projects_all
/
2024-ansible-case
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Исправление по модулям luks + дополнительная проверка на ошибки

master
Михаил Ильясов 2024-09-03 18:40:43 +00:00
parent aaf3abf692
commit f6a5f76485
2 changed files with 22 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
roles/start/tasks/encrypt_disks.yml
View File

@ -1,37 +1,38 @@
--- ---
- name: Create keyfile - name: Create keyfile
ansible.builtin.shell: | community.crypto.openssl_privatekey:
openssl genrsa -out /root/keyfile; chmod 0400 /root/keyfile path: /root/keyfile
ignore_errors: true
- name: Encrypt second disk - name: Create/Open encrypted second disk
ansible.builtin.shell: | community.crypto.luks_device:
cryptsetup -q luksFormat /dev/{{ sdisk_disk }} --key-file /root/keyfile device: "/dev/{{ sdisk_disk }}"
ignore_errors: true state: "opened"
name: "{{ sdisk_name }}"
- name: Open encrypted second disk keyfile: "/root/keyfile"
ansible.builtin.shell: |
cryptsetup luksOpen /dev/{{ sdisk_disk }} {{ sdisk_name }} --key-file /root/keyfile
ignore_errors: true ignore_errors: true
register: second_disk_status register: second_disk_status
- name: Format the encrypted second disk - name: Format the encrypted second disk
command: mkfs.ext4 /dev/mapper/{{ sdisk_name }} command: mkfs.ext4 /dev/mapper/{{ sdisk_name }}
when: second_disk_status.rc == 0 when: second_disk_status.failed|bool == false
- name: Ensure the mount point exists - name: Ensure the mount point exists
file: file:
path: /mnt/{{ sdisk_name }} path: /mnt/{{ sdisk_name }}
state: directory state: directory
when: second_disk_status.failed|bool == false
- name: Mount the encrypted second disk - name: Mount the encrypted second disk
mount: ansible.posix.mount:
path: /mnt/{{ sdisk_name }} path: /mnt/{{ sdisk_name }}
src: /dev/mapper/{{ sdisk_name }} src: /dev/mapper/{{ sdisk_name }}
fstype: ext4 fstype: ext4
state: mounted state: mounted
register: second_disk_status
when: second_disk_status.failed|bool == false
- name: Add crypttab - name: Add crypttab
ansible.builtin.shell: | ansible.builtin.shell: |
printf "{{ sdisk_name }} /dev/{{ sdisk_disk }} /root/keyfile luks\n">/etc/crypttab printf "{{ sdisk_name }} /dev/{{ sdisk_disk }} /root/keyfile luks\n">/etc/crypttab
when: second_disk_status.failed|bool == false

20
roles/start/tasks/encrypt_disks_rroot.yml
View File

@ -12,24 +12,20 @@
var: rroot_disk.stdout var: rroot_disk.stdout
- name: Create keyfile - name: Create keyfile
ansible.builtin.shell: | community.crypto.openssl_privatekey:
openssl genrsa -out /root/keyfile_rroot; chmod 0400 /root/keyfile_rroot path: /root/keyfile_rroot
ignore_errors: true ignore_errors: true
when: rroot_disk.stdout | length > 0 when: rroot_disk.stdout | length > 0
- name: Encrypt rroot disk - name: Create/Open encrypt rroot disk
ansible.builtin.shell: | community.crypto.luks_device:
cryptsetup -q luksFormat /dev/{{ rroot_disk.stdout }} --key-file /root/keyfile_rroot device: "/dev/{{ rroot_disk.stdout }}"
state: "opened"
name: "{{ rroot_disk.stdout }}"
keyfile: "/root/keyfile_rroot"
ignore_errors: true ignore_errors: true
when: rroot_disk.stdout | length > 0 when: rroot_disk.stdout | length > 0
- name: Open encrypted rroot disk
ansible.builtin.shell: |
cryptsetup luksOpen /dev/{{ rroot_disk.stdout }} {{ rroot_disk.stdout }} --key-file /root/keyfile_rroot
ignore_errors: true
register: rroot_disk_status
when: rroot_disk.stdout | length > 0
- name: Format the encrypted rroot disk - name: Format the encrypted rroot disk
command: mkfs.ext4 /dev/mapper/{{ rroot_disk.stdout }} command: mkfs.ext4 /dev/mapper/{{ rroot_disk.stdout }}
when: rroot_disk.stdout | length > 0 when: rroot_disk.stdout | length > 0