ansible / ansible.builtin / v2.4.4.0-1 / module / crypttab Encrypted Linux block devices | "added in version" 1.9 of ansible.builtin" Authors: Steve (@groks) preview | supported by communityansible.builtin.crypttab (v2.4.4.0-1) — module
pip
Install with pip install ansible==2.4.4.0.post1
Control Linux encrypted block devices that are set up during system boot in C(/etc/crypttab).
# Since column is a special character in YAML, if your string contains a column, it's better to use quotes around the string - name: Set the options explicitly a device which must already exist crypttab: name: luks-home state: present opts: 'discard,cipher=aes-cbc-essiv:sha256'
- name: Add the 'discard' option to any existing options for all devices crypttab: name: '{{ item.device }}' state: opts_present opts: discard with_items: '{{ ansible_mounts }}' when: "'/dev/mapper/luks-' in {{ item.device }}"
name: aliases: [] default: null description: - Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or optionally prefixed with C(/dev/mapper/), as it appears in the filesystem. I(/dev/mapper/) will be stripped from I(name). required: true opts: description: - A comma-delimited list of options. See C(crypttab(5) ) for details. required: false path: default: /etc/crypttab description: - Path to file to use instead of C(/etc/crypttab). This might be useful in a chroot environment. required: false state: choices: - present - absent - opts_present - opts_absent default: null description: - Use I(present) to add a line to C(/etc/crypttab) or update it's definition if already present. Use I(absent) to remove a line with matching I(name). Use I(opts_present) to add options to those already present; options with different values will be updated. Use I(opts_absent) to remove options from the existing set. required: true password: default: none description: - Encryption password, the path to a file containing the password, or 'none' or '-' if the password should be entered at boot. required: false backing_device: default: null description: - Path to the underlying block device or file, or the UUID of a block-device prefixed with I(UUID=) required: false