Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Make both sigul vaults know their counterparts public key

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2017-02-20 23:17:56 +00:00
parent 0fd0505b92
commit a8cb95ecaf
1 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
roles/sigul/server/templates/server.conf.j2
View file

@ -57,12 +57,11 @@ nss-max-tls: tls1.2
[binding]
# List of binding modules enabled
enabled: pkcs11
{% if inventory_hostname.startswith('sign-vault03') %}
pkcs11_tokens: yubikey_sv03
{% else %}
pkcs11_tokens: yubikey_sv04
{% endif %}
pkcs11_tokens: yubikey_sv03,yubikey_sv04
pkcs11_yubikey_sv03_pubkey: /etc/sigul/yubikey_sv03.pem
pkcs11_yubikey_sv04_pubkey: /etc/sigul/yubikey_sv04.pem
{% if inventory_hostname.startswith('sign-vault03') %}
pkcs11_yubikey_sv03_privkey: pkcs11:serial=8f2a341e00d7a665;id=%03;type=private
{% else %}
pkcs11_yubikey_sv04_privkey: pkcs11:serial=b38ee13e56b3b987;id=%03;type=private
{% endif %}