Browse Source

Beginning to set up a GPG keymaster based on https://github.com/boklm/puppet-sshkeys [ci-skip]

master
Aaron Hicks 6 years ago
parent
commit
90bc20ef38

+ 7
- 1
README.markdown View File

@@ -11,7 +11,10 @@ To install the GPG tools:
include gpg
```

This should be run before using the GPG type.
This should be run before using the GPG type or setting up the keymaster.

# GPG Keymaster


# Type and Provider for GPG

@@ -49,7 +52,10 @@ Update your license details here.

# References

* http://www.gnupg.org/ GunPG home page
* https://github.com/crayfishx/puppet-gpg used for creation of GPG keys with gpgme
* http://www.happylife.sg/index.php/2011/01/24/migrating-gpg-keys/ for migrating GPG keys around
* https://github.com/boklm/puppet-sshkeys for an example of using puppet to manage keys

# Attribution


+ 5
- 0
manifests/key.pp View File

@@ -0,0 +1,5 @@
define gpg::key (

){
include gpg::params
}

+ 27
- 0
manifests/keymaster.pp View File

@@ -0,0 +1,27 @@
# Keymaster host:
# Creates a GnuPG keyring to store and manage GPG key pairs.
class gpg::keymaster {
include gpg::params

require gpg

file{$gpg::params::keymaster_ring_dir:
ensure => directory,
owner => puppet,
group => puppet,
mode => 644,
recurse => true
}

file{$gpg::params::keymaster_keyring:
ensure => file,
owner => puppet,
group => puppet,
mode => 644,
recurse => true,
replace => false
}

# Realise virtual keys
Gpg::Keymaster::Setup <| |>
}

+ 33
- 0
manifests/keymaster/setup.pp View File

@@ -0,0 +1,33 @@
# Create/Regenerate/Remove a key pair on the GPG keymaster
# This definition is private and SHALL NOT be called driectly!
# It is called from gpg::key to create virtual keys,
# which are realise in gpg::keymaster
define gpg::keymaster::setup(
$ensure,
$force,
$keytype,
$keylength,
$subkeytype,
$subkeylength,
$email,
$password,
$armour,
$expiry
){
include gpg::params
Exec{ path => ['/usr/bin','/usr/sbin','/bin','/sbin']}

File{
owner => puppet,
group => puppet,
mode => 600,
}

$key_gen_file = "${gpg::params::keymaster_ring_dir}/${title}/gpg_gen.txt"
$secret_key_file = "${gpg::params::keymaster_ring_dir}/${title}/${title}_secret.gpg"
$public_key_file = "${gpg::params::keymaster_ring_dir}/${title}/${title}_public.gpg"

case $ensure {

}
}

+ 2
- 0
manifests/params.pp View File

@@ -5,6 +5,8 @@ case $::osfamily {
$package = 'gnupg'
$gpgme_package = 'gpgme'
$gpgme_provider = 'gem'
$keymaster_ring_dir = '/var/lib/puppet-gpg'
$keymaster_keyring = "${keymaster_ring_dir}/gpg_keymaster.pgp"
}
default: {
fail("The operating system family ${::osfamily} is not supported by the puppet-gpg module on ${::fqdn}")

+ 7
- 0
spec/classes/keymaster_spec.rb View File

@@ -0,0 +1,7 @@
require 'spec_helper'

describe 'gpg', :type => :class do
it { should include_class("gpg::params")}
it { should contain_file("/var/lib/puppet-gpg")}
it { should contain_file("/var/lib/puppet-gpg/gpg_keymaster.gpg")}
end

Loading…
Cancel
Save