diff options
author | Leif Johansson <leifj@sunet.se> | 2013-12-19 06:45:37 -0800 |
---|---|---|
committer | Leif Johansson <leifj@sunet.se> | 2013-12-19 06:45:37 -0800 |
commit | f1c2ae2e0495f279493d8989b1c72bf3f8ed122a (patch) | |
tree | 5e87a9144cf8c23da8b5c7f438380b2bd39ab675 /global/pre-tasks.d | |
parent | 6d74b3d6de4ca065c9b6519dbdad677fc72dc184 (diff) | |
parent | 389c04019b6df3dcbaf0c9d34a95601231895092 (diff) |
Merge pull request #1 from fredrikt/master
Add hiera-gpg for storing secrets used in templates.
Diffstat (limited to 'global/pre-tasks.d')
-rwxr-xr-x | global/pre-tasks.d/040hiera-gpg | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/global/pre-tasks.d/040hiera-gpg b/global/pre-tasks.d/040hiera-gpg new file mode 100755 index 0000000..e5de6da --- /dev/null +++ b/global/pre-tasks.d/040hiera-gpg @@ -0,0 +1,52 @@ +#!/bin/sh +# +# Set up a keyring for Hiera GPG +# https://github.com/crayfishx/hiera-gpg +# + +set -e + +GNUPGHOME=/etc/hiera/gpg +export GNUPGHOME + +if [ ! -f /usr/lib/ruby/vendor_ruby/gpgme.rb ]; then + apt-get update + apt-get -y install ruby-gpgme +fi + + +if [ ! -s $GNUPGHOME/secring.gpg ]; then + + if [ "x$1" != "x--force" ]; then + echo "" + echo "Automatic Hiera-GPG key generation DISABLED (to not block on missing entropy)" + echo "" + echo " Run \`$0 --force' manually" + echo "" + exit 0 + fi + + if [ ! -f /usr/bin/gpg2 ]; then + apt-get update + apt-get -y install gnupg2 + fi + + mkdir -p $GNUPGHOME + chmod 700 $GNUPGHOME + + TMPFILE=$(mktemp /tmp/hiera-gpg.XXXXXX) + cat > $TMPFILE <<EOF +%echo Generating a default key +Key-Type: default +Subkey-Type: default +Name-Real: Cosmos Puppet +Name-Comment: Hiera GPG key +Name-Email: root@`hostname --fqdn` +Expire-Date: 0 +# Do a commit here, so that we can later print "done" :-) +%commit +%echo done +EOF + gpg2 --batch --gen-key $TMPFILE + rm -f $TMPFILE +fi |