From 325a684f022f3adb0f480d65b5ef14fe08803f18 Mon Sep 17 00:00:00 2001 From: Eugene Zamriy Date: Tue, 6 Feb 2024 12:17:06 +0300 Subject: [PATCH] 0.1.9 version - pgp_test_key - added a role that generates a test PGP key --- CHANGELOG.rst | 8 +++ changelogs/.plugin-cache.yaml | 6 +- changelogs/changelog.yaml | 7 ++ galaxy.yml | 2 +- roles/pgp_test_key/README.md | 17 +++++ roles/pgp_test_key/defaults/main.yml | 2 + roles/pgp_test_key/meta/argument_specs.yml | 12 ++++ roles/pgp_test_key/meta/main.yml | 15 +++++ roles/pgp_test_key/tasks/main.yml | 64 +++++++++++++++++++ .../templates/msvsphere-test-key.batch.j2 | 15 +++++ 10 files changed, 146 insertions(+), 2 deletions(-) create mode 100644 roles/pgp_test_key/README.md create mode 100644 roles/pgp_test_key/defaults/main.yml create mode 100644 roles/pgp_test_key/meta/argument_specs.yml create mode 100644 roles/pgp_test_key/meta/main.yml create mode 100644 roles/pgp_test_key/tasks/main.yml create mode 100644 roles/pgp_test_key/templates/msvsphere-test-key.batch.j2 diff --git a/CHANGELOG.rst b/CHANGELOG.rst index b63eb96..41a521f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,14 @@ msvsphere.ci Release Notes .. contents:: Topics +v0.1.9 +====== + +New Roles +--------- + +- msvsphere.ci.pgp_test_key - A role that generates a PGP key for testing purposes. + v0.1.8 ====== diff --git a/changelogs/.plugin-cache.yaml b/changelogs/.plugin-cache.yaml index d602504..f48c2cc 100644 --- a/changelogs/.plugin-cache.yaml +++ b/changelogs/.plugin-cache.yaml @@ -40,6 +40,10 @@ objects: description: A role that installs koji-tools. name: koji_tools version_added: 0.1.1 + pgp_test_key: + description: A role that generates a PGP key for testing purposes. + name: pgp_test_key + version_added: 0.1.9 postgresql_server: description: A role that installs and configures a PostgreSQL server name: postgresql_server @@ -60,4 +64,4 @@ plugins: strategy: {} test: {} vars: {} -version: 0.1.8 +version: 0.1.9 diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index ca2f7f7..e92007d 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -98,3 +98,10 @@ releases: fragments: - 6-kerberos_kdc_firewall_rules.yml release_date: '2024-01-25' + 0.1.9: + objects: + role: + - description: A role that generates a PGP key for testing purposes. + name: pgp_test_key + namespace: null + release_date: '2024-02-06' diff --git a/galaxy.yml b/galaxy.yml index a0dd840..9b3a68a 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: msvsphere name: ci -version: 0.1.8 +version: 0.1.9 readme: README.md authors: - Eugene Zamriy diff --git a/roles/pgp_test_key/README.md b/roles/pgp_test_key/README.md new file mode 100644 index 0000000..afcf032 --- /dev/null +++ b/roles/pgp_test_key/README.md @@ -0,0 +1,17 @@ +# msvsphere.ci.pgp_test_key + +An Ansible role that generates a PGP key for testing purposes. + +## Variables + +| Variable | Default value | Type | Description | Required | +| -------- | ------------- | ---- | ----------- | -------- | +| msvsphere_major_ver | "9" | str | MSVSphere OS major version. | no | + +## License + +MIT. + +## Authors + +* [Eugene Zamriy](mailto:ezamriy@msvsphere-os.ru) diff --git a/roles/pgp_test_key/defaults/main.yml b/roles/pgp_test_key/defaults/main.yml new file mode 100644 index 0000000..93a6db6 --- /dev/null +++ b/roles/pgp_test_key/defaults/main.yml @@ -0,0 +1,2 @@ +--- +msvsphere_major_ver: '9' diff --git a/roles/pgp_test_key/meta/argument_specs.yml b/roles/pgp_test_key/meta/argument_specs.yml new file mode 100644 index 0000000..4f36575 --- /dev/null +++ b/roles/pgp_test_key/meta/argument_specs.yml @@ -0,0 +1,12 @@ +--- +argument_specs: + main: + short_description: A role that generates a PGP key for testing purposes. + author: Eugene Zamriy + version_added: '0.1.9' + options: + msvsphere_major_ver: + description: MSVSphere OS major version. + default: '9' + type: 'str' + required: false diff --git a/roles/pgp_test_key/meta/main.yml b/roles/pgp_test_key/meta/main.yml new file mode 100644 index 0000000..5694552 --- /dev/null +++ b/roles/pgp_test_key/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Eugene Zamriy + description: A role that generates a PGP key for testing purposes. + company: Softline PJSC + license: MIT + min_ansible_version: 2.13 + platforms: + - name: EL + versions: + - "9" + galaxy_tags: + - koji + +dependencies: [] diff --git a/roles/pgp_test_key/tasks/main.yml b/roles/pgp_test_key/tasks/main.yml new file mode 100644 index 0000000..7d1e956 --- /dev/null +++ b/roles/pgp_test_key/tasks/main.yml @@ -0,0 +1,64 @@ +--- +- name: Check if MSVSphere test PGP key exists + ansible.builtin.shell: + cmd: "gpg --list-secret-keys | grep 'MSVSphere {{ msvsphere_major_ver }} Test Key'" + ignore_errors: true + register: pgp_test_key_check + changed_when: pgp_test_key_check.rc != 0 + +- name: Generate MSVSphere test PGP key + block: + - name: Create PGP batch file + ansible.builtin.tempfile: + state: file + prefix: scbs_ + register: pgp_test_key_batch + + - name: Populate PGP batch file + ansible.builtin.template: + src: msvsphere-test-key.batch.j2 + dest: "{{ pgp_test_key_batch.path }}" + + - name: Generate test PGP key + ansible.builtin.command: "gpg --batch --generate-key {{ pgp_test_key_batch.path }}" + + - name: Delete PGP batch file + ansible.builtin.file: + path: "{{ pgp_test_key_batch.path }}" + state: absent + when: pgp_test_key_check.rc != 0 + +- name: Check if MSVSphere test PGP key imported + ansible.builtin.shell: + cmd: rpm -q --queryformat "%{SUMMARY}\n" $(rpm -q gpg-pubkey) | grep 'MSVSphere 9 Test Key' + ignore_errors: true + register: pgp_test_key_imported + changed_when: pgp_test_key_imported.rc != 0 + +- name: Import MSVSphere test PGP key to RPM DB + block: + - name: Get user home directory + ansible.builtin.shell: "getent passwd $(id -u) | awk -F: '{ print $6 }'" + changed_when: false + register: pgp_test_key_user + + - name: Export MSVSphere test PGP public key + ansible.builtin.command: + cmd: "gpg --output {{ [pgp_test_key_user.stdout, 'RPM-GPG-KEY-MSVSphere-' + msvsphere_major_ver + '-Test-Key'] | path_join }} --export --armor --batch --yes 'MSVSphere {{ msvsphere_major_ver }} Test Key'" + + - name: Copy MSVSphere test PGP public key to /etc/pki/rpm-gpg/ + ansible.builtin.copy: + remote_src: true + src: "{{ [pgp_test_key_user.stdout, 'RPM-GPG-KEY-MSVSphere-' + msvsphere_major_ver + '-Test-Key'] | path_join }}" + dest: "/etc/pki/rpm-gpg/RPM-GPG-KEY-MSVSphere-{{ msvsphere_major_ver }}-Test-Key" + owner: root + group: root + mode: '0644' + become: true + + - name: Import MSVSphere test PGP key to RPM DB + ansible.builtin.rpm_key: + key: "{{ [pgp_test_key_user.stdout, 'RPM-GPG-KEY-MSVSphere-' + msvsphere_major_ver + '-Test-Key'] | path_join }}" + state: present + become: true + when: pgp_test_key_imported.rc != 0 diff --git a/roles/pgp_test_key/templates/msvsphere-test-key.batch.j2 b/roles/pgp_test_key/templates/msvsphere-test-key.batch.j2 new file mode 100644 index 0000000..7ea5e76 --- /dev/null +++ b/roles/pgp_test_key/templates/msvsphere-test-key.batch.j2 @@ -0,0 +1,15 @@ +%echo Generating OpenPGP key +%no-protection +Key-Type: RSA +Key-Length: 4096 +Key-Usage: sign +Name-Real: MSVSphere {{ msvsphere_major_ver }} Test Key +Name-Email: packager@msvsphere.test +Expire-Date: 0 +{% if msvsphere_major_ver | string == '9' %} +Preferences: AES256,AES192,AES,SHA512,SHA384,SHA256,ZLIB,ZIP,BZIP2 +{% else %} +Preferences: AES256,AES192,AES,3DES,SHA512,SHA384,SHA256,SHA1,ZLIB,ZIP,BZIP2 +{% endif %} +%commit +%echo done