ansible/test/integration/targets/luks_device/tasks/main.yml
Hans Jerry Illikainen 2acfa0e08c Add passphrase support for luks_device (#65050)
* Elevate privileges for luks_device integration tests

Several tests in `key-management.yml` don't `become` before executing,
despite needing elevated privileges.  This commit fixes that.

* Add passphrase support for luks_device

Previously, the luks_device module only worked with keyfiles.  The
implication was that the key had to be written to disk before the module
could be used.

This commit implements support for opening, adding and removing
passphrases supplied as strings to the module.

Closes #52408
2019-11-30 20:50:30 +01:00

36 lines
1.1 KiB
YAML

---
- name: Make sure cryptsetup is installed
package:
name: cryptsetup
state: present
become: yes
- name: Create cryptfile
command: dd if=/dev/zero of={{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
- name: Create lookback device
command: losetup -f {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile
become: yes
- name: Determine loop device name
command: losetup -j {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile --output name
become: yes
register: cryptfile_device_output
- set_fact:
cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
cryptfile_passphrase1: "uNiJ9vKG2mUOEWDiQVuBHJlfMHE"
cryptfile_passphrase2: "HW4Ak2HtE2vvne0qjJMPTtmbV4M"
cryptfile_passphrase3: "qQJqsjabO9pItV792k90VvX84MM"
- block:
- include_tasks: run-test.yml
with_fileglob:
- "tests/*.yml"
always:
- name: Make sure LUKS device is gone
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
ignore_errors: yes
- command: losetup -d "{{ cryptfile_device }}"
become: yes
- file:
dest: "{{ output_dir }}/cryptfile"
state: absent