fwiw, I also tried setting this up using Ansible, just to minimize copy-paste errors (but of course that didn't work either):
Code:
- name: Setup LUKS hosts: proxmox become: true vars: disks: - id: ata-WDC_WD40EFPX-68C6CN0_WD-WX72AC2JKNHD name: disk1 - id: ata-WDC_WD40EFPX-68C6CN0_WD-WX62AC2DD7SJ name: disk2 - id: ata-WDC_WD40EFPX-68C6CN0_WD-WX52AC247KF6 name: disk3 - id: ata-WDC_WD40EFPX-68C6CN0_WD-WX62AC2DD529 name: parity tasks: - name: Install dependencies ansible.builtin.package: name: - parted state: present - name: Set device paths ansible.builtin.set_fact: device_paths: "{{ device_paths | default({}) | combine({item.0.id: item.1.key}) }}" loop: "{{ disks | product(ansible_devices | dict2items) | list }}" when: "item.1.value.links.ids is defined and item.0.id in item.1.value.links.ids" no_log: true - name: Create a partition community.general.parted: device: "/dev/{{ item.value }}" number: 1 label: gpt state: present loop: "{{ device_paths | dict2items }}" - name: Create keyfile ansible.builtin.script: ./luks.sh {{ item.name }} loop: "{{ disks }}" - name: Create LUKS container if it does not exist and add new key to it community.crypto.luks_device: device: "/dev/{{ device_paths[item.id] }}1" type: "luks2" name: "{{ item.name }}" label: "{{ item.name }}" passphrase: "{{secret_passphrase}}" new_keyfile: "/srv/keys/{{ item.name }}.luks" state: "opened" loop: "{{ disks }}" - name: Format partitions with EXT4 community.general.filesystem: fstype: ext4 dev: "/dev/{{ device_paths[item.id] }}1" loop: "{{ disks }}" - name: Gather device UUIDs ansible.builtin.set_fact: device_uuids: "{{ device_uuids | default({}) | combine({item.0.id: item.1.value.partitions[device + '1'].uuid}) }}" vars: device: "{{ device_paths[item.0.id] }}" loop: "{{ disks | product(ansible_devices | dict2items) | list }}" when: item.1.key == device no_log: true - name: Add LUKS container to crypttab community.general.crypttab: backing_device: "UUID={{ device_uuids[item.id] }}" name: "{{ item.name }}" password: "/srv/keys/{{ item.name }}.luks" state: present opts: luks loop: "{{ disks }}" - name: Add entries to /etc/fstab ansible.posix.mount: src: "/dev/mapper/{{ item.name }}" path: "/mnt/{{ item.name }}" fstype: ext4 opts: defaults state: mounted loop: "{{ disks }}"Statistics: Posted by BeyondEvil — 2024-07-23 12:36 — Replies 2 — Views 66