Changelog

debops.cryptsetup

This project adheres to Semantic Versioning and human-readable changelog.

The current role maintainer is ypid.

debops.cryptsetup v0.5.0 - 2017-04-02

Added

Changed

Security

  • Terminate role execution if a vulnerable Ansible version is used. Running the role by a vulnerable Ansible would violate one of the design goals of the role. The minimum Ansible version without known vulnerabilities is Ansible 2.1.5. Refer to Ansible Security for details. [ypid]

debops.cryptsetup v0.4.0 - 2016-10-23

Added

Changed

  • Updated to latest DebOps Standards. [ypid]
  • Changed role namespace from cryptsetup_ to cryptsetup__. cryptsetup_[^_] variables are dropped and don’t have any effect anymore. Refer to Upgrade from v0.3.X to v0.4.X. [ypid]

Fixed

  • Don’t fail in check mode when the keyfile has not yet been generated. This requires to limit the tasks even more which are run in check mode. [ypid]
  • Don’t fail when a device was never in state present and is requested to be absent. [ypid]

debops.cryptsetup v0.3.1 - 2016-04-04

Changed

  • No need to have a default for cryptsetup_state in the tasks. cryptsetup_state is expected to be valid. [ypid]

Removed

  • Remove header backups on remote system when cryptsetup_header_backup is set to False. [ypid]

Fixed

  • Fixed usage of the role::cryptsetup:backup tag. [ypid]
  • Fixed permission enforcement of the header backup on the Ansible controller. [jacksingleton]

debops.cryptsetup v0.3.0 - 2016-03-23

Added

  • Added support to setup and mount an encrypted filesystem without storing the keyfile on persistent storage of the remote system. [ypid]
  • Added cryptsetup_secret_owner, cryptsetup_secret_group and cryptsetup_secret_mode to allow to change file permissions of the secrets directory and files on the Ansible controller. [ypid]

Changed

  • Renamed option cryptsetup_backup_header to cryptsetup_header_backup and fixed the task to allow to disable header backups. Fixed: Honor the value of item.backup_header (cryptsetup_devices). Only disable header backups when you know what you are doing! [ypid]
  • Renamed option cryptsetup_keyfile_location to cryptsetup_secret_path as it also contains the header backup on the Ansible controller. [ypid]
  • cryptsetup_mount_options and cryptsetup_crypttab_options are now lists of strings to allow more flexibility. [ypid]
  • Renamed cryptsetup_use_random to cryptsetup_use_dev_random to emphasize it’s meaning. [ypid]

Removed

  • Removed default mount options user and auto because they are not good defaults for the role. [ypid]

debops.cryptsetup v0.2.1 - 2015-12-01

Changed

  • Fail when keyfile has been generated but ciphertext block device is not available. [ypid]
  • Update .travis.yml configuration to test the role on Travis-CI. [drybjed]
  • Update documentation and change the required Ansible version to v1.9.0 due to the become option replacing sudo. [drybjed]
  • Migrated to the DebOps project as debops.cryptsetup. [drybjed]

debops.cryptsetup v0.2.0 - 2015-10-30

Added

  • Wrote initial documentation. [ypid]

Changed

  • Major rewrite to allow to create the crypto and filesystem-layer by this role. [ypid]
  • Moved to DebOps Contrib (the role is still available under ypid.crypttab until it has been fully renamed to something like debops.cryptsetup). [ypid]

debops.cryptsetup v0.1.0 - 2015-09-07

Added

  • Initial coding and design. [ypid]