summaryrefslogtreecommitdiff
path: root/global/pre-tasks.d
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2013-12-19 06:45:37 -0800
committerLeif Johansson <leifj@sunet.se>2013-12-19 06:45:37 -0800
commitf1c2ae2e0495f279493d8989b1c72bf3f8ed122a (patch)
tree5e87a9144cf8c23da8b5c7f438380b2bd39ab675 /global/pre-tasks.d
parent6d74b3d6de4ca065c9b6519dbdad677fc72dc184 (diff)
parent389c04019b6df3dcbaf0c9d34a95601231895092 (diff)
Merge pull request #1 from fredrikt/master
Add hiera-gpg for storing secrets used in templates.
Diffstat (limited to 'global/pre-tasks.d')
-rwxr-xr-xglobal/pre-tasks.d/040hiera-gpg52
1 files changed, 52 insertions, 0 deletions
diff --git a/global/pre-tasks.d/040hiera-gpg b/global/pre-tasks.d/040hiera-gpg
new file mode 100755
index 0000000..e5de6da
--- /dev/null
+++ b/global/pre-tasks.d/040hiera-gpg
@@ -0,0 +1,52 @@
+#!/bin/sh
+#
+# Set up a keyring for Hiera GPG
+# https://github.com/crayfishx/hiera-gpg
+#
+
+set -e
+
+GNUPGHOME=/etc/hiera/gpg
+export GNUPGHOME
+
+if [ ! -f /usr/lib/ruby/vendor_ruby/gpgme.rb ]; then
+ apt-get update
+ apt-get -y install ruby-gpgme
+fi
+
+
+if [ ! -s $GNUPGHOME/secring.gpg ]; then
+
+ if [ "x$1" != "x--force" ]; then
+ echo ""
+ echo "Automatic Hiera-GPG key generation DISABLED (to not block on missing entropy)"
+ echo ""
+ echo " Run \`$0 --force' manually"
+ echo ""
+ exit 0
+ fi
+
+ if [ ! -f /usr/bin/gpg2 ]; then
+ apt-get update
+ apt-get -y install gnupg2
+ fi
+
+ mkdir -p $GNUPGHOME
+ chmod 700 $GNUPGHOME
+
+ TMPFILE=$(mktemp /tmp/hiera-gpg.XXXXXX)
+ cat > $TMPFILE <<EOF
+%echo Generating a default key
+Key-Type: default
+Subkey-Type: default
+Name-Real: Cosmos Puppet
+Name-Comment: Hiera GPG key
+Name-Email: root@`hostname --fqdn`
+Expire-Date: 0
+# Do a commit here, so that we can later print "done" :-)
+%commit
+%echo done
+EOF
+ gpg2 --batch --gen-key $TMPFILE
+ rm -f $TMPFILE
+fi