Add HSM Prep role #2482
Add HSM Prep role #2482
Conversation
|
Thanks for the PR! ❤️ |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
d67832b to
e47e84c
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/c451c3ccac3f4fa3ba324cb5083255fe ❌ openstack-k8s-operators-content-provider FAILURE in 5m 51s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
3 times, most recently
from
e5ad646 to
c13c263
Compare
| This VM should contain the following contents: | ||
| * The contents of the minimal linux client in a zipped tar file. | ||
| * The lunasa binaries that need to be added to the image under a specified directory. | ||
| * The lunasa HSM server cert. |
There was a problem hiding this comment.
Since you're going to tar up the linux-minimal client, why not also add the binaries there too?
There was a problem hiding this comment.
yeah - I suppose we could do that. six and a half dozen ..
roles/hsm_prep/README.md
Outdated
| cifmw_hsm_client_ip: "IP of the client - this could be the hypervisor where the Openshift nodes run" | ||
| cifmw_hsm_luna_clientvm_ip: "IP for the pre-configured running lunaclient" | ||
| cifmw_hsm_luna_clientvm_user: "User to log into the pre-configured running lunaclient" | ||
| cifmw_hsm_luna_clientvm_password: "password to log into the pre-configured running lunaclient" |
There was a problem hiding this comment.
Did you consider using an SSH key instead of a password?
There was a problem hiding this comment.
the latest version doesn't have these parameters. They are expected to be set in an inventory - and how you get there is up to you. In my testing, I'm using ssh keys.
roles/hsm_prep/README.md
Outdated
| * `cifmw_hsm_luna_clientvm_password`: (String) user password for the luna client VM | ||
| * `cifmw_hsm_luna_minclient_src`: (String) Location of linux minimal client tarball on the luna client VM. Default value: `/opt/data/Linux-Minimal-Client.tar.gz` | ||
| * `cifmw_hsm_luna_binaries_src`: (String) Location of the luna binaries on the luna client VM. Default value: `/opt/data/bin` | ||
| * `cifmw_hsm_luna_server_cert_src`: (String) Location of HSM server cert on the luna client VM. Default value: ` /usr/safenet/lunaclient/bin/` |
There was a problem hiding this comment.
Why put the cert in a bin folder? I think it makes more sense to put it in /opt/data with the rest of the pre-provisioned files.
There was a problem hiding this comment.
actually , thats incorrectly documented. It should be /usr/safenet/lunaclient/cert/server, where vtl puts all the other cert files.
vakwetu
force-pushed
the
add_hsm_prep_role
branch
3 times, most recently
from
36ba164 to
856472e
Compare
| * `cifmw_hsm_admin_user`: (String) The user to log into the HSM. Default value: `admin` | ||
| * `cifmw_hsm_admin_password`: (String) The password to log into the HSM. |
There was a problem hiding this comment.
I think these two are only relevant for Lunas.
There was a problem hiding this comment.
Why not use the script from the repo that is passed in as a parameter (cifmw_hsm_barbican_operator_repo)? Otherwise we're going to have to double up maintenance to the script since changes there would also have to be made here.
There was a problem hiding this comment.
I plan to. This is just here temporarily until that script merges.
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
856472e to
30b587f
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/521a3c6891764bdca915cbccc7f99474 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 42m 23s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
30b587f to
ad79538
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/80acc76b15624eb7afb9a1784ed47ecf ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 11m 23s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
ad79538 to
3a7e099
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/b3dff3bc497a4e48938fd5ed394b9e95 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 37m 06s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
3a7e099 to
8dbbd55
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/0dd9094df55d48af94dc3b46b84241e0 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 47m 31s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
8dbbd55 to
5165869
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/00fbae8496b444e2aa62d64af6291974 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 31m 50s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
2 times, most recently
from
fa29bef to
7297b7d
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/9528012c760441a0b7941664deb037bf ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 47m 27s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
7297b7d to
cde5987
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/fd2ac6141cf24018aeaab4143ca85996 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 49m 44s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
2 times, most recently
from
f09ca11 to
8a0e5a3
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/5e9ed960465e4e99a9e78dd212072826 ❌ openstack-k8s-operators-content-provider FAILURE in 4m 24s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
6 times, most recently
from
1681be8 to
7cb2e0c
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/f191edd4e30a4e609947ef71e88ffe9a ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 32m 04s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
4cc698e to
6e98bf9
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/3c47b5ff4f644e8ca4246be0a7597c09 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 44m 22s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
6e98bf9 to
2fa5c69
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/6d6ef37ece80449d9efb51c216270b17 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 31m 12s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
2fa5c69 to
2f2971f
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/e45cf74fe96c4747b7424a8cc0619733 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 44m 28s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
2f2971f to
140d1e3
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/d0ad86e7debb4e299773685d5f3a4311 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 37m 06s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
140d1e3 to
02e3880
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/683d9478796e45f0b870e70a1bc891f1 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 17m 27s |
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
02e3880 to
1209b9f
Compare
Also add a playbook to call this role as a pre_deploy playbook so that we can create and use the modified images in our barbican tests.
vakwetu
force-pushed
the
add_hsm_prep_role
branch
from
1209b9f to
b8db344
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
No description provided.