930119 - Configure Marketplace HSM boxes for stage use

Status: RESOLVED FIXED

(Security Assurance :: General, task)

Description

[Justin Lazaro [:jlaz] (use needinfo)]

We have 2 Marketplace HSM boxes racked in PHX that are ready to be configured (Security world, etc). 
 
Inventory: 
https://inventory.mozilla.org/en-US/systems/show/10916/
https://inventory.mozilla.org/en-US/systems/show/10917/

The HSM devices from Emagined were shipped to MTV, and will be sent to PHX1 to be initialized with the servers above.  OpSec will coordinate with Svcops to configure the box remotely.  Tentative date for PHX trip is 10/29.  This bug is to track progress for the work.

Comment 1

[Guillaume Destuynder [:kang] [this account is no longer active]]

we have HSM configuration training next week with :jlaz to prepare for this
mainly the cards have to import the correct world.
our documentation is at https://mana.mozilla.org/wiki/display/SECURITY/HSM+Operational+Procedures

Comment 2

[Guillaume Destuynder [:kang] [this account is no longer active]]

we went through a quick training session with jlaz and i will help set the stage boxes up as well at your convenience

Comment 3

[Guillaume Destuynder [:kang] [this account is no longer active]]

verified with jlaz that the HSMs were installed and had a security world in the datacenter.
jlaz, let me know when you want to go through the key generation and signing

Comment 4

[Justin Lazaro [:jlaz] (use needinfo)]

Scheduled a block of time tomorrow for the stage key generation process

Comment 5

[Guillaume Destuynder [:kang] [this account is no longer active]]

keys and certs where generated with jlaz yesterday

the generation scripts are stored in git-internal at svcops/hsm.
I also used that space to store the prod generation scripts, which were only stored on mana before (suboptimal)

jlaz, is everything good? (if so, lets close this:)

Comment 6

[Justin Lazaro [:jlaz] (use needinfo)]

I believe we are good now.  Thanks again for the help everyone!