??????????????
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 173
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 174
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 175
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 176
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 177
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 178
�ó
ßUdac������������@`��s$���d��d��l��m��Z��m��Z��m��Z���e��Z��i��d��d��6d��g��d��6d��d��6Z��d��Z��d �Z��d
�Z �d��d��l
�Z
�d��d��l��Z��d��d��l��Z��d��d��l
�m��Z���d��Z��d
�Z��d��Z��e��j��d��ƒ��Z��e��j��d��ƒ��Z��d��e��f��d��„��ƒ��YZ��d��e��f��d��„��ƒ��YZ��d��e��f��d��„��ƒ��YZ��d��„��Z��d��„��Z��e��d��k��r �e��ƒ���n��d��S(����i����(����t����absolute_importt����divisiont����print_functions����1.1t����metadata_versiont����previewt����statust ���communityt����supported_bys����
---
module: luks_device
short_description: Manage encrypted (LUKS) devices
version_added: "2.8"
description:
- "Module manages L(LUKS,https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup)
on given device. Supports creating, destroying, opening and closing of
LUKS container and adding or removing new keys."
options:
device:
description:
- "Device to work with (e.g. C(/dev/sda1)). Needed in most cases.
Can be omitted only when I(state=closed) together with I(name)
is provided."
type: str
state:
description:
- "Desired state of the LUKS container. Based on its value creates,
destroys, opens or closes the LUKS container on a given device."
- "I(present) will create LUKS container unless already present.
Requires I(device) and I(keyfile) options to be provided."
- "I(absent) will remove existing LUKS container if it exists.
Requires I(device) or I(name) to be specified."
- "I(opened) will unlock the LUKS container. If it does not exist
it will be created first.
Requires I(device) and I(keyfile) to be specified. Use
the I(name) option to set the name of the opened container.
Otherwise the name will be generated automatically and returned
as a part of the result."
- "I(closed) will lock the LUKS container. However if the container
does not exist it will be created.
Requires I(device) and I(keyfile) options to be provided. If
container does already exist I(device) or I(name) will suffice."
type: str
default: present
choices: [present, absent, opened, closed]
name:
description:
- "Sets container name when I(state=opened). Can be used
instead of I(device) when closing the existing container
(i.e. when I(state=closed))."
type: str
keyfile:
description:
- "Used to unlock the container and needed for most
of the operations. Parameter value is the path
to the keyfile with the passphrase."
- "BEWARE that working with keyfiles in plaintext is dangerous.
Make sure that they are protected."
type: path
new_keyfile:
description:
- "Adds additional key to given container on I(device).
Needs I(keyfile) option for authorization. LUKS container
supports up to 8 keys. Parameter value is the path
to the keyfile with the passphrase."
- "NOTE that adding additional keys is I(not idempotent).
A new keyslot will be used even if another keyslot already
exists for this keyfile."
- "BEWARE that working with keyfiles in plaintext is dangerous.
Make sure that they are protected."
type: path
remove_keyfile:
description:
- "Removes given key from the container on I(device). Does not
remove the keyfile from filesystem.
Parameter value is the path to the keyfile with the passphrase."
- "NOTE that removing keys is I(not idempotent). Trying to remove
a key which no longer exists results in an error."
- "NOTE that to remove the last key from a LUKS container, the
I(force_remove_last_key) option must be set to C(yes)."
- "BEWARE that working with keyfiles in plaintext is dangerous.
Make sure that they are protected."
type: path
force_remove_last_key:
description:
- "If set to C(yes), allows removing the last key from a container."
- "BEWARE that when the last key has been removed from a container,
the container can no longer be opened!"
type: bool
default: no
requirements:
- "cryptsetup"
- "wipefs"
- "lsblk"
author:
"Jan Pokorny (@japokorn)"
s¾���
- name: create LUKS container (remains unchanged if it already exists)
luks_device:
device: "/dev/loop0"
state: "present"
keyfile: "/vault/keyfile"
- name: (create and) open the LUKS container; name it "mycrypt"
luks_device:
device: "/dev/loop0"
state: "opened"
name: "mycrypt"
keyfile: "/vault/keyfile"
- name: close the existing LUKS container "mycrypt"
luks_device:
state: "closed"
name: "mycrypt"
- name: make sure LUKS container exists and is closed
luks_device:
device: "/dev/loop0"
state: "closed"
keyfile: "/vault/keyfile"
- name: create container if it does not exist and add new key to it
luks_device:
device: "/dev/loop0"
state: "present"
keyfile: "/vault/keyfile"
new_keyfile: "/vault/keyfile2"
- name: add new key to the LUKS container (container has to exist)
luks_device:
device: "/dev/loop0"
keyfile: "/vault/keyfile"
new_keyfile: "/vault/keyfile2"
- name: remove existing key from the LUKS container
luks_device:
device: "/dev/loop0"
remove_keyfile: "/vault/keyfile2"
- name: completely remove the LUKS container and its contents
luks_device:
device: "/dev/loop0"
state: "absent"
s�
name:
description:
When I(state=opened) returns (generated or given) name
of LUKS container. Returns None if no name is supplied.
