Remove Luna HSM clients on scaledown

This patch adds a scaledown task to remove the HSM client when a Controller node is being removed. Depends-On: I87f7cb2435f77814169fbad3bd0814d370a546a1 Change-Id: Ia8698702c9494d4303ede4fd2955c5975ab07af9 (cherry picked from commit 144eb67ca5)
2020-11-06 10:54:06 -06:00 · 2020-11-06 10:54:06 -06:00 · b51683ceb7
parent efb23bfaf7
commit b51683ceb7
1 changed files with 19 additions and 0 deletions
--- a/deployment/barbican/barbican-api-container-puppet.yaml
+++ b/deployment/barbican/barbican-api-container-puppet.yaml
@ -828,5 +828,24 @@ outputs:
                name: virt_sandbox_use_netlink
                persistent: yes
                state: yes
+      scale_tasks:
+        if:
+        - lunasa_hsm_enabled
+        -
+          - name: Remove HSM clients
+            when: step|int == 1
+            tags: down
+            block:
+              - name: Remove client from HSM
+                import_role:
+                  name: lunasa_hsm
+                  tasks_from: unregister_client
+                delegate_to: undercloud
+                vars:
+                  - map_merge:
+                    - {get_param: LunasaVars}
+                    - lunasa_client_pin: {get_param: BarbicanPkcs11CryptoLogin}
+                    - client_name: "{{ fqdn_canonical }}"
+        - null
      metadata_settings:
        get_attr: [ApacheServiceBase, role_data, metadata_settings]