Configure Ansible
In a terminal, run the following commands to set the required FXPKCS11 environment variables:
Be sure to modify the file path to match the location of libfxpkcs11.so and fxpkcs11.cfg on your system.
In Ansible, Playbooks perform automated tasks. You can reference the PKCS #11 library when performing these tasks inside the Playbook file to perform various functions, such as SSH and signing data. For more information on Ansible Playbooks, see the Ansible documentation.
Create an Ansible project working directory and switch to it.
Create an inventory file.
The following code shows an example inventory file using localhost:
Create a playbook.yml file.
The following code shows an example Ansible Playbook file for testing SSH referencing the private key created in the previous section (ansible_rsa_privatekey):
To execute the Playbook and reference the private key stored on the HSM during SSH connection, run the following command, setting the username, inventory, and Playbook file information according to your setup:
When prompted, enter the become_password In Ansible. The become directive escalates privileges when running tasks, similar to using sudo in the command line. The become_password is the password for the user specified in become_user (which defaults to root if not specified).
When prompted for the password of the user you are connecting to the machine with through SSH, enter it to complete the process.
If successful, you should see a response similar to the following:
You can verify the successful pull of the private key within the FXPKCS11 log file or the log output shown in the command response.
Create an Ansible project working directory and switch to it.
Create an inventory file.
The following code shows an example inventory file using localhost:
Create a playbook.yml file.
The following code shows an example Ansible Playbook file for signing data referencing the private key created in the previous section (ansible_rsa_privatekey):
To execute the Playbook and reference the private key stored on the HSM during SSH connection, run the following command, setting the username, inventory, and Playbook file information according to your setup:
When prompted, enter the become_password In Ansible. The become directive escalates privileges when running tasks, similar to using sudo in the command line. The become_password is the password for the user specified in become_user (which defaults to root if not specified).
When prompted for the password of the user you are connecting to the machine with through SSH, enter it to complete the process.
If successful, you should see a response similar to the following:
You can verify the signing operations within the FXPKCS11 log file or by checking the output file contents.