Ansible role to manage Luna SA Hardware Security Module (HSM) client software
b4eaaeb9cc
This patch adds the ability to configure the Luna Network HSM client to use more than one HSM for high availability (HA) mode. Change-Id: If0eb393ca970206cc95c7453641f33781eb698b2 |
||
|---|---|---|
| defaults | ||
| tasks | ||
| .gitignore | ||
| .gitreview | ||
| .zuul.yaml | ||
| AUTHORS | ||
| LICENSE | ||
| README.rst | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
lunasa-hsm
A role to manage Thales Luna Network Hardware Security Module (HSM) clients.
Role Variables
This ansible role automates the configuration of a new client for the Thales Luna Network HSM.
| Name | Default Value | Description |
|---|---|---|
| lunasa_client_working_dir | /tmp/lunasa_client_install | Working directory in the target host. |
| lunasa_client_tarball_name | None | Filename for the Lunasa client software tarball. |
| lunasa_client_tarball_location | None | Full URL where a copy of the client software tarball can be downloaded. |
| lunasa_client_installer_path | None | Path to the instal.sh script inside the tarball. |
| lunasa_client_pin | None | The HSM Partition Password (PKCS#11 PIN) to be used by the client. |
| lunasa_client_ip | None | (Optional) When set, this role will use the given IP to register the client instead of the client's fqdn. |
| lunasa_client_rotate_cert | False | When set to True, the role will generate a new client certificate to replace the previous one. |
| lunasa_hsms | None | List of dictionaries, each of which describes a single HSM see vars.sample.yaml for details. When more than one HSM is listed here, the client will be configured in HA mode. |
Requirements
- ansible >= 2.4