Update global/pre-tasks.d/ and global/post-tasks.d/ from nunoc-ops.

author: Linus Nordberg <linus@nordu.net> 2017-07-28 16:18:22 +0200
committer: Linus Nordberg <linus@nordu.net> 2017-07-28 16:18:22 +0200
commit: 47a968085005c10feb2bbb7cd05610a4ae33cb77 (patch)
tree: 72c7c9f216294cb0eb4efcd39f39bfe9b0fa8806 /global/pre-tasks.d/040hiera-gpg
parent: eb35f2b362452dab12ffc67c7aa2e81755b1e222 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/global/pre-tasks.d/040hiera-gpg b/global/pre-tasks.d/040hiera-gpg
index e5de6da..0ef2d86 100755
--- a/global/pre-tasks.d/040hiera-gpg
+++ b/global/pre-tasks.d/040hiera-gpg
@@ -14,8 +14,12 @@ if [ ! -f /usr/lib/ruby/vendor_ruby/gpgme.rb ]; then
     apt-get -y install ruby-gpgme
 fi
 
+# this is useful to make the cmdline hiera tool work
+if [ -f /etc/hiera/data/secrets.yaml.asc -a ! -f /etc/hiera/data/secrets.yaml.gpg ]; then
+   (cd /etc/hiera/data && ln -s secrets.yaml.asc secrets.yaml.gpg)
+fi
 
-if [ ! -s $GNUPGHOME/secring.gpg ]; then
+if [ ! -s $GNUPGHOME/secring.gpg -a ! -s /etc/hiera/gpg/pubring.kbx ]; then
 
     if [ "x$1" != "x--force" ]; then
 	echo ""
@@ -44,6 +48,7 @@ Name-Comment: Hiera GPG key
 Name-Email: root@`hostname --fqdn`
 Expire-Date: 0
 # Do a commit here, so that we can later print "done" :-)
+%no-protection
 %commit
 %echo done
 EOF
author	Linus Nordberg <linus@nordu.net>	2017-07-28 16:18:22 +0200
committer	Linus Nordberg <linus@nordu.net>	2017-07-28 16:18:22 +0200
commit	47a968085005c10feb2bbb7cd05610a4ae33cb77 (patch)
tree	72c7c9f216294cb0eb4efcd39f39bfe9b0fa8806 /global/pre-tasks.d/040hiera-gpg
parent	eb35f2b362452dab12ffc67c7aa2e81755b1e222 (diff)