ansible-role-lunasa-hsm 11.0.0.0rc1

ansible-role-lunasa-hsm - Ansible role to configure Lunasa HSM clients.

A role to manage Thales Luna Network Hardware Security Module (HSM) clients.

Role Variables

This ansible role automates the configuration of a new client for the Thales Luna Network HSM.

Name	Default Value	Description
lunasa_appliance_user:	admin	Appliance User account used to log into the HSM to manage clients and parititon assignments.
lunasa_ssh_cipher:	aes256-cbc	-c cipher_spec argument passed to SSH/SCP when connecting to the HSM as the lunasa_appliance_user.
lunasa_client_working_dir	/tmp/lunasa_client_install	Working directory in the target host.
lunasa_client_tarball_name	None	Filename for the Lunasa client software tarball.
lunasa_client_tarball_location	None	Full URL where a copy of the client software tarball can be downloaded.
lunasa_client_installer_path	None	Path to the instal.sh script inside the tarball.
lunasa_client_device	sa	Luna product parameter passed to the Luna client software install.sh script.
lunasa_client_pin	None	The HSM Partition Password (PKCS#11 PIN) to be used by the client.
lunasa_client_ip	None	(Optional) When set, this role will use the given IP to register the client instead of the client’s fqdn.
lunasa_client_rotate_cert	False	When set to True, the role will generate a new client certificate to replace the previous one.
lunasa_hsms	None	List of dictionaries, each of which describes a single HSM see vars.sample.yaml for details. When more than one HSM is listed here, the client will be configured in HA mode.

Requirements

• ansible >= 2.4