a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community.crypto/pr/848/luks_device_module.html

822 lines
96 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="./">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta content="2.16.3" name="antsibull-docs" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>community.crypto.luks_device module Manage encrypted (LUKS) devices &mdash; Community.Crypto Collection documentation</title>
<link rel="stylesheet" type="text/css" href="_static/pygments.css?v=41de9001" />
<link rel="stylesheet" type="text/css" href="_static/css/ansible.css?v=c5b67dd2" />
<link rel="stylesheet" type="text/css" href="_static/antsibull-minimal.css" />
<link rel="stylesheet" type="text/css" href="_static/css/rtd-ethical-ads.css?v=289b023e" />
<link rel="shortcut icon" href="_static/images/Ansible-Mark-RGB_Black.png"/>
<script src="_static/jquery.js?v=5d32c60e"></script>
<script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="_static/documentation_options.js?v=7f41d439"></script>
<script src="_static/doctools.js?v=9bcbadda"></script>
<script src="_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="_static/js/theme.js"></script>
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="community.crypto.openssh_cert module Generate OpenSSH host or user certificates" href="openssh_cert_module.html" />
<link rel="prev" title="community.crypto.get_certificate module Get a certificate from a host:port" href="get_certificate_module.html" /><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
</head>
<body class="wy-body-for-nav"><!-- extra body elements for Ansible beyond RTD Sphinx Theme -->
<div class="DocSite-globalNav ansibleNav">
<ul>
<li><a href="https://www.ansible.com/blog" target="_blank">Blog</a></li>
<li><a href="https://forum.ansible.com/" target="_blank">Ansible community forum</a></li>
<li><a href="https://docs.ansible.com/" target="_blank">Documentation</a></li>
</ul>
</div>
<a class="DocSite-nav" href="https://ansible-collections.github.io/community.crypto/branch/main/" style="padding-bottom: 30px;">
<img class="DocSiteNav-logo"
src="_static/images/Ansible-Mark-RGB_White.png"
alt="Ansible Logo">
<div class="DocSiteNav-title">Community.Crypto Collection Docs</div>
</a>
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="index.html" class="icon icon-home">
Community.Crypto Collection
</a><!--- Based on https://github.com/rtfd/sphinx_rtd_theme/pull/438/files -->
<div class="version">
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
<label class="sr-only" for="q">Search docs:</label>
<input type="text" class="st-default-search-input" id="q" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<ul>
<li class="toctree-l1"><a class="reference internal" href="changelog.html">Community.Crypto Release Notes</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="docsite/guide_selfsigned.html">How to create self-signed certificates</a></li>
<li class="toctree-l1"><a class="reference internal" href="docsite/guide_ownca.html">How to create a small CA</a></li>
</ul>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="acme_account_module.html">community.crypto.acme_account module Create, modify or delete ACME accounts</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_account_info_module.html">community.crypto.acme_account_info module Retrieves information on ACME accounts</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_ari_info_module.html">community.crypto.acme_ari_info module Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_module.html">community.crypto.acme_certificate module Create SSL/TLS certificates with the ACME protocol</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module Deactivate all authz for an ACME v2 order</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_order_create_module.html">community.crypto.acme_certificate_order_create module Create an ACME v2 order</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_order_finalize_module.html">community.crypto.acme_certificate_order_finalize module Finalize an ACME v2 order</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_order_info_module.html">community.crypto.acme_certificate_order_info module Obtain information for an ACME v2 order</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_order_validate_module.html">community.crypto.acme_certificate_order_validate module Validate authorizations of an ACME v2 order</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module Determine whether a certificate should be renewed or not</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module Revoke certificates with the ACME protocol</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module Prepare certificates required for ACME challenges such as <code class="docutils literal notranslate"><span class="pre">tls-alpn-01</span></code></a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_inspect_module.html">community.crypto.acme_inspect module Send direct requests to an ACME server</a></li>
<li class="toctree-l1"><a class="reference internal" href="certificate_complete_chain_module.html">community.crypto.certificate_complete_chain module Complete certificate chain given a set of untrusted and root certificates</a></li>
<li class="toctree-l1"><a class="reference internal" href="crypto_info_module.html">community.crypto.crypto_info module Retrieve cryptographic capabilities</a></li>
<li class="toctree-l1"><a class="reference internal" href="ecs_certificate_module.html">community.crypto.ecs_certificate module Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="ecs_domain_module.html">community.crypto.ecs_domain module Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="get_certificate_module.html">community.crypto.get_certificate module Get a certificate from a host:port</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">community.crypto.luks_device module Manage encrypted (LUKS) devices</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#synopsis">Synopsis</a></li>
<li class="toctree-l2"><a class="reference internal" href="#requirements">Requirements</a></li>
<li class="toctree-l2"><a class="reference internal" href="#parameters">Parameters</a></li>
<li class="toctree-l2"><a class="reference internal" href="#attributes">Attributes</a></li>