returned: success
type: str
sample: "luks-c1da9a58-2fde-4256-9d9f-6ab008b4dd1b"
N(����t
���AnsibleModulei����i����s����\s*crypt\s+([^\s]*)\s*s����\s*device:\s+([^\s]*)\s*t����Handlerc������������B`��s#���e��Z��d��„��Z��d��„��Z��d��„��Z��RS(����c������������C`��s%���|��|��_��|��j��j��d��t��ƒ��|��_��d��S(����Nt����lsblk(����t����_modulet����get_bin_patht����Truet
���_lsblk_bin(����t����selft����module(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����__init__¼���s������ �c������������C`��s����|��j��j��|��ƒ��S(����N(����R����t����run_command(����R����t����command(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����_run_commandÀ���s������c������������C`��sf���|��j��|��j��d��|��d��d��g��ƒ��}��|��t���d��k��rN�t��d��|��|��t���f���ƒ��‚��n��|��t���j��ƒ��}��d��|���S(����s‚��� Generate name for luks based on device UUID ('luks-').
Raises ValueError when obtaining of UUID fails.
s����-ns����-ot����UUIDi����s+���Error while generating LUKS name for %s: %ss����luks-%s(����R����R����t����RETURN_CODEt
���ValueErrort����STDERRt����STDOUTt����strip(����R����t����devicet����resultt����dev_uuid(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����generate_luks_name���s������!���������(����t����__name__t
���__module__R����R����R����(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyR ���º���s������ � �t����CryptHandlerc������������B`��se���e��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �d��„��Z
�e��d �„��Z��RS(
���c������������C`��s2���t��t��|��ƒ��j��|��ƒ���|��j��j��d��t��ƒ��|��_��d��S(����Nt
���cryptsetup(����t����superR!���R����R����R����R
���t����_cryptsetup_bin(����R����R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyR����Ò���s��������c������������C`��s���|��j��|��j��|��d��d��g��ƒ��}��|��t���d��k��rK�t��d��|��|��t���f���ƒ��‚��n��t��j��|��t���ƒ��}��y��|��j��d��ƒ��}��Wn���t �k
�rŠ����d��}��n��X|��S(����s¥��� obtain LUKS container name based on the device where it is located
return None if not found
raise ValueError if lsblk command fails
s����-nlos ���type,namei����s*���Error while obtaining LUKS name for %s: %si����N(����R����R����R����R����R����t����LUKS_NAME_REGEXt����searchR����t����groupt����AttributeErrort����None(����R����R����R����t����mt����name(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����get_container_name_by_device���s��������������������
�
�c������������C`��sU���|��j��|��j��d��|��g��ƒ��}��|��t���d��k��r/�d��St��j��|��t���ƒ��}��|��j��d��ƒ��}��|��S(����s–��� obtain device name based on the LUKS container name
return None if not found
raise ValueError if lsblk command fails
R����i����i����N(����R����R$���R����R)���t����LUKS_DEVICE_REGEXR&���R����R'���(����R����R+���R����R*���R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����get_container_device_by_nameè���s����������������c������������C`��s)���|��j��|��j��d��|��g��ƒ��}��|��t���d��k��S(����s0��� check if the LUKS container does exist
t����isLuksi����(����R����R$���R����(����R����R����R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����is_luksö���s��������c������������C`��sR���|��j��|��j��d��d��|��|��g��ƒ��}��|��t���d��k��rN�t��d��|��|��t���f���ƒ��‚��n��d��S(����Nt
���luksFormats����-qi����s#���Error while creating LUKS on %s: %s(����R����R$���R����R����R����(����R����R����t����keyfileR����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����run_luks_createü���s
�������������c�������� ���C`��s[���|��j��|��j��d��|��d��d��d��|��|��g��ƒ��}��|��t���d��k��rW�t��d��|��|��t���f���ƒ��‚��n��d��S(����Ns
���--key-filet����opens����--typet����luksi����s,���Error while opening LUKS container on %s: %s(����R����R$���R����R����R����(����R����R����R2���R+���R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt
