Douglas Mendizabal 4a384f4fbe Add parameters for previously hardcoded values
This patch adds a few parameters to replace previously hardcoded values
in shell commands:

* lunasa_client_device
* lunasa_appliance_user
* lunasa_ssh_cipher

All parameters use the previously hardcoded values as the default for
backwards compatibility.

Change-Id: I47b3e6ab34cca37533d5be668a3dfbf4e8208ae8
2025-05-20 15:24:05 -04:00
2020-04-23 15:01:05 +00:00
2020-04-27 18:47:07 -05:00
2020-04-27 18:47:07 -05:00
2020-04-23 15:01:05 +00:00
2020-04-23 15:01:05 +00:00
2020-04-23 15:01:05 +00:00
2024-03-14 12:13:09 +01:00
2020-04-23 15:01:05 +00:00
2021-06-02 14:43:41 -05:00

lunasa-hsm

A role to manage Thales Luna Network Hardware Security Module (HSM) clients.

Role Variables

This ansible role automates the configuration of a new client for the Thales Luna Network HSM.

Name Default Value Description
lunasa_appliance_user: admin Appliance User account used to log into the HSM to manage clients and parititon assignments.
lunasa_ssh_cipher: aes256-cbc -c cipher_spec argument passed to SSH/SCP when connecting to the HSM as the lunasa_appliance_user.
lunasa_client_working_dir /tmp/lunasa_client_install Working directory in the target host.
lunasa_client_tarball_name None Filename for the Lunasa client software tarball.
lunasa_client_tarball_location None Full URL where a copy of the client software tarball can be downloaded.
lunasa_client_installer_path None Path to the instal.sh script inside the tarball.
lunasa_client_device sa Luna product parameter passed to the Luna client software install.sh script.
lunasa_client_pin None The HSM Partition Password (PKCS#11 PIN) to be used by the client.
lunasa_client_ip None (Optional) When set, this role will use the given IP to register the client instead of the client's fqdn.
lunasa_client_rotate_cert False When set to True, the role will generate a new client certificate to replace the previous one.
lunasa_hsms None List of dictionaries, each of which describes a single HSM see vars.sample.yaml for details. When more than one HSM is listed here, the client will be configured in HA mode.

Requirements

  • ansible >= 2.4
Description
Ansible role to manage Luna SA Hardware Security Module (HSM) client software
Readme 323 KiB
Languages
Python 100%