<li class="toctree-l2"><a class="reference internal" href="#examples">Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="#return-values">Return Values</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#authors">Authors</a></li>
<li class="toctree-l3"><a class="reference internal" href="#collection-links">Collection links</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="openssh_cert_module.html">community.crypto.openssh_cert module Generate OpenSSH host or user certificates</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_keypair_module.html">community.crypto.openssh_keypair module Generate OpenSSH private and public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_csr_module.html">community.crypto.openssl_csr module Generate OpenSSL Certificate Signing Request (CSR)</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_csr_pipe_module.html">community.crypto.openssl_csr_pipe module Generate OpenSSL Certificate Signing Request (CSR)</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_dhparam_module.html">community.crypto.openssl_dhparam module Generate OpenSSL Diffie-Hellman Parameters</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_pkcs12_module.html">community.crypto.openssl_pkcs12 module Generate OpenSSL PKCS#12 archive</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_privatekey_module.html">community.crypto.openssl_privatekey module Generate OpenSSL private keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_privatekey_convert_module.html">community.crypto.openssl_privatekey_convert module Convert OpenSSL private keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_privatekey_info_module.html">community.crypto.openssl_privatekey_info module Provide information for OpenSSL private keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_privatekey_pipe_module.html">community.crypto.openssl_privatekey_pipe module Generate OpenSSL private keys without disk access</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_publickey_module.html">community.crypto.openssl_publickey module Generate an OpenSSL public key from its private key</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module Provide information for OpenSSL public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_signature_module.html">community.crypto.openssl_signature module Sign data with openssl</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module Verify signatures with openssl</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509_certificate_module.html">community.crypto.x509_certificate module Generate and/or check OpenSSL certificates</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509_certificate_convert_module.html">community.crypto.x509_certificate_convert module Convert X.509 certificates</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509_certificate_info_module.html">community.crypto.x509_certificate_info module Provide information of OpenSSL X.509 certificates</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509_certificate_pipe_module.html">community.crypto.x509_certificate_pipe module Generate and/or check OpenSSL certificates</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509_crl_module.html">community.crypto.x509_crl module Generate Certificate Revocation Lists (CRLs)</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509_crl_info_module.html">community.crypto.x509_crl_info module Retrieve information on Certificate Revocation Lists (CRLs)</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="gpg_fingerprint_filter.html">community.crypto.gpg_fingerprint filter Retrieve a GPG fingerprint from a GPG public or private key</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_csr_info_filter.html">community.crypto.openssl_csr_info filter Retrieve information from OpenSSL Certificate Signing Requests (CSR)</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_privatekey_info_filter.html">community.crypto.openssl_privatekey_info filter Retrieve information from OpenSSL private keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssl_publickey_info_filter.html">community.crypto.openssl_publickey_info filter Retrieve information from OpenSSL public keys in PEM format</a></li>
<li class="toctree-l1"><a class="reference internal" href="parse_serial_filter.html">community.crypto.parse_serial filter Convert a serial number as a colon-separated list of hex numbers to an integer</a></li>
<li class="toctree-l1"><a class="reference internal" href="split_pem_filter.html">community.crypto.split_pem filter Split PEM file contents into multiple objects</a></li>
<li class="toctree-l1"><a class="reference internal" href="to_serial_filter.html">community.crypto.to_serial filter Convert an integer to a colon-separated list of hex numbers</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509_certificate_info_filter.html">community.crypto.x509_certificate_info filter Retrieve information from X.509 certificates in PEM format</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509_crl_info_filter.html">community.crypto.x509_crl_info filter Retrieve information from X.509 CRLs in PEM format</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="gpg_fingerprint_lookup.html">community.crypto.gpg_fingerprint lookup Retrieve a GPG fingerprint from a GPG public or private key file</a></li>
</ul>
<!-- extra nav elements for Ansible beyond RTD Sphinx Theme -->
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="index.html">Community.Crypto Collection</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item active">community.crypto.luks_device module Manage encrypted (LUKS) devices</li>
<li class="wy-breadcrumbs-aside">
<!-- User defined GitHub URL -->
<a href="https://github.com/ansible-collections/community.crypto/edit/main/plugins/modules/luks_device.py?description=%23%23%23%23%23%20SUMMARY%0A%3C!—%20Your%20description%20here%20%3E%0A%0A%0A%23%23%23%23%23%20ISSUE%20TYPE%0A-%20Docs%20Pull%20Request%0A%0A%2Blabel:%20docsite_pr" class="fa fa-github"> Edit on GitHub</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<span class="target" id="ansible-collections-community-crypto-luks-device-module"></span><section id="community-crypto-luks-device-module-manage-encrypted-luks-devices">
<h1>community.crypto.luks_device module Manage encrypted (LUKS) devices<a class="headerlink" href="#community-crypto-luks-device-module-manage-encrypted-luks-devices" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.26.0).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">community.crypto</span></code>.
