salt.states.cryptdev

Opening of Encrypted Devices

Ensure that an encrypted device is mapped with the mapped function:

mappedname:
  cryptdev.mapped:
    - device: /dev/sdb1
    - keyfile: /etc/keyfile.key
    - opts:
      - size=256

swap:
  crypted.mapped:
    - device: /dev/sdx4
    - keyfile: /dev/urandom
    - opts: swap,cipher=aes-cbc-essiv:sha256,size=256

mappedbyuuid:
  crypted.mapped:
    - device: UUID=066e0200-2867-4ebe-b9e6-f30026ca2314
    - keyfile: /etc/keyfile.key
    - config: /etc/alternate-crypttab

New in version 2018.3.0.

salt.states.cryptdev.mapped(name, device, keyfile=None, opts=None, config='/etc/crypttab', persist=True, immediate=False, match_on='name')

Verify that a device is mapped

name: The name under which the device is to be mapped
device: The device name, typically the device node, such as /dev/sdb1 or UUID=066e0200-2867-4ebe-b9e6-f30026ca2314.
keyfile: Either None if the password is to be entered manually on boot, or an absolute path to a keyfile. If the password is to be asked interactively, the mapping cannot be performed with immediate=True.
opts: A list object of options or a comma delimited list
config: Set an alternative location for the crypttab, if the map is persistent, Default is /etc/crypttab
persist: Set if the map should be saved in the crypttab, Default is True
immediate: Set if the device mapping should be executed immediately. Requires that the keyfile not be None, because the password cannot be asked interactively. Note that options are not passed through on the initial mapping. Default is False.
match_on: A name or list of crypttab properties on which this state should be applied. Default is name, meaning that the line is matched only by the name parameter. If the desired configuration requires two devices mapped to the same name, supply a list of parameters to match on.

salt.states.cryptdev.unmapped(name, config='/etc/crypttab', persist=True, immediate=False)

Ensure that a device is unmapped

name: The name to ensure is not mapped
config: Set an alternative location for the crypttab, if the map is persistent, Default is /etc/crypttab
persist: Set if the map should be removed from the crypttab. Default is True
immediate: Set if the device should be unmapped immediately. Default is False.

© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/states/all/salt.states.cryptdev.html