openstack
/
ansible-role-lunasa-hsm
Code Issues Proposed changes
ansible-role-lunasa-hsm/tasks/register_hsm.yaml

57 lines
2.0 KiB
YAML
Raw Blame History

---
- debug:
msg: "Registering the following HSM: {{ hsm_name }}"
- name: Get the hsm server cert from the hsm_server
shell: |
sshpass -p '{{ hsm_admin_password }}' \
scp -o StrictHostKeyChecking=false admin@{{ hsm_hostname }}:server.pem /usr/safenet/lunaclient/bin/{{ hsm_hostname }}.pem
become: true
- name: Register the HSM server cert with the client
shell: |
/usr/safenet/lunaclient/bin/vtl addServer -n {{ hsm_hostname }} \
-c /usr/safenet/lunaclient/bin/{{ hsm_hostname }}.pem
register: add_server
become: true
failed_when:
- add_server.rc != 0
- '"This server is already registered" not in add_server.stdout'
- name: Set the cert file name
set_fact:
client_name: "{{ inventory_hostname }}"
- name: Create a client cert for NTL
command: /usr/safenet/lunaclient/bin/vtl createCert -n "{{ client_ip }}"
args:
creates: "/usr/safenet/lunaclient/cert/client/{{ client_ip }}.pem"
become: true
- name: Copy the NTL client cert to the HSM
shell: |
sshpass -p '{{ hsm_admin_password }}' scp /usr/safenet/lunaclient/cert/client/{{ client_ip }}.pem \
admin@{{ hsm_hostname }}:{{ client_ip }}.pem
become: true
# A client with the same hostname has already been registered
- name: Register the client certificate on the hsm_server
shell: |
sshpass -p '{{ hsm_admin_password }}' ssh admin@{{ hsm_hostname }} \
-C "client register -c {{ client_name }} -ip {{ client_ip }}"
register: client_register
failed_when:
- client_register.rc != 0
- "'client with the same IP address has already been registered' not in client_register.stdout"
become: true
- name: Assign client to an HSM partition
shell: |
sshpass -p '{{ hsm_admin_password }}' ssh admin@{{ hsm_hostname }} \
-C "client assignPartition -c {{ client_name }} -p {{ hsm_partition }}"
register: assign_partition
failed_when:
- assign_partition.rc != 0
- "'client already has access' not in assign_partition.stdout"
become: true
View Git Blame Copy Permalink