salt.states.cryptdev module

Opening of Encrypted Devices

Ensure that an encrypted device is mapped with the mapped function:

mappedname:
  cryptdev.mapped:
    - device: /dev/sdb1
    - keyfile: /etc/keyfile.key
    - opts:
      - size=256

swap:
  crypted.mapped:
    - device: /dev/sdx4
    - keyfile: /dev/urandom
    - opts: swap,cipher=aes-cbc-essiv:sha256,size=256

mappedbyuuid:
  crypted.mapped:
    - device: UUID=066e0200-2867-4ebe-b9e6-f30026ca2314
    - keyfile: /etc/keyfile.key
    - config: /etc/alternate-crypttab

New in version 2018.3.0.

salt.states.cryptdev.mapped(name, device, keyfile=None, opts=None, config='/etc/crypttab', persist=True, immediate=False, match_on='name')

Verify that a device is mapped

name

The name under which the device is to be mapped

device

The device name, typically the device node, such as /dev/sdb1 or UUID=066e0200-2867-4ebe-b9e6-f30026ca2314.

keyfile

Either None if the password is to be entered manually on boot, or an absolute path to a keyfile. If the password is to be asked interactively, the mapping cannot be performed with immediate=True.

opts

A list object of options or a comma delimited list

config

Set an alternative location for the crypttab, if the map is persistent, Default is /etc/crypttab

persist

Set if the map should be saved in the crypttab, Default is True

immediate

Set if the device mapping should be executed immediately. Requires that the keyfile not be None, because the password cannot be asked interactively. Note that options are not passed through on the initial mapping. Default is False.

match_on

A name or list of crypttab properties on which this state should be applied. Default is name, meaning that the line is matched only by the name parameter. If the desired configuration requires two devices mapped to the same name, supply a list of parameters to match on.

salt.states.cryptdev.unmapped(name, config='/etc/crypttab', persist=True, immediate=False)

Ensure that a device is unmapped

name

The name to ensure is not mapped

config

Set an alternative location for the crypttab, if the map is persistent, Default is /etc/crypttab

persist

Set if the map should be removed from the crypttab. Default is True

immediate

Set if the device should be unmapped immediately. Default is False.