openstack
/
ansible-role-thales-hsm
Code Issues Proposed changes
Ansible role to manage Thales Hardware Security Module (HSM) client software
21 Commits 9 Branches 26 Tags 348 KiB
Python 98%
Jinja 2%
Go to file
Douglas Mendizábal 21aacdfdfe Add support for Security World client v13.4.4 
This patch adds support for installing the latest Security World client
software.  The installation media format for that version is a zipped
file containing an ISO.

The mechanism for installing the source media was changed to expect this
new format.  The file is still downloaded to the target host and now
unzip is used instead of tar to unarchive the ISO.

The client software is now installed on the target host using the RPM files
found in the ISO image.

Change-Id: If00a8612cd50f492da833033a2ed3256585617bd
(cherry picked from commit b39d08608f)
(cherry picked from commit 71f904f650)
(cherry picked from commit f98f83c7b1)
(cherry picked from commit f0ff0c6619)

This patch also includes:

Use shell instead of command for rfs-sync setup

The command module doesn't understand the pipefail setting used for
piping a response to the rfs-sync setup script.

Change-Id: Ifb1e70d47f312f44abd603f21ce6fbf8733d9dc4
(cherry picked from commit ed676be778)
(cherry picked from commit b53b695516)
(cherry picked from commit fc3f008baf)
(cherry picked from commit 69177770c9)
(cherry picked from commit 1a010eb733)
 		2023-10-06 15:06:07 -04:00
defaults Add support for Security World client v13.4.4 2023-10-06 15:06:07 -04:00
files Add support for configuring load_sharing mode 2021-02-17 11:04:23 -05:00
handlers Add support for Security World client v13.4.4 2023-10-06 15:06:07 -04:00
releasenotes/notes Add support for Security World client v13.4.4 2023-10-06 15:06:07 -04:00
tasks Add support for Security World client v13.4.4 2023-10-06 15:06:07 -04:00
templates Add support for configuring load_sharing mode 2021-02-17 11:04:23 -05:00
zuul.d Add gate config 2019-03-06 07:24:17 -06:00
.ansible-lint Fix linters 2021-01-12 09:16:30 -07:00
.gitignore Add gate config 2019-03-06 07:24:17 -06:00
.gitreview Update .gitreview for stable/xena 2021-09-16 08:42:39 +00:00
AUTHORS Initial commit. 2019-01-04 11:08:37 -06:00
LICENSE Initial commit. 2019-01-04 11:08:37 -06:00
README.rst Add support for Security World client v13.4.4 2023-10-06 15:06:07 -04:00
requirements.txt Add files for python build 2019-01-04 15:00:12 -05:00
setup.cfg Add support for Security World client v13.4.4 2023-10-06 15:06:07 -04:00
setup.py Disable auto-discovery for setuptools 2023-09-25 18:36:04 +00:00
test-requirements.txt Disable auto-discovery for setuptools 2023-09-25 18:36:04 +00:00
tox.ini Add gate config 2019-03-06 07:24:17 -06:00
vars.yaml.sample Add support for Security World client v13.4.4 2023-10-06 15:06:07 -04:00

README.rst

thales-hsm

This is a role to manage the client software for Entrust nShield Connect Hardware Security Modules (HSMs).

This repo uses the "Thales" name for historical reasons:

At the time when this repository was created nShield HSMs were owned by Thales. Since then, the nShield line of HSMs have gone through some ownership changes, including nCipher for some time, and currently Entrust.

If you are looking for the ansible role to manage client software for Thales Luna Network HSMs you can find it here:

https://opendev.org/openstack/ansible-role-lunasa-hsm

Role Variables

Name Default Value Description
thales_install_client false Whether the role should install the client software on the target host.
thales_configure_rfs false Whether the role should execute the RFS configuration tasks.
thales_client_working_dir /tmp/security_world_install Working directory in the target host.
thales_client_gid 42481 Group ID for the nfast group.
thales_client_uid 42481 User ID for the nfast user.
security_world_iso_zip_url None URL location of the Security World ISO ZIP file.
thales_client_tarball_location None DEPRECATED: Use security_world_iso_zip_url instead.
thales_rfs_ip_address None IPv4 address for the RFS host.
thales_client_ips None Whitespace separated list of IP addresses to be added to RFS config.
thales_bootstrap_client_ip None Bootstrap client IP address. This IP will be allowed to update RFS server.
nshield_hsms None List of one or more HSM devices

Requirements

  • ansible >= 2.4
  • Security World Software v13.4.4 ISO ZIP file - The ISO file in ZIP format as provided by Entrust. This should be hosted in an HTTPS server that can be accessed from the target host.