Closed egypcio closed 1 year ago
This one, I would defer to https://github.com/juju4/ansible-gpgkey_generate This MISP role contains already too much IMHO. I thought to split it but not done yet.
This one, I would defer to https://github.com/juju4/ansible-gpgkey_generate This MISP role contains already too much IMHO. I thought to split it but not done yet.
okie dokie! your call, and I respect that; much appreciated for the feedback tho.
so I will opt to keep myself a separated fork if this merge doesn't make it to upstream, instead of patching that other role you presented/suggested.
besides the main change related to patching the keys creation, my other personal goal by opening this pull request was just to avoid chains of roles dependencies which I (and others) could easily enable/disable via custom playbook (or extra) variables on the command line.
gpgkey_generate
here.for more information about variable precedence, please check this documentation.
PS: I am already taking care of a similar fork myself which does not add an automatic dependency on the "EPEL role" -- something that works fine if one does apply this role here to any recent Debian or Ubuntu LTS system.
I removed the redhat_epel dependency. this is old setup and now can use syntax like { role: juju4.redhat_epel, when: ansible_os_family == "RedHat" }
I was there on roles dependencies but that makes maintenance and testing harder IMHO. Closing
Description
Offer flexible setup for GPG unattended key generation. Should folks need to have sane defaults and start from it to modify their custom needs, this change request offers that.
Motivation and Context
After reading https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html with care to keep the default settings used by GnuPG, here we suggest to no longer have a DSA key with 2048 bits, and change our template to serve the default values.
We also set the variables to modify the "real name" and "comment" used to generate the GPG key; as the use of MISP in production requires us to be able to modify and track that.
How Has This Been Tested?
ansible-playbook
to apply the role on a fresh installed VM, with proper user credentials (and root privileges).Types of changes
Checklist: