard,cipher=aes-cbc-essiv:sha256

- name: Add the 'discard' option to any existing options for all devices
  crypttab: name={{ item.device }} state=opts_present opts=discard
  with_items: ansible_mounts
  when: '/dev/mapper/luks-' in {{ item.device }}

This is an Extras Module

For more information on what this means please read Extras Modules

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.

© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/crypttab_module.html