Add roles to add/remove a GPG key
Current usage of gpg keys involves a single role that adds, signs, and removes the key all in one. Some jobs may need the GPG key installed normally onto the remote host, then left in place, and later removed. This change facilitates that. Change-Id: I2f13f0c4de91808ba1bbdcc0fd20a547e43d602b
This commit is contained in:
parent
361b11f3e3
commit
5f75a2d004
12
roles/add-gpgkey/README.rst
Normal file
12
roles/add-gpgkey/README.rst
Normal file
@ -0,0 +1,12 @@
|
||||
Install a GPG private key onto a host.
|
||||
|
||||
**Role Variables**
|
||||
|
||||
.. zuul:rolevar:: gpg_key
|
||||
|
||||
Complex argument which contains the GPG private key. It is
|
||||
expected that this argument comes from a `Secret`.
|
||||
|
||||
.. zuul:rolevar:: private
|
||||
|
||||
The ascii-armored contents of the GPG private key.
|
18
roles/add-gpgkey/tasks/main.yaml
Normal file
18
roles/add-gpgkey/tasks/main.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
- name: Create GPG private key tempfile
|
||||
tempfile:
|
||||
state: file
|
||||
register: gpg_private_key_tmp
|
||||
|
||||
- name: Stage GPG private key for importing
|
||||
copy:
|
||||
content: "{{ gpg_key.private }}"
|
||||
dest: "{{ gpg_private_key_tmp.path }}"
|
||||
mode: 0400
|
||||
|
||||
- name: Import GPG private key
|
||||
command: "gpg --allow-secret-key-import --import {{ gpg_private_key_tmp.path }}"
|
||||
|
||||
- name: Delete staged GPG private key
|
||||
file:
|
||||
path: "{{ gpg_private_key_tmp.path }}"
|
||||
state: absent
|
1
roles/remove-gpgkey/README.rst
Normal file
1
roles/remove-gpgkey/README.rst
Normal file
@ -0,0 +1 @@
|
||||
Remove an added GPG key from the host.
|
2
roles/remove-gpgkey/tasks/main.yaml
Normal file
2
roles/remove-gpgkey/tasks/main.yaml
Normal file
@ -0,0 +1,2 @@
|
||||
- name: Remove GPG key
|
||||
command: "sh -c 'shred -u ~/.gnupg/*'"
|
Loading…
Reference in New Issue
Block a user