Browse Source

Beginning to set up a GPG keymaster based on https://github.com/boklm/puppet-sshkeys [ci-skip]

master
Aaron Hicks 9 years ago
parent
commit
90bc20ef38
  1. 8
      README.markdown
  2. 5
      manifests/key.pp
  3. 27
      manifests/keymaster.pp
  4. 33
      manifests/keymaster/setup.pp
  5. 2
      manifests/params.pp
  6. 7
      spec/classes/keymaster_spec.rb

8
README.markdown

@ -11,7 +11,10 @@ To install the GPG tools:
include gpg
```
This should be run before using the GPG type.
This should be run before using the GPG type or setting up the keymaster.
# GPG Keymaster
# Type and Provider for GPG
@ -49,7 +52,10 @@ Update your license details here.
# References
* http://www.gnupg.org/ GunPG home page
* https://github.com/crayfishx/puppet-gpg used for creation of GPG keys with gpgme
* http://www.happylife.sg/index.php/2011/01/24/migrating-gpg-keys/ for migrating GPG keys around
* https://github.com/boklm/puppet-sshkeys for an example of using puppet to manage keys
# Attribution

5
manifests/key.pp

@ -0,0 +1,5 @@
define gpg::key (
){
include gpg::params
}

27
manifests/keymaster.pp

@ -0,0 +1,27 @@
# Keymaster host:
# Creates a GnuPG keyring to store and manage GPG key pairs.
class gpg::keymaster {
include gpg::params
require gpg
file{$gpg::params::keymaster_ring_dir:
ensure => directory,
owner => puppet,
group => puppet,
mode => 644,
recurse => true
}
file{$gpg::params::keymaster_keyring:
ensure => file,
owner => puppet,
group => puppet,
mode => 644,
recurse => true,
replace => false
}
# Realise virtual keys
Gpg::Keymaster::Setup <| |>
}

33
manifests/keymaster/setup.pp

@ -0,0 +1,33 @@
# Create/Regenerate/Remove a key pair on the GPG keymaster
# This definition is private and SHALL NOT be called driectly!
# It is called from gpg::key to create virtual keys,
# which are realise in gpg::keymaster
define gpg::keymaster::setup(
$ensure,
$force,
$keytype,
$keylength,
$subkeytype,
$subkeylength,
$email,
$password,
$armour,
$expiry
){
include gpg::params
Exec{ path => ['/usr/bin','/usr/sbin','/bin','/sbin']}
File{
owner => puppet,
group => puppet,
mode => 600,
}
$key_gen_file = "${gpg::params::keymaster_ring_dir}/${title}/gpg_gen.txt"
$secret_key_file = "${gpg::params::keymaster_ring_dir}/${title}/${title}_secret.gpg"
$public_key_file = "${gpg::params::keymaster_ring_dir}/${title}/${title}_public.gpg"
case $ensure {
}
}

2
manifests/params.pp

@ -5,6 +5,8 @@ case $::osfamily {
$package = 'gnupg'
$gpgme_package = 'gpgme'
$gpgme_provider = 'gem'
$keymaster_ring_dir = '/var/lib/puppet-gpg'
$keymaster_keyring = "${keymaster_ring_dir}/gpg_keymaster.pgp"
}
default: {
fail("The operating system family ${::osfamily} is not supported by the puppet-gpg module on ${::fqdn}")

7
spec/classes/keymaster_spec.rb

@ -0,0 +1,7 @@
require 'spec_helper'
describe 'gpg', :type => :class do
it { should include_class("gpg::params")}
it { should contain_file("/var/lib/puppet-gpg")}
it { should contain_file("/var/lib/puppet-gpg/gpg_keymaster.gpg")}
end
Loading…
Cancel
Save