You need further requirements to be able to use this module,
see <a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-requirements"><span class="std std-ref">Requirements</span></a> for details.</p>
<p>To use it in a playbook, specify: <code class="code docutils literal notranslate"><span class="pre">community.crypto.luks_device</span></code>.</p>
</div>
<nav class="contents local" id="contents">
<ul class="simple">
<li><p><a class="reference internal" href="#synopsis" id="id1">Synopsis</a></p></li>
<li><p><a class="reference internal" href="#requirements" id="id2">Requirements</a></p></li>
<li><p><a class="reference internal" href="#parameters" id="id3">Parameters</a></p></li>
<li><p><a class="reference internal" href="#attributes" id="id4">Attributes</a></p></li>
<li><p><a class="reference internal" href="#examples" id="id5">Examples</a></p></li>
<li><p><a class="reference internal" href="#return-values" id="id6">Return Values</a></p></li>
</ul>
</nav>
<section id="synopsis">
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>Module manages <a class="reference external" href="https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup">LUKS</a> on given device. Supports creating, destroying, opening and closing of LUKS container and adding or removing new keys and passphrases.</p></li>
</ul>
</section>
<section id="requirements">
<span id="ansible-collections-community-crypto-luks-device-module-requirements"></span><h2><a class="toc-backref" href="#id2" role="doc-backlink">Requirements</a><a class="headerlink" href="#requirements" title="Link to this heading"></a></h2>
<p>The below requirements are needed on the host that executes this module.</p>
<ul class="simple">
<li><p>cryptsetup</p></li>
<li><p>wipefs (when <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><span class="std std-ref"><span class="pre">state</span></span></a></strong></code> is <code class="ansible-value docutils literal notranslate"><span class="pre">absent</span></code>)</p></li>
<li><p>lsblk</p></li>
<li><p>blkid (when <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-label"><span class="std std-ref"><span class="pre">label</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-uuid"><span class="std std-ref"><span class="pre">uuid</span></span></a></strong></code> options are used)</p></li>
</ul>
</section>
<section id="parameters">
<h2><a class="toc-backref" href="#id3" role="doc-backlink">Parameters</a><a class="headerlink" href="#parameters" title="Link to this heading"></a></h2>
<table class="longtable ansible-option-table docutils align-default" style="width: 100%">
<thead>
<tr class="row-odd"><th class="head"><p>Parameter</p></th>
<th class="head"><p>Comments</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-allow_discards"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-allow-discards"><strong>allow_discards</strong></p>
<a class="ansibleOptionLink" href="#parameter-allow_discards" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.17.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Allow discards (also known as TRIM) requests for device.</p>
<p>Will only be used when opening containers.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-cipher"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-cipher"><strong>cipher</strong></p>
<a class="ansibleOptionLink" href="#parameter-cipher" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>This option allows the user to define the cipher specification string for the LUKS container.</p>
<p>Will only be used on container creation.</p>
<p>For pre-2.6.10 kernels, use <code class="ansible-value docutils literal notranslate"><span class="pre">aes-plain</span></code> as they do not understand the new cipher spec strings. To use ESSIV, use <code class="ansible-value docutils literal notranslate"><span class="pre">aes-cbc-essiv:sha256</span></code>.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-device"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-device"><strong>device</strong></p>
<a class="ansibleOptionLink" href="#parameter-device" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Device to work with (for example <code class="ansible-value docutils literal notranslate"><span class="pre">/dev/sda1</span></code>). Needed in most cases. Can be omitted only when <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><span class="std std-ref"><span class="pre">state=closed</span></span></a></code> together with <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> is provided.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-force_remove_last_key"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-force-remove-last-key"><strong>force_remove_last_key</strong></p>
<a class="ansibleOptionLink" href="#parameter-force_remove_last_key" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>If set to <code class="ansible-value docutils literal notranslate"><span class="pre">true</span></code>, allows removing the last key from a container.</p>
<p>BEWARE that when the last key has been removed from a container, the container can no longer be opened!</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-hash"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-hash"><strong>hash</strong></p>
<a class="ansibleOptionLink" href="#parameter-hash" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>This option allows the user to specify the hash function used in LUKS key setup scheme and volume key digest.</p>
<p>Will only be used on container creation.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-keyfile"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><strong>keyfile</strong></p>
<a class="ansibleOptionLink" href="#parameter-keyfile" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">path</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Used to unlock the container. Either a <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or a <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> is needed for most of the operations. Parameter value is the path to the keyfile with the passphrase.</p>
<p>BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-keysize"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-keysize"><strong>keysize</strong></p>
