Ansible role to manage Luna SA Hardware Security Module (HSM) client software
Go to file
Alfredo Moralejo c867490aa7 Disable auto-discovery for setuptools
Since setuptools release (61.0.0) ansible-role-lunasa-hsm's
package build command (python3 sdist bdist_wheel) is
finding 'defaults' directory as a python module and including
it in the built package. That's not correct as defaults is just
providing data files properly managed as data_files and there is no
actual python module, is just used as build/install tooling.

Change-Id: I759d63ede6b9d5ebedf3ccc7dcb808055a0d009a
2024-03-14 12:13:09 +01:00
defaults Add support for High Availability 2020-07-13 15:41:50 -05:00
tasks Fix vtl verification 2023-10-06 11:53:47 -04:00
.gitignore Initial commit 2020-04-23 15:01:05 +00:00
.gitreview Add zuul jobs 2020-04-27 18:47:07 -05:00
.zuul.yaml Add zuul jobs 2020-04-27 18:47:07 -05:00
AUTHORS Initial commit 2020-04-23 15:01:05 +00:00
LICENSE Initial commit 2020-04-23 15:01:05 +00:00
README.rst Add support for High Availability 2020-07-13 15:41:50 -05:00
requirements.txt Initial commit 2020-04-23 15:01:05 +00:00
setup.cfg setup.cfg: Replace dashes with underscores 2023-09-22 19:05:50 +00:00 Disable auto-discovery for setuptools 2024-03-14 12:13:09 +01:00
test-requirements.txt Initial commit 2020-04-23 15:01:05 +00:00
tox.ini Remove use of ansible_fqdn 2021-06-02 14:43:41 -05:00



A role to manage Thales Luna Network Hardware Security Module (HSM) clients.

Role Variables

This ansible role automates the configuration of a new client for the Thales Luna Network HSM.

Name Default Value Description
lunasa_client_working_dir /tmp/lunasa_client_install Working directory in the target host.
lunasa_client_tarball_name None Filename for the Lunasa client software tarball.
lunasa_client_tarball_location None Full URL where a copy of the client software tarball can be downloaded.
lunasa_client_installer_path None Path to the script inside the tarball.
lunasa_client_pin None The HSM Partition Password (PKCS#11 PIN) to be used by the client.
lunasa_client_ip None (Optional) When set, this role will use the given IP to register the client instead of the client's fqdn.
lunasa_client_rotate_cert False When set to True, the role will generate a new client certificate to replace the previous one.
lunasa_hsms None List of dictionaries, each of which describes a single HSM see vars.sample.yaml for details. When more than one HSM is listed here, the client will be configured in HA mode.


  • ansible >= 2.4