Ansible role to manage Luna SA Hardware Security Module (HSM) client software
c867490aa7
Since setuptools release (61.0.0) ansible-role-lunasa-hsm's package build command (python3 setup.py sdist bdist_wheel) is finding 'defaults' directory as a python module and including it in the built package. That's not correct as defaults is just providing data files properly managed as data_files and there is no actual python module, setup.py is just used as build/install tooling. Change-Id: I759d63ede6b9d5ebedf3ccc7dcb808055a0d009a |
||
|---|---|---|
| defaults | ||
| tasks | ||
| .gitignore | ||
| .gitreview | ||
| .zuul.yaml | ||
| AUTHORS | ||
| LICENSE | ||
| README.rst | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
lunasa-hsm
A role to manage Thales Luna Network Hardware Security Module (HSM) clients.
Role Variables
This ansible role automates the configuration of a new client for the Thales Luna Network HSM.
| Name | Default Value | Description |
|---|---|---|
| lunasa_client_working_dir | /tmp/lunasa_client_install | Working directory in the target host. |
| lunasa_client_tarball_name | None | Filename for the Lunasa client software tarball. |
| lunasa_client_tarball_location | None | Full URL where a copy of the client software tarball can be downloaded. |
| lunasa_client_installer_path | None | Path to the instal.sh script inside the tarball. |
| lunasa_client_pin | None | The HSM Partition Password (PKCS#11 PIN) to be used by the client. |
| lunasa_client_ip | None | (Optional) When set, this role will use the given IP to register the client instead of the client's fqdn. |
| lunasa_client_rotate_cert | False | When set to True, the role will generate a new client certificate to replace the previous one. |
| lunasa_hsms | None | List of dictionaries, each of which describes a single HSM see vars.sample.yaml for details. When more than one HSM is listed here, the client will be configured in HA mode. |
Requirements
- ansible >= 2.4