search

keylime / keylime-vagrant-ansible-tpm-emulator

Ansible role to deploy Keylime with a software emulator
https://keylime.dev
Apache License 2.0
8 stars 20 forks source link

Fix setup of tpm_server and ima-emulator #57

Closed mpeters closed 2 years ago

mpeters commented 2 years ago

This brings this vagrant setup inline to a recent change in keylime https://github.com/keylime/keylime/commit/5dd9193c8d345ae581f3c0f0eed95c29e77f77f4

Signed-off-by: Michael Peters mpeters@redhat.com

axelsimon commented 2 years ago

This doesn't init_tpm_server anymore. To be frank, i'm not sure how necessary that really was, and if that has been tested to create a working environment, then simplifying is for the best.

Also, just checked if we lost anything by replacing install -c with Ansible's built-in copy module and discovered in install's manual that:

       -c     (ignored)

:sweat_smile:

We no longer use tpm_serverd also. I thought that was the nicer way of running tpm_server as a daemon, but again, simplifying is good, so, great, i suppose? :slightly_smiling_face:

THS-on commented 2 years ago

@axelsimon We just start a systemd service instead.

mpeters commented 2 years ago

Yeah, in my current testing this works much better than before. tpm_server would always fail to start when the vm restarted and you had to go through a whole dance to reset it and tpm2-abmrd, etc. Now it just works every time I've reloaded, re-provisioned or restarted my vm.