Automatically setting up encrypted partitions with Ansible

I am looking for a way to set encrypted partitions with Ansible automatically on Ubuntu/Debian Linux servers.

• Assume a computer with an existing root filling up the whole disk

• Chop a piece out of this partition and make a new partition out of it

• Encrypt the partition using LUKS or Truecrypt

• Taking passphrase as input for the playbook

I am very new to Ansible, so if anyone could point me direction where to start (existing disk partition roles, encrypted disk roles and such). Can I drive fdisk with Ansible? How to make sure the role doesn't try to create the partition twice (when provisioning is run again).

Writing an Ansible role which does this is not as easy as it might seem when you want to do it right (e.g. idempotent and be robust). I know that because I just wrote/rewrote one :)

https://docs.debops.org/en/master/ansible/roles/cryptsetup/index.html

It is able to handle 2 of your 3 wanted features:

• Encrypt the partition using LUKS or Truecrypt
• Taking passphrase as input for the playbook. I did take a different path using keyfiles which did better fit my use case. Passphrases might be supported in the future. For now you can just write the passphrase to a file and specify that as keyfile.

I decided against including support to create partitions to the role itself to keep complexity down.