quickstart: include TPM-manager container

Note that we do not perform SSH host key checking. Host keys are treated as secrets, and will be applied via cloud-init *after* all TPM operations have completed (since this needs the key that we store into the TPM).
OpenCHAMI · Aug 15, 2024 · dc3e3f3 · dc3e3f3
1 parent e3e5244
commit dc3e3f3
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/quickstart/tpm-manager.yml b/quickstart/tpm-manager.yml
@@ -0,0 +1,20 @@
+services:
+  ###
+  # TPM-manager container, pushes cloud-init tokens into nodes' TPM storage
+  ###
+  tpm-manager:
+    image: ghcr.io/openchami/tpm-manager:v0.1.3
+    container_name: tpm-manager
+    hostname: tpm-manager
+    command: ["-port", "27780", "-batch-size", "100", "-interval", "30s"]
+    environment:
+      - OPAAL_URL=http://opaal:3333
+      - HSM_URL=http://smd:27779
+      - ANSIBLE_HOST_KEY_CHECKING=False
+    depends_on:
+      opaal:
+        condition: service_healthy
+      smd:
+        condition: service_healthy
+    networks:
+      - internal