ansible-legacy/roles/crypto/tasks/main.yml

---
- name: Cryptsetup part of this tasklist
  shell: |
    mkdir -p -m0700 /srv/common/luks
    ( umask 0077 && dd if=/dev/urandom bs=1 count=4096 of=/srv/common/luks/crypt_dev_md1 conv=fsync )
    yes fai | cryptsetup luksAddKey /dev/md1 /srv/common/luks/crypt_dev_md1
    echo "crypt_dev_md1 /dev/md1 /srv/common/luks/crypt_dev_md1 luks,discard,key-slot=0" > /etc/crypttab
    echo "KEYFILE_PATTERN=*" >> /etc/cryptsetup-initramfs/conf-hook
    echo "UMASK=0077" >> /etc/initramfs-tools/conf.d/umask.conf
    update-initramfs -u
  args:
    executable: /bin/sh
    creates: /srv/common/luks
  become: yes
Added libvirt playbooks 2019-11-02 20:35:55 +00:00			`---`
			`- name: Cryptsetup part of this tasklist`
			`shell: \|`
			`mkdir -p -m0700 /srv/common/luks`
			`( umask 0077 && dd if=/dev/urandom bs=1 count=4096 of=/srv/common/luks/crypt_dev_md1 conv=fsync )`
			`yes fai \| cryptsetup luksAddKey /dev/md1 /srv/common/luks/crypt_dev_md1`
			`echo "crypt_dev_md1 /dev/md1 /srv/common/luks/crypt_dev_md1 luks,discard,key-slot=0" > /etc/crypttab`
			`echo "KEYFILE_PATTERN=*" >> /etc/cryptsetup-initramfs/conf-hook`
			`echo "UMASK=0077" >> /etc/initramfs-tools/conf.d/umask.conf`
			`update-initramfs -u`
			`args:`
			`executable: /bin/sh`
			`creates: /srv/common/luks`
			`become: yes`