ansible-role-thales-hsm 11.0.0

ansible-role-thales-hsm - Ansible role to configure nShileld Connect HSM clients.

This is a role to manage the client software for Entrust nShield Connect Hardware Security Modules (HSMs).

This repo uses the “Thales” name for historical reasons:

At the time when this repository was created nShield HSMs were owned by Thales. Since then, the nShield line of HSMs have gone through some ownership changes, including nCipher for some time, and currently Entrust.

If you are looking for the ansible role to manage client software for Thales Luna Network HSMs you can find it here:

https://opendev.org/openstack/ansible-role-lunasa-hsm

Role Variables

Name	Default Value	Description
thales_install_client	false	Whether the role should install the client software on the target host.
thales_configure_rfs	false	Whether the role should execute the RFS configuration tasks.
thales_client_working_dir	/tmp/security_world_install	Working directory in the target host.
thales_client_gid	42481	Group ID for the nfast group.
thales_client_uid	42481	User ID for the nfast user.
security_world_iso_zip_url	None	URL location of the Security World ISO ZIP file.
thales_client_tarball_location	None	DEPRECATED: Use security_world_iso_zip_url instead.
thales_rfs_ip_address	None	IPv4 address for the RFS host.
thales_client_ips	None	Whitespace separated list of IP addresses to be added to RFS config.
thales_bootstrap_client_ip	None	Bootstrap client IP address. This IP will be allowed to update RFS server.
nshield_hsms	None	List of one or more HSM devices

Requirements

• ansible >= 2.4

• Security World Software v13.4.4 ISO ZIP file - The ISO file in ZIP format as provided by Entrust. This should be hosted in an HTTPS server that can be accessed from the target host.