https://github.com/keylime/ansible-keylime

Ansible Role to Deploy Keylime
https://github.com/keylime/ansible-keylime

ansible keylime tpm

Last synced: about 1 year ago
JSON representation

Ansible Role to Deploy Keylime

• Host: GitHub
• URL: https://github.com/keylime/ansible-keylime
• Owner: keylime
• License: apache-2.0
• Created: 2019-04-13T09:38:47.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2023-09-07T14:51:51.000Z (almost 3 years ago)
• Last Synced: 2024-04-20T09:08:43.003Z (about 2 years ago)
• Topics: ansible, keylime, tpm
• Homepage: https://keylime.dev
• Size: 38.1 KB
• Stars: 5
• Watchers: 5
• Forks: 19
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Ansible Keylime

[![Build Status](https://travis-ci.org/keylime/ansible-keylime.svg?branch=master)](https://travis-ci.org/keylime/ansible-keylime) [![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/keylime-project/community)

Ansible role to deploy [Keylime](https://github.com/keylime/keylime) with the [rust implementation of the keylime agent](https://github.com/keylime/rust-keylime) against

a Hardware TPM.

The role is currently configured to work with Fedora 35.

Contributions are welcome, should anyone wish to have this role provision other

Linux distributions.

For details on using Keylime, please consult the

[project documentation](https://keylime-docs.readthedocs.io/en/latest/)

## Usage

Run the example playbook against your target remote host(s).

```bash

ansible-playbook -i your_hosts playbook.yml

```

## Get started with Keylime

The best way to get started is to read the [Keylime

Documentation](https://keylime-docs.readthedocs.io/en/latest/), however if

you're keen to get started right away, follow these steps.

You first need to decide on if you will use the revocation framework, if

so you will need to install golang and set the following value in

`/etc/keylime.conf`

`ca_implementation = cfssl`

Alternately you can set `openssl` which has no other dependencies.

You now need to start the following services.

`# keylime_verifier`

`# keylime_registrar`

To run the agent, navigate to the rust-keylime directory and start the agent. 

`# RUST_LOG=keylime_agent=trace cargo run --bin keylime_agent `

| Note: Keylime Agent requires a TPM active that the agent can take ownership on|

| --- |

You can now set up a use case, a good first scenario to try out would be [IMA

Integrity Monitoring](https://keylime-docs.readthedocs.io/en/latest/user_guide/runtime_ima.html)

For more detailed set up scenarios, see the [Keylime

documentation](https://keylime-docs.readthedocs.io/en/latest/user_guide/runtime_ima.html)

## License

Apache 2.0

## Contribute

Please do! Pull requests are welcome.

Please ensure CI tests pass!

## Contributors

* Luke Hinds (lhinds@redhat.com)

* Leo Jia (ljia@redhat.com )