disk_encrypt refactoring and net0 systemd

master
Михаил Ильясов 2024-08-29 11:00:08 +00:00
parent 56a1c65d4b
commit 1014000eb4
4 changed files with 36 additions and 11 deletions

View File

@ -1,5 +1,5 @@
#inventory
[test]
192.168.251.104 ansible_connection=ssh ansible_ssh_user=one ansible_ssh_pass=wimark ansible_sudo_pass=wimark second_disk=sdb adjacent_partition=sda
192.168.251.104 ansible_connection=ssh ansible_ssh_user=one ansible_ssh_pass=wimark ansible_sudo_pass=wimark

View File

@ -1,27 +1,37 @@
---
- name: Create keyfile
ansible.builtin.shell: |
openssl genrsa -out /root/keyfile; chmod 0400 /root/keyfile
ignore_errors: true
- name: Encrypt second disk
ansible.builtin.shell: |
echo -n "your_passphrase" | cryptsetup luksFormat /dev/{{ second_disk }} --key-file=-
cryptsetup -q luksFormat /dev/{{ sdisk_disk }} --key-file /root/keyfile
ignore_errors: true
- name: Open encrypted second disk
ansible.builtin.shell: |
echo -n "your_passphrase" | cryptsetup luksOpen /dev/{{ second_disk }} crypt_second_disk --key-file=-
cryptsetup luksOpen /dev/{{ sdisk_disk }} {{ sdisk_name }} --key-file /root/keyfile
ignore_errors: true
register: second_disk_status
- name: Format the encrypted second disk
command: mkfs.ext4 /dev/mapper/crypt_second_disk
command: mkfs.ext4 /dev/mapper/{{ sdisk_name }}
when: second_disk_status.rc == 0
- name: Ensure the mount point exists
file:
path: /mnt/encrypted_disk
path: /mnt/{{ sdisk_name }}
state: directory
- name: Mount the encrypted second disk
mount:
path: /mnt/encrypted_disk
src: /dev/mapper/crypt_second_disk
path: /mnt/{{ sdisk_name }}
src: /dev/mapper/{{ sdisk_name }}
fstype: ext4
state: mounted
- name: Add crypttab
ansible.builtin.shell: |
printf "{{ sdisk_name }} /dev/{{ sdisk_disk }} /root/keyfile luks\n">/etc/crypttab

View File

@ -1,9 +1,19 @@
- name: Rename network interface to net0
ansible.builtin.shell: ip link set dev {{ ansible_default_ipv4.interface }} name net0; netplan apply
- name: Rename systemd interface to net0
ansible.builtin.shell: |
printf "[Match]\nPermanentMACAddress={{ ansible_default_ipv4.macaddress }}\n\n[Link]\nName=net0\n">/etc/systemd/network/10-net-internal.link
- name: Netplan rename interface
replace:
path: /etc/netplan/50-cloud-init.yaml
regexp: '{{ ansible_default_ipv4.interface }}'
replace: 'net0'
- name: Netplan apply
ansible.builtin.shell: netplan apply
register: rename_interface
failed_when: rename_interface.rc != 0
- name: Display renamed network interface
ansible.builtin.debug:
msg: "Renamed network interface: net0"

View File

@ -2,6 +2,11 @@
hosts: test
become: yes
vars:
sdisk_disk: "sdb"
sdisk_name: "sdisk_crypt"
adjacent_partition: "sda"
roles:
- start