internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-03-26 21:33:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 83806cafc7

Browse Source
This commit is contained in:
felixfontein
2025-12-22 08:17:04 +00:00
parent a990964936
commit dff0b43a08
3 changed files with 100 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
branch/main/luks_device_module.html
View File

@@ -211,6 +211,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<li><p>wipefs (when <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><span class="std std-ref"><span class="pre">state</span></span></a></strong></code> is <code class="ansible-value docutils literal notranslate"><span class="pre">absent</span></code>)</p></li>
<li><p>lsblk</p></li>
<li><p>blkid (when <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-label"><span class="std std-ref"><span class="pre">label</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-uuid"><span class="std std-ref"><span class="pre">uuid</span></span></a></strong></code> options are used)</p></li>
<li><p>systemd-cryptsetup (for TPM2 only)</p></li>
</ul>
</section>
<section id="parameters">
@@ -297,10 +298,26 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<p><em class="ansible-option-versionadded">added in community.crypto 2.16.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Adds the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> to a specific keyslot when creating a new container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Parameter value is the number of the keyslot.</p>
<p>Defines the keyslot whose priority will be changed by <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyslot-priority"><span class="std std-ref"><span class="pre">keyslot_priority</span></span></a></strong></code></p>
<p><strong>Note</strong> that a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks1</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">7</span></code> and a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks2</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">31</span></code>. In order to use the keyslots <code class="ansible-value docutils literal notranslate"><span class="pre">8</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">31</span></code> when creating a new container, setting <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type</span></span></a></strong></code> to <code class="ansible-value docutils literal notranslate"><span class="pre">luks2</span></code> is required.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-keyslot_priority"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-keyslot-priority"><strong>keyslot_priority</strong></p>
<a class="ansibleOptionLink" href="#parameter-keyslot_priority" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Sets the keyslot priority for the keyslot specified by <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyslot"><span class="std std-ref"><span class="pre">keyslot</span></span></a></strong></code>.</p>
<p><strong>Note</strong> that keyslot priority is only supported for LUKS2 containers.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;prefer&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;normal&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;ignore&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-label"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-label"><strong>label</strong></p>
<a class="ansibleOptionLink" href="#parameter-label" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
@@ -310,14 +327,14 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<p>This cannot be specified if <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type</span></span></a></strong></code> is set to <code class="ansible-value docutils literal notranslate"><span class="pre">luks1</span></code>.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-name"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-name"><strong>name</strong></p>
<a class="ansibleOptionLink" href="#parameter-name" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Sets container name when <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><span class="std std-ref"><span class="pre">state=opened</span></span></a></code>. Can be used instead of <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> when closing the existing container (that is, when <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><span class="std std-ref"><span class="pre">state=closed</span></span></a></code>).</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-new_keyfile"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-new-keyfile"><strong>new_keyfile</strong></p>
<a class="ansibleOptionLink" href="#parameter-new_keyfile" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">path</span></p>
</div></td>
@@ -326,7 +343,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<p>BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-new_keyslot"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-new-keyslot"><strong>new_keyslot</strong></p>
<a class="ansibleOptionLink" href="#parameter-new_keyslot" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.16.0</em></p>
@@ -335,7 +352,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<p><strong>Note</strong> that a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks1</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">7</span></code> and a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks2</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">31</span></code>.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-new_passphrase"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-new-passphrase"><strong>new_passphrase</strong></p>
<a class="ansibleOptionLink" href="#parameter-new_passphrase" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
@@ -345,7 +362,26 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<p><strong>Note</strong> that the passphrase must be UTF-8 encoded text. If you want to use arbitrary binary data, or text using another encoding, use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase-encoding"><span class="std std-ref"><span class="pre">passphrase_encoding</span></span></a></strong></code> option and provide the passphrase Base64 encoded.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-new_tpm2"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-new-tpm2"><strong>new_tpm2</strong></p>
<a class="ansibleOptionLink" href="#parameter-new_tpm2" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Adds a TPM2 security chip to given container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Expects a device node path referring to the TPM2 chip (e.g. <code class="ansible-value docutils literal notranslate"><span class="pre">/dev/tpmrm0</span></code>). Alternatively the special value <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code> may be specified, in order to automatically determine the device node of a currently discovered TPM2 device (of which there must be exactly one). Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-tpm2-pcrs"><span class="std std-ref"><span class="pre">new_tpm2_pcrs</span></span></a></strong></code>.</p>
