This role allows you to configure a encrypted filesystem on top of any given block device using dm-crypt/cryptsetup and LUKS. A random keyfile generated on the Ansible controller will be used for the encryption by default. It is your responsibility that the keyfile is kept secure for this to make sense. For example by storing the keyfile on an already encrypted filesystem (both on the Ansible controller and the remote system).
- Create a random keyfile or use an already existing file.
- Manage
/etc/crypttaband/etc/fstab. - Create a LUKS header backup and store it on the Ansible controller.
- Setup and mount the encrypted filesystem without storing the keyfile on persistent storage of the remote system.
This role requires at least Ansible v1.9.0. To install it, run:
ansible-galaxy install debops.cryptsetupMore information about debops.cryptsetup can be found in the
official debops.cryptsetup documentation.
debops.secret
You may need to include missing roles from the DebOps common playbook into your playbook.
Try DebOps now for a complete solution to run your Debian-based infrastructure.
cryptsetup role was written by:
- Robin Schneider | e-mail | Twitter | GitHub
License: GPLv3
This role is part of the DebOps project. README generated by ansigenome.