community / community.general / 8.5.0 / module / crypttab Encrypted Linux block devices Authors: Steve (@groks)community.general.crypttab (8.5.0) — module
Install with ansible-galaxy collection install community.general:==8.5.0
collections: - name: community.general version: 8.5.0
Control Linux encrypted block devices that are set up during system boot in C(/etc/crypttab).
- name: Set the options explicitly a device which must already exist community.general.crypttab: name: luks-home state: present opts: discard,cipher=aes-cbc-essiv:sha256
- name: Add the 'discard' option to any existing options for all devices community.general.crypttab: name: '{{ item.device }}' state: opts_present opts: discard loop: '{{ ansible_mounts }}' when: "'/dev/mapper/luks-' in {{ item.device }}"
name: description: - Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or optionally prefixed with V(/dev/mapper/), as it appears in the filesystem. V(/dev/mapper/) will be stripped from O(name). required: true type: str opts: description: - A comma-delimited list of options. See V(crypttab(5\)) for details. type: str path: default: /etc/crypttab description: - Path to file to use instead of V(/etc/crypttab). - This might be useful in a chroot environment. type: path state: choices: - absent - opts_absent - opts_present - present description: - Use V(present) to add a line to C(/etc/crypttab) or update its definition if already present. - Use V(absent) to remove a line with matching O(name). - Use V(opts_present) to add options to those already present; options with different values will be updated. - Use V(opts_absent) to remove options from the existing set. required: true type: str password: description: - Encryption password, the path to a file containing the password, or V(-) or unset if the password should be entered at boot. type: path backing_device: description: - Path to the underlying block device or file, or the UUID of a block-device prefixed with V(UUID=). type: str