<p><strong>Note</strong> that <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-keyslot"><span class="std std-ref"><span class="pre">new_keyslot</span></span></a></strong></code> does not affect the keyslot for TPM2 enrollment.</p>
<p><strong>Note</strong> that only LUKS2 containers are supported.</p>
<p><strong>Note</strong> that systemd-cryptsetup (v248 or newer) is required.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-new_tpm2_pcrs"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-new-tpm2-pcrs"><strong>new_tpm2_pcrs</strong></p>
<a class="ansibleOptionLink" href="#parameter-new_tpm2_pcrs" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>TPM2 PCRs (Platform Configuration Registers) to bind to. See systemd-cryptenroll documentation for details (<code class="docutils literal notranslate"><span class="pre">--tpm2-pcrs</span></code> argument).</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-passphrase"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><strong>passphrase</strong></p>
<a class="ansibleOptionLink" href="#parameter-passphrase" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
@@ -354,7 +390,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<p><strong>Note</strong> that the passphrase must be UTF-8 encoded text. If you want to use arbitrary binary data, or text using another encoding, use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase-encoding"><span class="std std-ref"><span class="pre">passphrase_encoding</span></span></a></strong></code> option and provide the passphrase Base64 encoded.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-passphrase_encoding"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-passphrase-encoding"><strong>passphrase_encoding</strong></p>
<a class="ansibleOptionLink" href="#parameter-passphrase_encoding" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.23.0</em></p>
@@ -371,7 +407,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf"><strong>pbkdf</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.4.0</em></p>
@@ -380,7 +416,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<p>Will only be used on container creation, and when adding keys to an existing container.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/algorithm"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-algorithm"><strong>algorithm</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/algorithm" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -394,7 +430,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/iteration_count"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-count"><strong>iteration_count</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/iteration_count" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
@@ -402,7 +438,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<p>Mutually exclusive with <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-time"><span class="std std-ref"><span class="pre">pbkdf.iteration_time</span></span></a></strong></code>.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/iteration_time"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-time"><strong>iteration_time</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/iteration_time" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">float</span></p>
</div></td>
@@ -411,7 +447,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<p>Mutually exclusive with <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-count"><span class="std std-ref"><span class="pre">pbkdf.iteration_count</span></span></a></strong></code>.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/memory"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-memory"><strong>memory</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/memory" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
@@ -419,7 +455,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<p>This is not used for PBKDF2, but only for the Argon PBKDFs.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/parallel"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-parallel"><strong>parallel</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/parallel" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
@@ -427,7 +463,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<p>This is not used for PBKDF2, but only for the Argon PBKDFs.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-perf_no_read_workqueue"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-perf-no-read-workqueue"><strong>perf_no_read_workqueue</strong></p>
<a class="ansibleOptionLink" href="#parameter-perf_no_read_workqueue" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
@@ -441,7 +477,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-perf_no_write_workqueue"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-perf-no-write-workqueue"><strong>perf_no_write_workqueue</strong></p>
<a class="ansibleOptionLink" href="#parameter-perf_no_write_workqueue" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
@@ -455,7 +491,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-perf_same_cpu_crypt"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-perf-same-cpu-crypt"><strong>perf_same_cpu_crypt</strong></p>
<a class="ansibleOptionLink" href="#parameter-perf_same_cpu_crypt" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
@@ -470,7 +506,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-perf_submit_from_crypt_cpus"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-perf-submit-from-crypt-cpus"><strong>perf_submit_from_crypt_cpus</strong></p>
<a class="ansibleOptionLink" href="#parameter-perf_submit_from_crypt_cpus" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
@@ -486,7 +522,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-persistent"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-persistent"><strong>persistent</strong></p>
<a class="ansibleOptionLink" href="#parameter-persistent" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
@@ -501,7 +537,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-remove_keyfile"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-remove-keyfile"><strong>remove_keyfile</strong></p>
<a class="ansibleOptionLink" href="#parameter-remove_keyfile" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">path</span></p>
</div></td>
@@ -511,7 +547,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<p>BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-remove_keyslot"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-remove-keyslot"><strong>remove_keyslot</strong></p>
<a class="ansibleOptionLink" href="#parameter-remove_keyslot" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.16.0</em></p>
