SUNET/rut-test-ops
11
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

cleanup, use stamp-file, only run on old OS versions

Browse source
This commit is contained in:
Fredrik Thulin 2023-02-03 15:39:49 +01:00
parent 948cc80389
commit e08346aa30
No known key found for this signature in database
GPG key ID: 198C1AFD505152DD
1 changed files with 17 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
global/pre-tasks.d/040hiera-gpg
View file

@ -9,12 +9,21 @@ set -e
GNUPGHOME=/etc/hiera/gpg GNUPGHOME=/etc/hiera/gpg
export GNUPGHOME export GNUPGHOME
vendor=$(lsb_release -is)
version=$(lsb_release -rs)
# If the OS is Ubuntu 18.04 or newer, or Debian 10 or newer, we don't need to do anything (those use eyaml instead)
test "${vendor}" = "Ubuntu" && dpkg --compare-versions "${version}" "ge" "18.04" && exit 0
test "${vendor}" = "Debian" && dpkg --compare-versions "${version}" "ge" "10" && exit 0
stamp="$COSMOS_BASE/stamps/hiera-gpg-v01.stamp"
test -f "$stamp" && exit 0
if [ ! -f /usr/lib/ruby/vendor_ruby/gpgme.rb ]; then if [ ! -f /usr/lib/ruby/vendor_ruby/gpgme.rb ]; then
apt-get update apt-get update
apt-get -y install ruby-gpgme apt-get -y install ruby-gpgme
fi fi
if [ ! -s $GNUPGHOME/secring.gpg ]; then if [ ! -s $GNUPGHOME/secring.gpg ]; then
if [ "x$1" != "x--force" ]; then if [ "x$1" != "x--force" ]; then
@ -35,19 +44,21 @@ if [ ! -s $GNUPGHOME/secring.gpg ]; then
chmod 700 $GNUPGHOME chmod 700 $GNUPGHOME
TMPFILE=$(mktemp /tmp/hiera-gpg.XXXXXX) TMPFILE=$(mktemp /tmp/hiera-gpg.XXXXXX)
cat > $TMPFILE <<EOF cat > "$TMPFILE" <<EOF
%echo Generating a default key %echo Generating a default key
Key-Type: default Key-Type: default
Subkey-Type: default Subkey-Type: default
Name-Real: Cosmos Puppet Name-Real: Cosmos Puppet
Name-Comment: Hiera GPG key Name-Comment: Hiera GPG key
Name-Email: root@`hostname --fqdn` Name-Email: root@$(hostname --fqdn)
Expire-Date: 0 Expire-Date: 0
# Do a commit here, so that we can later print "done" :-) # Do a commit here, so that we can later print "done" :-)
%no-protection
%commit %commit
%echo done %echo done
EOF EOF
gpg2 --batch --gen-key $TMPFILE gpg2 --batch --gen-key "$TMPFILE"
rm -f $TMPFILE rm -f "$TMPFILE"
fi fi
mkdir -p "$(dirname "${stamp}")"
touch "$stamp"