luks_device.py: allows user explicity define luks format version (#61812)

* luks_device.py: allow the user create LUKS based on specific versions

- Allow user pass an option 'type' that explicits define the version of LUKS
  container that will be created. It should be 'luks1' or 'luks2' format.
- If 'label' option is defined the 'type' option will be 'luks2' independently
  of the option 'type' informed by user. (labels NEED luks2 format)

Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>

* added the changelog fragment

Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>

* luks_device.py: make it fail in certain conditions

- Not allow user especify luks1 type and label at the same playbook

Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>

changelogs/fragments/58973-luks_device_add-type-option.yml

@@ -0,0 +1,2 @@
+minor_changes:
+- luks_device - added the ``type`` option that allows user explicit define the LUKS container format version

lib/ansible/modules/crypto/luks_device.py

@@ -107,6 +107,7 @@ options:
               label on later usages."
             - "Will only be used on container creation, or when I(device) is
               not specified."
+            - "This cannot be specified if I(type) is set to C(luks1)."
         type: str
         version_added: "2.10"
     uuid:
@@ -115,6 +116,14 @@ options:
             - "Will only be used when I(device) and I(label) are not specified."
         type: str
         version_added: "2.10"
+    type:
+        description:
+            - "This option allow the user explicit define the format of LUKS
+              container that wants to work with. Options are C(luks1) or C(luks2)"
+        type: str
+        choices: [luks1, luks2]
+        version_added: "2.10"
+
 
 
 requirements:
@@ -195,6 +204,13 @@ EXAMPLES = '''
     uuid: 03ecd578-fad4-4e6c-9348-842e3e8fa340
     state: "closed"
     name: "mycrypt"
+
+- name: create a container using luks2 format
+  luks_device:
+    device: "/dev/loop0"
+    state: "present"
+    keyfile: "/vault/keyfile"
+    type: luks2
 '''
 
 RETURN = '''
@@ -317,16 +333,22 @@ class CryptHandler(Handler):
 
     def run_luks_create(self, device, keyfile, keysize):
         # create a new luks container; use batch mode to auto confirm
-        label = self._module.params.get('label')
+        luks_type = self._module.params['type']
+        label = self._module.params['label']
+
         options = []
         if keysize is not None:
             options.append('--key-size=' + str(keysize))
         if label is not None:
-            # create luks container v2 with label
+            options.extend(['--label', label])
-            options.extend(['--type', 'luks2', '--label', label])
+            luks_type = 'luks2'
+        if luks_type is not None:
+            options.extend(['--type', luks_type])
+
         args = [self._cryptsetup_bin, 'luksFormat']
         args.extend(options)
         args.extend(['-q', device, keyfile])
+
         result = self._run_command(args)
         if result[RETURN_CODE] != 0:
             raise ValueError('Error while creating LUKS on %s: %s'
@@ -541,6 +563,7 @@ def run_module():
         keysize=dict(type='int'),
         label=dict(type='str'),
         uuid=dict(type='str'),
+        type=dict(type='str', choices=['luks1', 'luks2']),
     )
 
     # seed the result dict in the object
@@ -564,6 +587,10 @@ def run_module():
     crypt = CryptHandler(module)
     conditions = ConditionsHandler(module, crypt)
 
+    # conditions not allowed to run
+    if module.params['label'] is not None and module.params['type'] == 'luks1':
+        module.fail_json(msg='You cannot combine type luks1 with the label option.')
+
     # The conditions are in order to allow more operations in one run.
     # (e.g. create luks and add a key to it)