@@ -521,7 +557,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<p><strong>Note</strong> that the given <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> must not be in the slot to be removed.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-remove_passphrase"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-remove-passphrase"><strong>remove_passphrase</strong></p>
<a class="ansibleOptionLink" href="#parameter-remove_passphrase" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
@@ -532,6 +568,21 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<p><strong>Note</strong> that the passphrase must be UTF-8 encoded text. If you want to use arbitrary binary data, or text using another encoding, use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase-encoding"><span class="std std-ref"><span class="pre">passphrase_encoding</span></span></a></strong></code> option and provide the passphrase Base64 encoded.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-remove_tpm2"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-remove-tpm2"><strong>remove_tpm2</strong></p>
<a class="ansibleOptionLink" href="#parameter-remove_tpm2" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Removes <strong>all</strong> key slots on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> that are unlocked by a TPM2 device. Needs <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code>, or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code> for authorization.</p>
<p><strong>Note</strong> that systemd-cryptsetup (v248 or newer) is required.</p>
<p><strong>Note</strong> that you should avoid using <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code> to authorize removal of all TPM2 slots to ensure that you can still access the container afterwards.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-sector_size"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-sector-size"><strong>sector_size</strong></p>
<a class="ansibleOptionLink" href="#parameter-sector_size" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
@@ -548,7 +599,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<td><div class="ansible-option-cell"><p>Desired state of the LUKS container. Based on its value creates, destroys, opens or closes the LUKS container on a given device.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">present</span></code> will create LUKS container unless already present. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and either <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> options to be provided.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">absent</span></code> will remove existing LUKS container if it exists. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> to be specified.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">opened</span></code> will unlock the LUKS container. If it does not exist it will be created first. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and either <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> to be specified. Use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> option to set the name of the opened container. Otherwise the name will be generated automatically and returned as a part of the result.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">opened</span></code> will unlock the LUKS container. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and one of <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code> to be specified. If the container does not exist it will be created first, however <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code> can not be used for creation. Use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> option to set the name of the opened container. Otherwise the name will be generated automatically and returned as a part of the result.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">closed</span></code> will lock the LUKS container. However if the container does not exist it will be created. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and either <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> options to be provided. If container does already exist <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> will suffice.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
@@ -560,6 +611,16 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-tpm2_device"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><strong>tpm2_device</strong></p>
<a class="ansibleOptionLink" href="#parameter-tpm2_device" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Used to unlock the container, but can not be used for container creation. A device node path referring to a TPM2 chip (for example <code class="ansible-value docutils literal notranslate"><span class="pre">/dev/tpmrm0</span></code>). Alternatively the special value <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code> may be specified, in order to automatically determine the device node of a currently discovered TPM2 device (of which there must be exactly one).</p>
<p><strong>Note</strong> that only LUKS2 containers are supported</p>
<p><strong>Note</strong> that systemd-cryptsetup (v256 or newer) is required.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-type"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-type"><strong>type</strong></p>
<a class="ansibleOptionLink" href="#parameter-type" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
@@ -572,7 +633,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-uuid"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-uuid"><strong>uuid</strong></p>
<a class="ansibleOptionLink" href="#parameter-uuid" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
@@ -742,6 +803,23 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">remove_keyslot</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">4</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Enroll a TPM2 device using a keyfile to unlock the container</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_tpm2</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;auto&quot;</span>
<span class="w"> </span><span class="nt">new_tpm2_pcrs</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1+3+5+7+11+12+14&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove all enrolled TPM2 devices</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">tpm2_device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;auto&quot;</span>
<span class="w"> </span><span class="nt">remove_tpm2</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Set the priority of keyslot 0 to &#39;prefer&#39;</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">keyslot</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">0</span>
<span class="w"> </span><span class="nt">keyslot_priority</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">prefer</span>
</pre></div>
</div>
</section>

BIN
branch/main/objects.inv
View File

Binary file not shown.

2
branch/main/searchindex.js
View File

File diff suppressed because one or more lines are too long