59 lines
1.8 KiB
Markdown
59 lines
1.8 KiB
Markdown
# remote_unlock Role
|
|
Login to initial ram filesystem via SSH and unlock encrypted disks.
|
|
Proceed boot after unlock.
|
|
|
|
With alternative entry point 'prepare' that system gets setup for this task.
|
|
|
|
## Variables
|
|
<!-- BEGIN Argument Specs -->
|
|
|Name |Type |Requiered |Default |Description |
|
|
|------|------|-----------|--------|-------------|
|
|
|unlock_port |int | no | 222 | TCP/IP port of the initial ram filesystem SSH daemon |
|
|
|luks_passphrase |str | yes | | Passphrase to unlock encrypted LUKS disks |
|
|
|
|
### Alternative Entry Point 'prepare'
|
|
|
|
Install all dependencies and build a initial ram filesystem that runs a SSH daemon.
|
|
SSH will that be available to unlock LUKS encrypted disks from remote.
|
|
|
|
|Name |Type |Requiered |Default |Description |
|
|
|------|------|-----------|--------|-------------|
|
|
|unlock_port |int | no | 222 | TCP/IP port of the initial ram filesystem SSH daemon |
|
|
|ssh_keys |list[str] | yes | | List of ssh public keys that will be added to .ssh/authorized_keys |
|
|
<!-- END Argument Specs -->
|
|
|
|
## Example
|
|
```yaml
|
|
---
|
|
- name: Remote Unlock Test
|
|
hosts: all
|
|
vars:
|
|
unlock_port: 2224
|
|
luks_passphrase: '123456'
|
|
ssh_keys:
|
|
- "ssh-rsa 8J+OtU5ldmVyIGdvbm5hIGdpdmUgeW91IHVw8J+Otg== UmljayDwn5W6@IPCfp7sg"
|
|
- "ssh-ed25519 TmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3du8J+Otg== UmljayDwn5W6@IPCfp7sg"
|
|
tasks:
|
|
- name: Prepare Unlock
|
|
ansible.builtin.include_role:
|
|
name: copyrights.on_premises.remote_unlock
|
|
tasks_from: prepare.yml
|
|
vars:
|
|
ansible_become: true
|
|
|
|
- name: Flush handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Restart
|
|
ansible.builtin.command:
|
|
cmd: shutdown -r +1
|
|
become: true
|
|
changed_when: result['rc'] == 0
|
|
register: result
|
|
|
|
- name: Unlock after reboot
|
|
ansible.builtin.include_role:
|
|
name: copyrights.on_premises.remote_unlock
|
|
|
|
```
|