pub async fn create_encrypted_volume(
id: u32,
size_gb: u32,
key: &[u8; 32],
) -> Result<EncryptedVolume>Expand description
Create + format + open + mount a LUKS-encrypted volume for the given workload id. Returns the mount path the caller should bind into the container.
On failure, attempts to roll back any partial state (close mapper, rm sparse file) so a retry at the same id starts clean.