Skip to content

Latest commit

 

History

History
55 lines (49 loc) · 1.74 KB

README.md

File metadata and controls

55 lines (49 loc) · 1.74 KB

ansible-gpg-import

Ansible module to import and remove GPG-keys.

It addresses the issues of non-responding keyservers in general by repeating attempts and keys.gnupg.net's round-robin-DNS sabotaging DNS-caching (like the Windows DNS-cache does it) in particular by optionally trying alternating hostnames.

examples

tasks:
  - name: Install GPG key
    gpg_import: key_id="0x3804BB82D39DC0E3"

or

tasks:
  - name: Install GPG key
    gpg_import: key_id="0x3804BB82D39DC0E3"
      bin_path: '/usr/loca/bin/gpg'

or

tasks:
  - name: Install or update GPG key
    gpg_import:
      key_id: "0x3804BB82D39DC0E3"
      state: latest
      servers:
        - 'hkp://no.way.ever'
        - 'keys.gnupg.net'
        - 'hkps://hkps.pool.sks-keyservers.net'

or

tasks:
  - name: Install or fail with fake and not fake GPG keys
    gpg_import:
      key_id: "{{ item }}"
      tries: 2
    with_items:
      - "0x3804BB82D39DC0E3"
      - "0x3804BB82D39DC0E4" # fake key fails

options

name default description
state 'present' desired state 'present', 'latest', 'refreshed' or 'absent' ('refreshed' == 'latest')
servers [ keys.gnupg.net ] list of hostnames (or hkp:///hkps:// urls) to try
tries 3 number of attempts per server
delay 0.5 delay between retries
gpg_timeout 5 gpg --keyserver-options timeout=5 ...
bin_path /usr/bin/gpg Location of gpg binary

Strange behaviors occur when used with insane keys. But this is a gpg-problem.