���run_luks_open����s
�������������c������������C`��sB���|��j��|��j��d��|��g��ƒ��}��|��t���d��k��r>�t��d��|���ƒ��‚��n��d��S(����Nt����closei����s%���Error while closing LUKS container %s(����R����R$���R����R����(����R����R+���R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����run_luks_close����s����������c������������C`��s‰���|��j��j��d��t��ƒ��}��|��j��|��ƒ��}��|��d��k �r@�|��j��|��ƒ���n��|��j��|��d��|��g��ƒ��}��|��t���d��k��r…�t��d��|��|��t ��f���ƒ��‚��n��d��S(����Nt����wipefss����--alli����s(���Error while wiping luks container %s: %s(
���R����R����R
���R,���R)���R8���R����R����R����R����(����R����R����t
���wipefs_binR+���R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����run_luks_remove����s��������������������c������������C`��sU���|��j��|��j��d��|��|��d��|��g��ƒ��}��|��t���d��k��rQ�t��d��|��|��t���f���ƒ��‚��n��d��S(����s}��� Add new key to given 'device'; authentication done using 'keyfile'
Raises ValueError when command fails
t
���luksAddKeys
���--key-filei����s)���Error while adding new LUKS key to %s: %sN(����R����R$���R����R����R����(����R����R����R2���t����new_keyfileR����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����run_luks_add_key����s
�������������c���� �������C`��s|���|��s'�|��j��|��j��d��|��g��ƒ��}��|��t���d��k��rG�t��d��|��f���ƒ��‚��n��d��}��t��}��t��j��d��ƒ��}��x™�|��t���j��ƒ��D]‡�}��|��j �d��ƒ��r‘�t
�}��qs�|��j �d��ƒ��rÆ�|��rú�|��d���d��k��rú�|��d �7}��qú�qs�|��j �d
�ƒ��rØ�qs�|��j��|��ƒ��rô�|��d �7}��qs�t��}��qs�W|��d��k��r'�|��j��j
�d��d��|���ƒ���q'�n��|��j��|��j��d
�|��d��d��|��g��ƒ��}��|��t���d��k��rx�t��d��|��|��t���f���ƒ��‚��n��d��S(����sW��� Remove key from given device
Raises ValueError when command fails
t����luksDumpi����s'���Error while dumping LUKS header from %ss����^Key Slot [0-9]+: ENABLEDs ���Keyslots:s���� i����t
���0123456789i����s���� t����msgsz���LUKS device %s has less than two active keyslots. To be able to remove a key, please set `force_remove_last_key` to `yes`.t
���luksRemoveKeys����-qs
���--key-files)���Error while removing LUKS key from %s: %sN(����R����R$���R����R����t����Falset����ret����compileR����t
���splitlinest
���startswithR
���t����matchR����t ���fail_jsonR����( ���R����R����R2���t����force_remove_last_keyR����t
���keyslot_countt����keyslot_areat
���keyslot_ret����line(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����run_luks_remove_key%���s6������������������������� �������������
�
���������������(
���R����R ���R����R,���R.���R0���R3���R6���R8���R;���R>���RC���RO���(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyR!������s������ � � � � � � � �
t����ConditionsHandlerc������������B`��sP���e��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z �RS(����c������������C`��s#���t��t��|��ƒ��j��|��ƒ���|��|��_��d��S(����N(����R#���RP���R����t
���_crypthandler(����R����R����t����crypthandler(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyR����P���s��������c������������C`��s]���|��j��j��d���d��k �o\�|��j��j��d���d��k �o\�|��j��j��d���d��k��o\�|��j��j��|��j��j��d���ƒ���S(����NR����R2���t����statet����presentt����openedt����closed(����RT���RU���s����closed(����R����t����paramsR)���RQ���R0���(����R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����luks_createT���s����������
��� �c������������C`��s”���|��j��j��d���d��k��r��d��S|��j��j��|��j��j��d���ƒ��}��|��d��k��rF�d��S|��j��j��d���d��k��r`�|��S|��|��j��j��d���k��r�|��j��j��d��d��|���ƒ���n��|��S(����s·��� If luks is already opened, return its name.
If 'name' parameter is specified and differs
from obtained value, fail.
