Offer flexible setup for GPG unattended key generation

[egypcio]

Description

Offer flexible setup for GPG unattended key generation. Should folks need to have sane defaults and start from it to modify their custom needs, this change request offers that.

Motivation and Context

After reading https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html with care to keep the default settings used by GnuPG, here we suggest to no longer have a DSA key with 2048 bits, and change our template to serve the default values.

We also set the variables to modify the "real name" and "comment" used to generate the GPG key; as the use of MISP in production requires us to be able to modify and track that.

How Has This Been Tested?

• Usual lint, for YAML and Ansible;
• Clear run of ansible-playbook to apply the role on a fresh installed VM, with proper user credentials (and root privileges).

Types of changes

• [ ] Bug fix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• [x] My code follows the code style of this project.
• [ ] My change requires a change to the documentation.
• [ ] I have updated the documentation accordingly.
• [ ] I have read the CONTRIBUTING document.
• [ ] I have added tests to cover my changes.
• [ ] All new and existing tests passed including pre-commit and github actions.
• [ ] Used in production.

[juju4]

This one, I would defer to https://github.com/juju4/ansible-gpgkey_generate This MISP role contains already too much IMHO. I thought to split it but not done yet.

[egypcio]

This one, I would defer to https://github.com/juju4/ansible-gpgkey_generate This MISP role contains already too much IMHO. I thought to split it but not done yet.

okie dokie! your call, and I respect that; much appreciated for the feedback tho.

so I will opt to keep myself a separated fork if this merge doesn't make it to upstream, instead of patching that other role you presented/suggested.

besides the main change related to patching the keys creation, my other personal goal by opening this pull request was just to avoid chains of roles dependencies which I (and others) could easily enable/disable via custom playbook (or extra) variables on the command line.

• https://github.com/juju4/ansible-MISP/pull/15
  • something like that gives folks better control of using this role;
  • if I may flag that, please consider adding such a mechanism when you "integrate" gpgkey_generate here.

for more information about variable precedence, please check this documentation.

PS: I am already taking care of a similar fork myself which does not add an automatic dependency on the "EPEL role" -- something that works fine if one does apply this role here to any recent Debian or Ubuntu LTS system.

[juju4]

I removed the redhat_epel dependency. this is old setup and now can use syntax like { role: juju4.redhat_epel, when: ansible_os_family == "RedHat" }

I was there on roles dependencies but that makes maintenance and testing harder IMHO. Closing