Add roles to add/remove a GPG key

Current usage of gpg keys involves a single role that adds, signs,
and removes the key all in one.  Some jobs may need the GPG key
installed normally onto the remote host, then left in place, and
later removed.  This change facilitates that.

Change-Id: I2f13f0c4de91808ba1bbdcc0fd20a547e43d602b
This commit is contained in:
James E. Blair 2017-10-19 13:26:16 -07:00
parent 361b11f3e3
commit 5f75a2d004
4 changed files with 33 additions and 0 deletions

View File

@ -0,0 +1,12 @@
Install a GPG private key onto a host.
**Role Variables**
.. zuul:rolevar:: gpg_key
Complex argument which contains the GPG private key. It is
expected that this argument comes from a `Secret`.
.. zuul:rolevar:: private
The ascii-armored contents of the GPG private key.

View File

@ -0,0 +1,18 @@
- name: Create GPG private key tempfile
tempfile:
state: file
register: gpg_private_key_tmp
- name: Stage GPG private key for importing
copy:
content: "{{ gpg_key.private }}"
dest: "{{ gpg_private_key_tmp.path }}"
mode: 0400
- name: Import GPG private key
command: "gpg --allow-secret-key-import --import {{ gpg_private_key_tmp.path }}"
- name: Delete staged GPG private key
file:
path: "{{ gpg_private_key_tmp.path }}"
state: absent

View File

@ -0,0 +1 @@
Remove an added GPG key from the host.

View File

@ -0,0 +1,2 @@
- name: Remove GPG key
command: "sh -c 'shred -u ~/.gnupg/*'"