add LUKS encryption

roles/server_iso/README.md

@@ -15,6 +15,7 @@ Create an Oracle Linux 9 ISO for automatic server installation.
 |netmask |str | no |  | IPv4 subnet mask. This will only be used when ansible_host is a IP address. |
 |ssh_keys |list[str] | no |  | List of ssh public keys that will be added to .ssh/authorized_keys |
 |iso_path |str | yes |  | Storage location for the created ISO |
+|luks_password |str | yes |  | Password for disk encryption. Consider password change after first boot. |
 <!-- END Argument Specs -->
 
 ## Example Playbook
@@ -24,6 +25,7 @@ Create an Oracle Linux 9 ISO for automatic server installation.
   gather_facts: false
   vars:
     iso_path: "~/Downloads/OEL_{{ inventory_hostname }}.iso"
+    luks_password: Password1
     ssh_keys:
       - "ssh-rsa 8J+OtU5ldmVyIGdvbm5hIGdpdmUgeW91IHVw8J+Otg== UmljayDwn5W6@IPCfp7sg"
   roles:

roles/server_iso/meta/argument_specs.yml

@@ -55,3 +55,8 @@ argument_specs:
         required: true
         description: "Storage location for the created ISO"
         type: "str"
+
+      luks_password:
+        required: true
+        description: "Password for disk encryption. Consider password change after first boot."
+        type: "str"

roles/server_iso/templates/kickstart.ks.j2

@@ -73,7 +73,7 @@ ignoredisk --only-use=sda
 # Partition clearing information
 clearpart --all --initlabel
 # Disk partitioning information
-part pv.116 --fstype="lvmpv" --ondisk=sda --grow --size=25600
+part pv.116 --fstype="lvmpv" --ondisk=sda --grow --size=25600 --encrypted --cipher=aes-xts-plain64 --passphrase={{ luks_password }}
 part /boot --fstype="xfs" --ondisk=sda --size=1024
 volgroup ol --pesize=4096 pv.116
 logvol /var/log --fstype="xfs" --size=2048 --name=var_log --vgname=ol