Return None otherwise
RS���RU���R����R+���RA���s;���LUKS container is already opened under different name '%s'.N(����R����RW���R)���RQ���R,���RI���(����R����R+���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����opened_luks_name\���s���������� �����������������c������������C`��sf���|��j��j��d���d��k��sB�|��j��j��d���d��k��sB�|��j��j��d���d��k��rF�t��S|��j��ƒ��}��|��d��k��rb�t��St��S(����NR����R2���RS���RU���(����R����RW���R)���RC���RY���R
���(����R����R+���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt ���luks_openz���s��������������������c������������C`��sÌ���|��j��j��d���d��k��r,�|��j��j��d���d��k��sB�|��j��j��d���d��k��rF�t��S|��j��j��d���d��k �r‡�|��j��j��|��j��j��d���ƒ��}��|��d��k �}��n��|��j��j��d���d��k �rÈ�|��j��j��|��j��j��d���ƒ��}��|��d��k �}��n��|��S(����NR+���R����RS���RV���(����R����RW���R)���RC���RQ���R,���R.���(����R����R+���t����luks_is_openR����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt
���luks_close‡���s���������������� ������� �����c������������C`��sv���|��j��j��d���d��k��sB�|��j��j��d���d��k��sB�|��j��j��d���d��k��rF�t��S|��j��j��d���d��k��rr�|��j��j��d��d��ƒ���n��t��S(����NR����R2���R=���RS���t����absentRA���s;���Contradiction in setup: Asking to add a key to absent LUKS.(����R����RW���R)���RC���RI���R
���(����R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����luks_add_keyœ���s������������������c������������C`��s`���|��j��j��d���d��k��s,�|��j��j��d���d��k��r0�t��S|��j��j��d���d��k��r\�|��j��j��d��d��ƒ���n��t��S(����NR����t����remove_keyfileRS���R]���RA���s@���Contradiction in setup: Asking to remove a key from absent LUKS.(����R����RW���R)���RC���RI���R
���(����R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����luks_remove_key©���s����������������c������������C`��sF���|��j��j��d���d��k �oE�|��j��j��d���d��k��oE�|��j��j��|��j��j��d���ƒ��S(����NR����RS���R]���(����R����RW���R)���RQ���R0���(����R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����luks_removeµ���s����������(
���R����R ���R����RX���RY���RZ���R\���R^���R`���Ra���(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyRP���N���s������ � � �
�
�c���� �������C`��s»���t��d��t��d��d��d��d��d��d��d��d��d �g��ƒ��d
�t��d��d��ƒ��d��t��d��d��ƒ��d��t��d��d
�ƒ��d��t��d��d
�ƒ��d��t��d��d
�ƒ��d��t��d��d��d��t��ƒ��ƒ��}��t��d��t��d��d��ƒ��}��t��d��|��d��t��ƒ��}��|��j��d
��d��k �r^�yb�t��j��|��j��d
��ƒ��}��|��j��}��t��j �|��ƒ���r.�t��j
�|��ƒ���r.�t��d��j��|��j��d
��ƒ��ƒ��‚��n��Wq^��t��k
�rZ��}���|��j
�d��t��|��ƒ��ƒ���q^�Xn��t��|��ƒ��}��t��|��|��ƒ��}��|��j��ƒ��r��|��j��sÝ�y"�|��j��|��j��d
��|��j��d���ƒ���WqÝ��t��k
�r��}���|��j
�d��d��|���ƒ���qÝ�Xn��t��|��d��<|��j��r��|��j��|�����q��n��|��j��ƒ��}��|��d��k �r(�|��|��d�����R`���RO���Ra���R;���( ���t����module_argsR����R����t����statinfot����modet����et����cryptt
���conditionsR+���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt
���run_module»���sÌ�������'����������������� ��� ������� � �#����������� �����������
� �������
���
����������� �����
�������
�
� �����������������
� ���������
� ����� �����
�������
� ����� �����
�������
� ����� ���������
� ���c������������C`��s����t��ƒ���d��S(����N(����R{���(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt����main@���s������t����__main__(����t
���__future__R����R����R����Rb���t
���__metaclass__t����ANSIBLE_METADATAt
���DOCUMENTATIONt����EXAMPLESt����RETURNRl���RD���Rm���t����ansible.module_utils.basicR����R����R����R����RE���R%���R-���t����objectR ���R!���RP���R{���R|���R����(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/luks_device.pyt��������s.�������
�
�
`�2�
�����������������������~�m … ���