<a class="ansibleOptionLink" href="#parameter-keysize" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Sets the key size only if LUKS container does not exist.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-keyslot"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-keyslot"><strong>keyslot</strong></p>
<a class="ansibleOptionLink" href="#parameter-keyslot" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.16.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Adds the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> to a specific keyslot when creating a new container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Parameter value is the number of the keyslot.</p>
<p><strong>Note</strong> that a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks1</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">7</span></code> and a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks2</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">31</span></code>. In order to use the keyslots <code class="ansible-value docutils literal notranslate"><span class="pre">8</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">31</span></code> when creating a new container, setting <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type</span></span></a></strong></code> to <code class="ansible-value docutils literal notranslate"><span class="pre">luks2</span></code> is required.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-label"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-label"><strong>label</strong></p>
<a class="ansibleOptionLink" href="#parameter-label" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>This option allow the user to create a LUKS2 format container with label support, respectively to identify the container by label on later usages.</p>
<p>Will only be used on container creation, or when <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> is not specified.</p>
<p>This cannot be specified if <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type</span></span></a></strong></code> is set to <code class="ansible-value docutils literal notranslate"><span class="pre">luks1</span></code>.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-name"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-name"><strong>name</strong></p>
<a class="ansibleOptionLink" href="#parameter-name" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Sets container name when <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><span class="std std-ref"><span class="pre">state=opened</span></span></a></code>. Can be used instead of <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> when closing the existing container (that is, when <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><span class="std std-ref"><span class="pre">state=closed</span></span></a></code>).</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-new_keyfile"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-new-keyfile"><strong>new_keyfile</strong></p>
<a class="ansibleOptionLink" href="#parameter-new_keyfile" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">path</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Adds additional key to given container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Needs <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> option for authorization. LUKS container supports up to 8 keyslots. Parameter value is the path to the keyfile with the passphrase.</p>
<p>NOTE that adding additional keys is idempotent only since community.crypto 1.4.0. For older versions, a new keyslot will be used even if another keyslot already exists for this keyfile.</p>
<p>BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-new_keyslot"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-new-keyslot"><strong>new_keyslot</strong></p>
<a class="ansibleOptionLink" href="#parameter-new_keyslot" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.16.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Adds the additional <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-keyfile"><span class="std std-ref"><span class="pre">new_keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-passphrase"><span class="std std-ref"><span class="pre">new_passphrase</span></span></a></strong></code> to a specific keyslot on the given <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Parameter value is the number of the keyslot.</p>
<p><strong>Note</strong> that a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks1</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">7</span></code> and a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks2</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">31</span></code>.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-new_passphrase"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-new-passphrase"><strong>new_passphrase</strong></p>
<a class="ansibleOptionLink" href="#parameter-new_passphrase" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Adds additional passphrase to given container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Needs <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> option for authorization. LUKS container supports up to 8 keyslots. Parameter value is a string with the new passphrase.</p>
<p>NOTE that adding additional passphrase is idempotent only since community.crypto 1.4.0. For older versions, a new keyslot will be used even if another keyslot already exists for this passphrase.</p>
<p><strong>Note</strong> that the passphrase must be UTF-8 encoded text. If you want to use arbitrary binary data, or text using another encoding, use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase-encoding"><span class="std std-ref"><span class="pre">passphrase_encoding</span></span></a></strong></code> option and provide the passphrase Base64 encoded.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-passphrase"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><strong>passphrase</strong></p>
<a class="ansibleOptionLink" href="#parameter-passphrase" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Used to unlock the container. Either a <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> or a <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> is needed for most of the operations. Parameter value is a string with the passphrase.</p>
