This repository contains ansible roles for deploying sigsum transparency logs on Debian-bookworm systems. Each role has a slightly more detailed README.
Checkout the ansible.sigsum collection in your ansible repository:
$ mkdir -p collections
$ ansible-galaxy collection install git+https://git.glasklar.is/sigsum/admin/ansible.git,main -p collections/
Replace main with a git-tag to checkout a fixed version.
Show the installed sigsum collection version using:
$ ansible-galaxy collection list -p ./collections | grep sigsum
See example playbook and its configuration for two examples:
- Deploy a primary-secondary log setup for database replication
- Deploy a primary log where the key is accessed using the ssh-agent protocol
See the sigsum-agent and yubihsm-connector roles for further details on how to do similar ssh-agent deployments with keys protected by YubiHSMs.
Read more about the Sigsum log server software and its configuration here.
The HACKING file describes how to run the tests.
See CHANGELOG.
See LICENSE.