From Linux Minimal Client Create a Docker Container to Access a DPOD HSM on Demand Service

This section describes steps to view SafeNet Data Protection on Demand (DPoD)'s HSM on Demand services from a Luna Minimal Client. This example assumes that you have followed the steps in Installing Luna Minimal Client on Linux Using Docker, or have otherwise created the appropriate directories and Dockerfile. This section assumes you have purchased a DPOD service.

1.Download the DPOD client configuration zip file.  

2.Unzip the DPOD client configuration zip file.

>cd $HOME/luna-docker  

>mkdir $HOME/luna-docker/dpod  

>unzip </path/to/DPOD-ServClient>.zip -d $HOME/luna-docker/dpod  

3.Copy the DPOD certificates into the certificate directory on the shared volume so that the Docker container can use them.

>cp $HOME/luna-docker/dpod/server-certificate.pem $HOME/luna-docker/config/certs/  

>cp $HOME/luna-docker/dpod/partition-ca-certificate.pem $HOME/luna-docker/config/certs/  

>cp $HOME/luna-docker/dpod/partition-certificate.pem $HOME/luna-docker/config/certs/  

4.Copy over the entire REST and XTC sections from the unzipped Chrystoki.conf located at $HOME/luna-docker/dpod/Chrystoki.conf:

>cat $HOME/luna-docker/dpod/Chrystoki.conf  

>vi $HOME/luna-docker/config/Chrystoki.conf  

5.Update $HOME/luna-docker/config/Chrystoki.conf with the expected paths that will be used by the Docker container.

>export ChrystokiConfigurationPath=$HOME/luna-docker/config  

>MIN_CLIENT_DIR=$HOME/luna-docker/LunaClient-Minimal-<release_version>.x86_64  

>$MIN_CLIENT_DIR/bin/64/configurator setValue -s XTC -e PartitionCAPath -v /usr/local/luna/config/certs/partition-ca-certificate.pem  

>$MIN_CLIENT_DIR/bin/64/configurator setValue -s XTC -e PartitionCertPath00 -v /usr/local/luna/config/certs/partition-certificate.pem  

>$MIN_CLIENT_DIR/bin/64/configurator setValue -s REST -e SSLClientSideVerifyFile -v /usr/local/luna/config/certs/server-certificate.pem  

6.The Luna Minimal Client now includes a DPOD plugin which allows the LUNA client to be able to communicate with a DPOD service. That file can be located under $HOME/luna-docker/LunaClient-Minimal-<release_version>.x86_64/plugins/libdpod.plugin. This example uses the Dockerfile mentioned above which extracts the Luna Minimal Client tarball into the Docker image.

>$MIN_CLIENT_DIR/bin/64/configurator setValue -s Misc -e PluginModuleDir -v /usr/local/luna/plugins  

7.Attach the Docker container. If it is stopped you must start the container first.

>docker ps -a  

>docker start <container_id>  

>docker attach <container_id>  

8.At this point you should be able to see the DPOD service

>lunacm  


Customer Support Portal

SafeNet Luna Network HSM 10.1 Product Documentation  23 January 2020  Copyright 2001-2020 Thales Group. All rights reserved.