<p><strong>Note</strong> that the passphrase must be UTF-8 encoded text. If you want to use arbitrary binary data, or text using another encoding, use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase-encoding"><span class="std std-ref"><span class="pre">passphrase_encoding</span></span></a></strong></code> option and provide the passphrase Base64 encoded.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-passphrase_encoding"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-passphrase-encoding"><strong>passphrase_encoding</strong></p>
<a class="ansibleOptionLink" href="#parameter-passphrase_encoding" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.23.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Determine how passphrases are provided to parameters such as <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-passphrase"><span class="std std-ref"><span class="pre">new_passphrase</span></span></a></strong></code>, and <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-remove-passphrase"><span class="std std-ref"><span class="pre">remove_passphrase</span></span></a></strong></code>.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;base64&quot;</span></code>:
The passphrase is provided as Base64 encoded bytes.</p>
<p>Use the <a class="reference external" href="https://docs.ansible.com/ansible/devel/collections/ansible/builtin/b64encode_filter.html#ansible-collections-ansible-builtin-b64encode-filter" title="(in Ansible vdevel)"><span class="xref std std-ref">ansible.builtin.b64encode</span></a> filter to Base64-encode binary data.</p>
</li>
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">&quot;text&quot;</span></strong></code> <span class="ansible-option-choices-default-mark">(default)</span>:
The passphrase is provided as UTF-8 encoded text.</p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf"><strong>pbkdf</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.4.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>This option allows the user to configure the Password-Based Key Derivation Function (PBKDF) used.</p>
<p>Will only be used on container creation, and when adding keys to an existing container.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/algorithm"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-algorithm"><strong>algorithm</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/algorithm" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The algorithm to use.</p>
<p>Only available for the LUKS 2 format.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;argon2i&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;argon2id&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;pbkdf2&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/iteration_count"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-count"><strong>iteration_count</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/iteration_count" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Specify the iteration count used for the PBKDF.</p>
<p>Mutually exclusive with <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-time"><span class="std std-ref"><span class="pre">pbkdf.iteration_time</span></span></a></strong></code>.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/iteration_time"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-time"><strong>iteration_time</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/iteration_time" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">float</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Specify the iteration time used for the PBKDF.</p>
<p>Note that this is in <strong>seconds</strong>, not in milliseconds as on the command line.</p>
<p>Mutually exclusive with <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-iteration-count"><span class="std std-ref"><span class="pre">pbkdf.iteration_count</span></span></a></strong></code>.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/memory"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-memory"><strong>memory</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/memory" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The memory cost limit in kilobytes for the PBKDF.</p>
<p>This is not used for PBKDF2, but only for the Argon PBKDFs.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-pbkdf/parallel"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-pbkdf-parallel"><strong>parallel</strong></p>
<a class="ansibleOptionLink" href="#parameter-pbkdf/parallel" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The parallel cost for the PBKDF. This is the number of threads that run in parallel.</p>
<p>This is not used for PBKDF2, but only for the Argon PBKDFs.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-perf_no_read_workqueue"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-perf-no-read-workqueue"><strong>perf_no_read_workqueue</strong></p>
<a class="ansibleOptionLink" href="#parameter-perf_no_read_workqueue" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Allows the user to bypass dm-crypt internal workqueue and process read requests synchronously.</p>
<p>Will only be used when opening containers.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-perf_no_write_workqueue"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-perf-no-write-workqueue"><strong>perf_no_write_workqueue</strong></p>
<a class="ansibleOptionLink" href="#parameter-perf_no_write_workqueue" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Allows the user to bypass dm-crypt internal workqueue and process write requests synchronously.</p>
<p>Will only be used when opening containers.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-perf_same_cpu_crypt"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-perf-same-cpu-crypt"><strong>perf_same_cpu_crypt</strong></p>
<a class="ansibleOptionLink" href="#parameter-perf_same_cpu_crypt" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Allows the user to perform encryption using the same CPU that IO was submitted on.</p>
<p>The default is to use an unbound workqueue so that encryption work is automatically balanced between available CPUs.</p>
<p>Will only be used when opening containers.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-perf_submit_from_crypt_cpus"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-perf-submit-from-crypt-cpus"><strong>perf_submit_from_crypt_cpus</strong></p>
<a class="ansibleOptionLink" href="#parameter-perf_submit_from_crypt_cpus" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Allows the user to disable offloading writes to a separate thread after encryption.</p>
