2acfa0e08c
* Elevate privileges for luks_device integration tests Several tests in `key-management.yml` don't `become` before executing, despite needing elevated privileges. This commit fixes that. * Add passphrase support for luks_device Previously, the luks_device module only worked with keyfiles. The implication was that the key had to be written to disk before the module could be used. This commit implements support for opening, adding and removing passphrases supplied as strings to the module. Closes #52408
36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
---
|
|
- name: Make sure cryptsetup is installed
|
|
package:
|
|
name: cryptsetup
|
|
state: present
|
|
become: yes
|
|
- name: Create cryptfile
|
|
command: dd if=/dev/zero of={{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
|
|
- name: Create lookback device
|
|
command: losetup -f {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile
|
|
become: yes
|
|
- name: Determine loop device name
|
|
command: losetup -j {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile --output name
|
|
become: yes
|
|
register: cryptfile_device_output
|
|
- set_fact:
|
|
cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
|
|
cryptfile_passphrase1: "uNiJ9vKG2mUOEWDiQVuBHJlfMHE"
|
|
cryptfile_passphrase2: "HW4Ak2HtE2vvne0qjJMPTtmbV4M"
|
|
cryptfile_passphrase3: "qQJqsjabO9pItV792k90VvX84MM"
|
|
- block:
|
|
- include_tasks: run-test.yml
|
|
with_fileglob:
|
|
- "tests/*.yml"
|
|
always:
|
|
- name: Make sure LUKS device is gone
|
|
luks_device:
|
|
device: "{{ cryptfile_device }}"
|
|
state: absent
|
|
become: yes
|
|
ignore_errors: yes
|
|
- command: losetup -d "{{ cryptfile_device }}"
|
|
become: yes
|
|
- file:
|
|
dest: "{{ output_dir }}/cryptfile"
|
|
state: absent
|