diff --git a/doc/configuration-v3_2_experimental.md b/doc/configuration-v3_2_experimental.md index 626eac7500..ff2a785468 100644 --- a/doc/configuration-v3_2_experimental.md +++ b/doc/configuration-v3_2_experimental.md @@ -115,6 +115,28 @@ The Ignition configuration is a JSON document conforming to the following specif * **_name_** (string): the group name of the owner. * **target** (string): the target path of the link * **_hard_** (boolean): a symbolic link is created if this is false, a hard one if this is true. + * **_luks_** (list of objects): the list of luks devices to be created. Every device must have a unique `name`. + * **name** (string): the name of the luks device. + * **device** (string): the absolute path to the device. Devices are typically referenced by the `/dev/disk/by-*` symlinks. + * **_cipher_** (string): the cipher specification string. + * **_hashAlgorithm_** (string): the hashing algorithm used in LUKS key setup scheme & volume key digest. + * **_keyFile_** (string): options related to the contents of the key file. + * **_compression_** (string): the type of compression used on the contents (null or gzip). Compression cannot be used with S3. + * **_source_** (string): the URL of the contents to append. Supported schemes are `http`, `https`, `tftp`, `s3`, `gs`, and [`data`][rfc2397]. When using `http`, it is advisable to use the verification option to ensure the contents haven't been modified. + * **_httpHeaders_** (list of objects): a list of HTTP headers to be added to the request. Available for `http` and `https` source schemes only. + * **name** (string): the header name. + * **_value_** (string): the header contents. + * **_verification_** (object): options related to the verification of the appended contents. + * **_hash_** (string): the hash of the contents, in the form `-` where type is either `sha512` or `sha256`. + * **_label_** (string): the label of the luks device. + * **_uuid_** (string): the uuid of the luks device. + * **_options_** (list of strings): any additional options to be passed to the cryptsetup utility. + * **_clevis_** (object): describes the clevis configuration for the luks device. + * **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`. + * **url** (string): url of the tang server. + * **thumbprint** (string): thumbprint of a trusted signing key. + * **_tpm2_** (bool): whether or not to use a tpm2 device. + * **_threshold_** (int): sets the minimum number of pieces required to decrypt the device. * **_systemd_** (object): describes the desired state of the systemd units. * **_units_** (list of objects): the list of systemd units. * **name** (string): the name of the unit. This must be suffixed with a valid unit type (e.g. "thing.service"). Every unit must have a unique `name`.