<p>There are some situations where offloading block write IO operations from the encryption threads to a single thread degrades performance significantly.</p>
<p>The default is to offload block write IO operations to the same thread.</p>
<p>Will only be used when opening containers.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-persistent"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-persistent"><strong>persistent</strong></p>
<a class="ansibleOptionLink" href="#parameter-persistent" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.3.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Allows the user to store options into containers metadata persistently and automatically use them next time. Only <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-perf-same-cpu-crypt"><span class="std std-ref"><span class="pre">perf_same_cpu_crypt</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-perf-submit-from-crypt-cpus"><span class="std std-ref"><span class="pre">perf_submit_from_crypt_cpus</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-perf-no-read-workqueue"><span class="std std-ref"><span class="pre">perf_no_read_workqueue</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-perf-no-write-workqueue"><span class="std std-ref"><span class="pre">perf_no_write_workqueue</span></span></a></strong></code>, and <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-allow-discards"><span class="std std-ref"><span class="pre">allow_discards</span></span></a></strong></code> can be stored persistently.</p>
<p>Will only work with LUKS2 containers.</p>
<p>Will only be used when opening containers.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-remove_keyfile"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-remove-keyfile"><strong>remove_keyfile</strong></p>
<a class="ansibleOptionLink" href="#parameter-remove_keyfile" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">path</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Removes given key from the container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Does not remove the keyfile from filesystem. Parameter value is the path to the keyfile with the passphrase.</p>
<p>NOTE that removing keys is idempotent only since community.crypto 1.4.0. For older versions, trying to remove a key which no longer exists results in an error.</p>
<p>NOTE that to remove the last key from a LUKS container, the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-force-remove-last-key"><span class="std std-ref"><span class="pre">force_remove_last_key</span></span></a></strong></code> option must be set to <code class="ansible-value docutils literal notranslate"><span class="pre">true</span></code>.</p>
<p>BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-remove_keyslot"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-remove-keyslot"><strong>remove_keyslot</strong></p>
<a class="ansibleOptionLink" href="#parameter-remove_keyslot" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.16.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Removes the key in the given slot on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Needs <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> for authorization.</p>
<p><strong>Note</strong> that a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks1</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">7</span></code> and a device of <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-type"><span class="std std-ref"><span class="pre">type=luks2</span></span></a></code> supports the keyslot numbers <code class="ansible-value docutils literal notranslate"><span class="pre">0</span></code>-<code class="ansible-value docutils literal notranslate"><span class="pre">31</span></code>.</p>
<p><strong>Note</strong> that the given <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> must not be in the slot to be removed.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-remove_passphrase"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-remove-passphrase"><strong>remove_passphrase</strong></p>
<a class="ansibleOptionLink" href="#parameter-remove_passphrase" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Removes given passphrase from the container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Parameter value is a string with the passphrase to remove.</p>
<p>NOTE that removing passphrases is idempotent only since community.crypto 1.4.0. For older versions, trying to remove a passphrase which no longer exists results in an error.</p>
<p>NOTE that to remove the last keyslot from a LUKS container, the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-force-remove-last-key"><span class="std std-ref"><span class="pre">force_remove_last_key</span></span></a></strong></code> option must be set to <code class="ansible-value docutils literal notranslate"><span class="pre">true</span></code>.</p>
<p><strong>Note</strong> that the passphrase must be UTF-8 encoded text. If you want to use arbitrary binary data, or text using another encoding, use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase-encoding"><span class="std std-ref"><span class="pre">passphrase_encoding</span></span></a></strong></code> option and provide the passphrase Base64 encoded.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-sector_size"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-sector-size"><strong>sector_size</strong></p>
<a class="ansibleOptionLink" href="#parameter-sector_size" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.5.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>This option allows the user to specify the sector size (in bytes) used for LUKS2 containers.</p>
<p>Will only be used on container creation.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-state"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-state"><strong>state</strong></p>
