From 1c71cdb4213fca036ca122b0ef26b70a15e5078b Mon Sep 17 00:00:00 2001
From: Lucas Ritzdorf <42657792+LRitzdorf@users.noreply.github.com>
Date: Tue, 18 Jun 2024 15:10:05 -0600
Subject: [PATCH] quickstart: include TPM-manager container

Note that we do not perform SSH host key checking. Host keys are treated
as secrets, and will be applied via cloud-init *after* all TPM
operations have completed (since this needs the key that we store into
the TPM).
---
 quickstart/tpm-manager.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 quickstart/tpm-manager.yml

diff --git a/quickstart/tpm-manager.yml b/quickstart/tpm-manager.yml
new file mode 100644
index 0000000..6275d37
--- /dev/null
+++ b/quickstart/tpm-manager.yml
@@ -0,0 +1,20 @@
+services:
+  ###
+  # TPM-manager container, pushes cloud-init tokens into nodes' TPM storage
+  ###
+  tpm-manager:
+    image: ghcr.io/openchami/tpm-manager:v0.1.3
+    container_name: tpm-manager
+    hostname: tpm-manager
+    command: ["-port", "27780", "-batch-size", "100", "-interval", "30s"]
+    environment:
+      - OPAAL_URL=http://opaal:3333
+      - HSM_URL=http://smd:27779
+      - ANSIBLE_HOST_KEY_CHECKING=False
+    depends_on:
+      opaal:
+        condition: service_healthy
+      smd:
+        condition: service_healthy
+    networks:
+      - internal