Enabling support for Thales Luna user id and group id.

The new client software version requires the use of a specific group called "hsmusers", and for consistency reasons, we are specifying both, the user id and the group id, and inserting the Barbican username inside of such a group. Change-Id: Ibf1dd3fbebbf0c1f1ed0d14f3afe65f388367bbe Signed-off-by: Mauricio Harley <mharley@redhat.com>
2025-04-24 14:37:13 +00:00 · 2025-04-24 14:37:13 +00:00 · b43bb87352
commit b43bb87352
parent c867490aa7
2 changed files with 14 additions and 0 deletions
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@ -2,3 +2,5 @@
 lunasa_client_working_dir: /tmp/lunasa_client_install
 lunasa_client_rotate_cert: false
 lunasa_ha_label: myHAgroup
+lunasa_user_id: 42493
+lunasa_group_id: 42493
--- a/tasks/register_client.yaml
+++ b/tasks/register_client.yaml
@ -3,6 +3,18 @@
  ansible.builtin.debug:
    msg: "Registering client: {{ client_name }} [host: {{ client_host }}, CN: {{ client_cert_cn }}] with HSM: {{ hsm_hostname }}"

+- name: Create hsmusers group
+  ansible.builtin.group:
+    name: hsmusers
+    gid: "{{ lunasa_group_id }}"
+
+- name: Create hsmusers user
+  ansible.builtin.user:
+    name: hsmusers
+    uid: "{{ lunasa_user_id }}"
+    group: "{{ lunasa_group_id }}"
+    create_home: false
+
 - name: Get the hsm server cert from the hsm_server
  ansible.builtin.shell: >
    sshpass -p '{{ hsm_admin_password }}'