<a class="ansibleOptionLink" href="#parameter-state" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Desired state of the LUKS container. Based on its value creates, destroys, opens or closes the LUKS container on a given device.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">present</span></code> will create LUKS container unless already present. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and either <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> options to be provided.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">absent</span></code> will remove existing LUKS container if it exists. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> to be specified.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">opened</span></code> will unlock the LUKS container. If it does not exist it will be created first. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and either <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> to be specified. Use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> option to set the name of the opened container. Otherwise the name will be generated automatically and returned as a part of the result.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">closed</span></code> will lock the LUKS container. However if the container does not exist it will be created. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and either <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> options to be provided. If container does already exist <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> will suffice.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">&quot;present&quot;</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;absent&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;opened&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;closed&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-type"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-type"><strong>type</strong></p>
<a class="ansibleOptionLink" href="#parameter-type" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>This option allow the user explicit define the format of LUKS container that wants to work with. Options are <code class="ansible-value docutils literal notranslate"><span class="pre">luks1</span></code> or <code class="ansible-value docutils literal notranslate"><span class="pre">luks2</span></code>.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;luks1&quot;</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">&quot;luks2&quot;</span></code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-uuid"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-parameter-uuid"><strong>uuid</strong></p>
<a class="ansibleOptionLink" href="#parameter-uuid" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 1.0.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>With this option user can identify the LUKS container by UUID.</p>
<p>Will only be used when <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-label"><span class="std std-ref"><span class="pre">label</span></span></a></strong></code> are not specified.</p>
</div></td>
</tr>
</tbody>
</table>
</section>
<section id="attributes">
<h2><a class="toc-backref" href="#id4" role="doc-backlink">Attributes</a><a class="headerlink" href="#attributes" title="Link to this heading"></a></h2>
<table class="longtable ansible-option-table docutils align-default" style="width: 100%">
<thead>
<tr class="row-odd"><th class="head"><p>Attribute</p></th>
<th class="head"><p>Support</p></th>
<th class="head"><p>Description</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="attribute-check_mode"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-attribute-check-mode"><strong>check_mode</strong></p>
<a class="ansibleOptionLink" href="#attribute-check_mode" title="Permalink to this attribute"></a></div></td>
<td><div class="ansible-option-cell"><p><strong class="ansible-attribute-support-label">Support: </strong><strong class="ansible-attribute-support-full">full</strong></p>
</div></td>
<td><div class="ansible-option-cell"><p>Can run in <code class="docutils literal notranslate"><span class="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="attribute-diff_mode"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-attribute-diff-mode"><strong>diff_mode</strong></p>
<a class="ansibleOptionLink" href="#attribute-diff_mode" title="Permalink to this attribute"></a></div></td>
<td><div class="ansible-option-cell"><p><strong class="ansible-attribute-support-label">Support: </strong><strong class="ansible-attribute-support-none">none</strong></p>
</div></td>
<td><div class="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <code class="docutils literal notranslate"><span class="pre">check_mode</span></code>), when in diff mode.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="attribute-idempotent"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-attribute-idempotent"><strong>idempotent</strong></p>
<a class="ansibleOptionLink" href="#attribute-idempotent" title="Permalink to this attribute"></a></div></td>
<td><div class="ansible-option-cell"><p><strong class="ansible-attribute-support-label">Support: </strong><strong class="ansible-attribute-support-full">full</strong></p>
</div></td>
<td><div class="ansible-option-cell"><p>When run twice in a row outside check mode, with the same arguments, the second invocation indicates no change.</p>
<p>This assumes that the system controlled/queried by the module has not changed in a relevant way.</p>
</div></td>
</tr>
</tbody>
</table>
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id5" role="doc-backlink">Examples</a><a class="headerlink" href="#examples" title="Link to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LUKS container (remains unchanged if it already exists)</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LUKS container with a passphrase</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create LUKS container with specific encryption</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">cipher</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;aes&quot;</span>
