salt.states.cryptdev#
Opening of Encrypted Devices#
Ensure that an encrypted device is mapped with the mapped function:
mappedname:
cryptdev.mapped:
- device: /dev/sdb1
- keyfile: /etc/keyfile.key
- opts:
- size=256
swap:
crypted.mapped:
- device: /dev/sdx4
- keyfile: /dev/urandom
- opts: swap,cipher=aes-cbc-essiv:sha256,size=256
mappedbyuuid:
crypted.mapped:
- device: UUID=066e0200-2867-4ebe-b9e6-f30026ca2314
- keyfile: /etc/keyfile.key
- config: /etc/alternate-crypttab
New in version 2018.3.0.
- salt.states.cryptdev.mapped(name, device, keyfile=None, opts=None, config='/etc/crypttab', persist=True, immediate=False, match_on='name')#
Verify that a device is mapped
- name
The name under which the device is to be mapped
- device
The device name, typically the device node, such as
/dev/sdb1orUUID=066e0200-2867-4ebe-b9e6-f30026ca2314.- keyfile
Either
Noneif the password is to be entered manually on boot, or an absolute path to a keyfile. If the password is to be asked interactively, the mapping cannot be performed withimmediate=True.- opts
A list object of options or a comma delimited list
- config
Set an alternative location for the crypttab, if the map is persistent, Default is
/etc/crypttab- persist
Set if the map should be saved in the crypttab, Default is
True- immediate
Set if the device mapping should be executed immediately. Requires that the keyfile not be
None, because the password cannot be asked interactively. Note that options are not passed through on the initial mapping. Default isFalse.- match_on
A name or list of crypttab properties on which this state should be applied. Default is
name, meaning that the line is matched only by the name parameter. If the desired configuration requires two devices mapped to the same name, supply a list of parameters to match on.
- salt.states.cryptdev.unmapped(name, config='/etc/crypttab', persist=True, immediate=False)#
Ensure that a device is unmapped
- name
The name to ensure is not mapped
- config
Set an alternative location for the crypttab, if the map is persistent, Default is
/etc/crypttab- persist
Set if the map should be removed from the crypttab. Default is
True- immediate
Set if the device should be unmapped immediately. Default is
False.