I hope the wipe_volume should make sure the LUKS volume is not re-created or Ignition tries to change the encryption (add another keyslot for the clevis device I show). Is that correct?
Wait? Did I understood that correctly, it should not?
I.e. it should usually always remove the existing LUKS partition (and data) and add a fresh new one? remove the LUKS encryption data and add a fresh new one?
Also looking through the code you linked it seems that check only triggers if wipe_volume = false. However, as my aim is to actually just re-use the existing partition? Or well… at least don’t wipe the data, which it thankfully does not seem to to.
Or what does it do then? Does it reconfigure the LUKS keyslots as specified in the Butane config?
And what happens if I just omit the whole LUKS section? Does it then anyway properly unlock the volume? Or do I need to specify it?
Ignition should do nothing with the device if the device specifies wipeVolume: false & either A) the device uses clevis or B) the device doesn’t match what is specified in the Ignition config.
If you omit the LUKS section then Ignition shouldn’t touch anything (unless you’re doing something else to the disk elsewhere in the storage section). You could then configure the unlocking of the device however you wish.
Essentially you’d just be treading off the path of Ignition configuring the unlocking for you. If you go through the code you can probably piece together what Ignition does to configure automatic unlocking and build a config which performs those steps for an existing device without using the LUKS section.