<span class="w"> </span><span class="nt">hash</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;sha256&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">(Create and) open the LUKS container; name it &quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;opened&quot;</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Close the existing LUKS container &quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;closed&quot;</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Make sure LUKS container exists and is closed</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;closed&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create container if it does not exist and add new key to it</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile2&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Add new key to the LUKS container (container has to exist)</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile2&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Add new passphrase to the LUKS container</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove existing keyfile from the LUKS container</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">remove_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile2&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove existing passphrase from the LUKS container</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">remove_passphrase</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;foo&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Completely remove the LUKS container and its contents</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;absent&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a container with label</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">label</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">personalLabelName</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Open the LUKS container based on label without device; name it &quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">label</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;personalLabelName&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;opened&quot;</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Close container based on UUID</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">uuid</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">03ecd578-fad4-4e6c-9348-842e3e8fa340</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;closed&quot;</span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;mycrypt&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a container using luks2 format</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">luks2</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create a container with key in slot 4</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;present&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">keyslot</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">4</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Add a new key in slot 5</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_keyslot</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">5</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove the key from slot 4 (given keyfile must not be slot 4)</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/dev/loop0&quot;</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">remove_keyslot</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">4</span>
</pre></div>
</div>
</section>
<section id="return-values">
<h2><a class="toc-backref" href="#id6" role="doc-backlink">Return Values</a><a class="headerlink" href="#return-values" title="Link to this heading"></a></h2>
<p>Common return values are documented <a class="reference external" href="https://docs.ansible.com/ansible/devel/reference_appendices/common_return_values.html#common-return-values" title="(in Ansible vdevel)"><span class="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<table class="longtable ansible-option-table docutils align-default" style="width: 100%">
<thead>
<tr class="row-odd"><th class="head"><p>Key</p></th>
<th class="head"><p>Description</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-name"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-luks-device-module-return-name"><strong>name</strong></p>
<a class="ansibleOptionLink" href="#return-name" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>When <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><span class="std std-ref"><span class="pre">state=opened</span></span></a></code> returns (generated or given) name of LUKS container. Returns None if no name is supplied.</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> success</p>
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">&quot;luks-c1da9a58-2fde-4256-9d9f-6ab008b4dd1b&quot;</span></code></p>
</div></td>
</tr>
</tbody>
</table>
<section id="authors">
<h3>Authors<a class="headerlink" href="#authors" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p>Jan Pokorny (&#64;japokorn)</p></li>
</ul>
</section>
<section id="collection-links">
<h3>Collection links<a class="headerlink" href="#collection-links" title="Link to this heading"></a></h3>
<ul class="ansible-links">
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/ansible-collections/community.crypto/issues" rel="noopener external" target="_blank">Issue Tracker</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/ansible-collections/community.crypto" rel="noopener external" target="_blank">Repository (Sources)</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://forum.ansible.com/tags/c/help/6/none/crypto" rel="noopener external" target="_blank">Ask for help (crypto)</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://forum.ansible.com/tags/c/help/6/none/acme" rel="noopener external" target="_blank">Ask for help (ACME)</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&amp;labels=&amp;template=bug_report.md" rel="noopener external" target="_blank">Submit a bug report</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&amp;labels=&amp;template=feature_request.md" rel="noopener external" target="_blank">Request a feature</a></span></li>
<li><span><a class="reference internal" href="index.html#communication-for-community-crypto"><span class="std std-ref">Communication</span></a></span></li>
</ul>
</section>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="get_certificate_module.html" class="btn btn-neutral float-left" title="community.crypto.get_certificate module Get a certificate from a host:port" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="openssh_cert_module.html" class="btn btn-neutral float-right" title="community.crypto.openssh_cert module Generate OpenSSH host or user certificates" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>&#169; Copyright Community.Crypto Contributors.</p>
</div>
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script><!-- extra footer elements for Ansible beyond RTD Sphinx Theme -->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink