{"id":21002792,"url":"https://github.com/kpn-puppet/puppet-kpn-dm_crypt","last_synced_at":"2025-05-15T00:31:29.898Z","repository":{"id":31858543,"uuid":"128168195","full_name":"kpn-puppet/puppet-kpn-dm_crypt","owner":"kpn-puppet","description":null,"archived":false,"fork":false,"pushed_at":"2022-06-07T10:13:45.000Z","size":35,"stargazers_count":0,"open_issues_count":1,"forks_count":4,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-07-30T20:07:11.955Z","etag":null,"topics":["dm-crypt","puppet"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kpn-puppet.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-05T06:36:34.000Z","updated_at":"2022-06-07T10:13:18.000Z","dependencies_parsed_at":"2022-07-24T20:31:59.189Z","dependency_job_id":null,"html_url":"https://github.com/kpn-puppet/puppet-kpn-dm_crypt","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpn-puppet%2Fpuppet-kpn-dm_crypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpn-puppet%2Fpuppet-kpn-dm_crypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpn-puppet%2Fpuppet-kpn-dm_crypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpn-puppet%2Fpuppet-kpn-dm_crypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kpn-puppet","download_url":"https://codeload.github.com/kpn-puppet/puppet-kpn-dm_crypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225317154,"owners_count":17455384,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dm-crypt","puppet"],"created_at":"2024-11-19T08:19:59.138Z","updated_at":"2024-11-19T08:20:00.273Z","avatar_url":"https://github.com/kpn-puppet.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dm_crypt\n\n## Table of Contents\n\n1. [Overview](#overview)\n2. [Module Description](#module-description)\n3. [Setup](#setup)\n    * [Setup requirements](#setup-requirements)\n    * [What dm_crypt affects](#what-dm_crypt-affects)\n    * [Beginning with dm_crypt](#beginning-with-dm_crypt)\n4. [Usage](#usage)\n    * [Parameters](#parameters)\n    * [Examples](#examples)\n5. [Reference](#reference)\n6. [Limitations](#limitations)\n7. [Development](#development)\n\n## Overview\n\nThis module will create a encrypted partion for a device using dm-crypt cryptsetup.\nBe very carefull to keep you secret otherwise your data is never accessable again.\n\n## Module Description\n\nThis module creates an encrypted partion on a disk device with the executable cryptsetup.\nYou need to specify the disk device which will be encrypted.\nYou need to specitfy the mount point to mount the encrypted partition.\nYou need to specify the filesystem type to format the encrypted partition.\nYou need to supply a base64 encrypted password based on the puppet agent certificates.\n\n## Setup\n\n### Setup  Requirements\n\nThis module requires:\n\n* [puppetlabs-stdlib](https://github.tooling.kpn.org/kpn-puppet-forge/puppet-puppetlabs-stdlib) (version requirement: \u003e= 4.6.0 \u003c5.0.0)\n\n### What dm_crypt affects\n\n* The package cryptsetup will be installed.\n* The directory path of the suplied mountpoint will be created.\n* cryptsetup is used to create the encrypted luks device with a key based on the supplied password.\n* cryptsetup will open de the device with a label (label will be the last directory of the supplied mountpoint).\n* mkfs will format de newly created encrypted partion /dev/mapper/\n* the new device will be mounted on the suplied mountpoint.\n\nYou have to supply a base64 encrypted password based on the puppet agents certificates to create the partion.\nKeep this password on a safe place because it is needed to open and mount the device otherwise you're data is never accessable again.\nFor example creating a base64 encrypted password based on de puppet agent public key:\necho \"my secret passphrase\" | openssl rsautl -encrypt -inkey /etc/puppetlabs/puppet/ssl/public_keys/`hostname`.pem -pubin | base64 | tr -d \"\\n\"\n\nThere is also a generated fact called `encrypted_secret` that can be used as password. This fact is stored in the file `/opt/puppetlabs/facter/facts.d/encrypted_secret.yaml`.\n\n### Beginning with dm_crypt\n\n## Usage\n\n### Parameters\n\nThis module accepts the following parameters:\n\n  String         $disk_device,\n  String         $mount_point,\n  String         $filesystem_type,\n  String         $password,\n  String         $config_ensure,\n  String         $pacakge_ensure,\n  String         $package_name,\n\n#### disk_device (required)\n\nType: string\nDefault: `undef`\nValues: any valid string representing a existing disk device for example /dev/sdb\nDescription: This parameter contains a tring with the disk device used for the encrypted partition\n\n#### mount_point (required)\n\nType: string\nDefault: `undef`\nValues: any valid string with a valid abslotu path of the mount point where the encrypted partion will be mounted\nDescription: This parameter contains the mount point an the last directory of the path will be used as the label for the encrypted luks device\n\n#### filesytem_type (required)\n\nType: Enum[string]\nDefault: `undef`\nValues: 'ext4' or 'xfs'\nDescription: This parameter contains the filesystem type for mkfs to format the new encrypted partion.\n\n#### password (required)\n\ntype: string\nDefault: `undef`\nValues: base64 encrypted string based on the puppet agent certificates\nDescription: This parameter contains the encrypted password in base64 format encryption based on the puppet agent certificates\nyou can supply this password as external fact encrypted_secret\n\n#### config_ensure\n\nType: string\nDefault: `'present'`\nValues: `'present'`, `'absent'`\nDescription: Ensures that  resource will be created or removed.\nBe carefull to remove the resource because any data on the encrypted partition will be lost\n\n#### package_ensure\n\nType: string\nDefault: `'present'`\nValues: `'present'`, `'absent'`\nDescription: Ensures that package will be installed or removed.\nBe carefull to remove the resource because any data on the encrypted partition will be lost\n\n#### package_name\n\nType: string\nDefault: `'cryptsetup'`\nValues: any velis sting with the coreect package name\nDescription: The package that will be installed.\n\n### Examples\n\n#### Example 1: Setting the default values for the module\n\n```puppet\n  $encrypted_secret = 'QyY9BNdBSvee5q2H+CzDr8BsSvxPkrSLzvEro8FnwJ8EBCk5/DtGrSU/diBkUHXGqezggZnJumlLwwXIXG+G1/7X+VDwSIoKqnTq/VKzzve8t1My8fZnbuQLS/iTac06umAkqvJbMCc8R+Kl9a8sovxnZa3d9rTu4eMLb5hnWfpFpv9mK2XbbkCsWJqdzDv+XSsEr6nnnyxzsIJ8F8O2SxCvJkR0gHpVdBmNREMbEdAqVXQSeV1eKr4rNitM1CUZq/yi62yjbxQGAj7epZGe0eu6DGFXuoZqh/eAnC4e5XaWh3XxQAFq30vlY953G9yR3l+bFg/MFRmZU4vwaHvWh1D3Bn9O9c8WiW6lc0kUgm/8NfOejPgipOL3r7VhbNdQpyP/rhvvagyuM00dAukd5ATFbi2AnM3C9JQfws8glN+jHOR01N6o3OynfbE3SZrq229XTZM9m3rRWUglbPQFUlNH3M+LjNvdrQGlNVr/3utGUhfUv4OzZz9B5JiMpYO8nBjvbhYeLttOnRJ5G10BSd/9vufJWOh1FkGoVnkBknzjzhc3cRe08uI2T6r6lD4DKpujK0rzgcR15U/fg9BBZLGgD2+vUVvb95SxNY9bgVtk7ZhBYG065828i1omt7C4F7rkWPtcSovts9U1OAjKqsQ5yfFlmqjjRwr9gwyFWbE='\n  class { 'dm_crypt':\n    ensure          =\u003e 'present',\n    disk_device     =\u003e '/dev/sdb',\n    mount_point     =\u003e '/apps/postgresDB',\n    filesystem_type =\u003e 'ext4',\n    password        =\u003e $encrypted_secret,\n  }\n```\n\n#### Example 2: Use generated encrypted_secret fact\n\n```puppet\n  class { 'dm_crypt':\n    ensure          =\u003e 'present',\n    disk_device     =\u003e '/dev/sdb',\n    mount_point     =\u003e '/apps/postgresDB',\n    filesystem_type =\u003e 'ext4',\n    password        =\u003e $::facts['encrypted_secret'],\n  }\n```\n\n## Reference\n\nclasses:\n\n- [dm_crypt](#dmcrypt)\n  - [Table of Contents](#table-of-contents)\n  - [Overview](#overview)\n  - [Module Description](#module-description)\n  - [Setup](#setup)\n    - [Setup  Requirements](#setup-requirements)\n    - [What dm_crypt affects](#what-dmcrypt-affects)\n    - [Beginning with dm_crypt](#beginning-with-dmcrypt)\n  - [Usage](#usage)\n    - [Parameters](#parameters)\n      - [disk_device (required)](#diskdevice-required)\n      - [mount_point (required)](#mountpoint-required)\n      - [filesytem_type (required)](#filesytemtype-required)\n      - [password (required)](#password-required)\n      - [config_ensure](#configensure)\n      - [package_ensure](#packageensure)\n      - [package_name](#packagename)\n    - [Examples](#examples)\n      - [Example 1: Setting the default values for the module](#example-1-setting-the-default-values-for-the-module)\n      - [Example 2: Use generated encrypted_secret fact](#example-2-use-generated-encryptedsecret-fact)\n  - [Reference](#reference)\n  - [Limitat ions](#limitat-ions)\n  - [Development](#development)\n\ntypes:\n\n* lib/puppet/type/crypt.rb\n\nproviders:\n\n* lib/puppet/providers/crypt/rhel7.rb\n* lib/puppet/providers/crypt/rhel6.rb\n\n## Limitat ions\n\nThis module works only on:\n\n* RedHat 6\n* RedHat 7\n\n## Development\n\nYou can contribute by submitting issues, providing feedback and joining the discussions.\n\nGo to: https://github.com/kpn-puppet/puppet-kpn-dm_crypt\n\nIf you want to fix bugs, add new features etc:\n\n* Fork it\n* Create a feature branch ( git checkout -b my-new-feature )\n* Apply your changes and update rspec tests\n* Run rspec tests ( bundle exec rake spec )\n* Commit your changes ( git commit -am 'Added some feature' )\n* Push to the branch ( git push origin my-new-feature )\n* Create new Pull Request\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkpn-puppet%2Fpuppet-kpn-dm_crypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkpn-puppet%2Fpuppet-kpn-dm_crypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkpn-puppet%2Fpuppet-kpn-dm_crypt/lists"}