New in version 1.9.
Control Linux encrypted block devices that are set up during system boot in /etc/crypttab.
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| backing_device | no | Path to the underlying block device or file, or the UUID of a block-device prefixed with UUID=
|
||
| name | yes | Name of the encrypted block device as it appears in the /etc/crypttab file, or optionaly prefixed with /dev/mapper/, as it appears in the filesystem. /dev/mapper/ will be stripped from name. |
||
| opts | no | A comma-delimited list of options. See crypttab(5 ) for details. |
||
| password | no | none | Encryption password, the path to a file containing the password, or 'none' or '-' if the password should be entered at boot. |
|
| path | no | /etc/crypttab | Path to file to use instead of /etc/crypttab. This might be useful in a chroot environment. |
|
| state | yes |
| Use present to add a line to /etc/crypttab or update it's definition if already present. Use absent to remove a line with matching name. Use opts_present to add options to those already present; options with different values will be updated. Use opts_absent to remove options from the existing set. |
- name: Set the options explicitly a device which must already exist
crypttab: name=luks-home state=present opts=discard,cipher=aes-cbc-essiv:sha256
- name: Add the 'discard' option to any existing options for all devices
crypttab: name={{ item.device }} state=opts_present opts=discard
with_items: ansible_mounts
when: '/dev/mapper/luks-' in {{ item.device }}
For more information on what this means please read Extras Modules
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.
© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/crypttab_module.html