commit 15c0ac4da1e9af4df58a6b96c8115a419bafe467
author Dmitry Pyzhov <dpyzhov@mirantis.com> Tue Dec 11 17:10:08 2018 +0300
committer Dmitry Pyzhov <dpyzhov@mirantis.com> Fri Dec 14 19:02:12 2018 +0300
tree 00b7757f8edd8330face1aa39064b6ff0082e2b1
parent c69bfc073675acd824ab34181c64cb39ad16996f

Store gpg key on salt master

Related-PROD: PROD-23609 (PROD:23609)
Related-PROD: PROD-23611 (PROD:23611)

Change-Id: I77f90080f3678291af9d0f9f936f2d8811524513

config-drive/create_config_drive.sh

diff --git a/config-drive/create_config_drive.sh b/config-drive/create_config_drive.sh
index b30e644..0b1a79f 100644
--- a/config-drive/create_config_drive.sh
+++ b/config-drive/create_config_drive.sh
@@ -6,12 +6,12 @@
 # -u/--user-data option).
 
 usage () {
-        echo "usage: ${0##*/}: [--ssh-key <pubkey>] [--vendor-data <file>] [--user-data <file>] [--hostname <hostname>] [--model <model>] [--mk-pipelines <mk-pipelines>] [--pipeline-library <pipeline-library>] <imagename>"
+        echo "usage: ${0##*/}: [--ssh-key <pubkey>] [--gpg-key <file>] [--vendor-data <file>] [--user-data <file>] [--hostname <hostname>] [--model <model>] [--mk-pipelines <mk-pipelines>] [--pipeline-library <pipeline-library>] <imagename>"
 }
 
 ARGS=$(getopt \
-        -o k:u:v:h:m:mp:p \
-        --long help,hostname:,ssh-key:,user-data:,vendor-data:,model:,mk-pipelines:,pipeline-library: -n ${0##*/} \
+        -o k:g:u:v:h:m:mp:p \
+        --long help,hostname:,ssh-key:,gpg-key:,user-data:,vendor-data:,model:,mk-pipelines:,pipeline-library: -n ${0##*/} \
         -- "$@")
 
 if [ $? -ne 0 ]; then
@@ -31,6 +31,10 @@
                         ssh_key="$2"
                         shift 2
                         ;;
+                -g|--gpg-key)
+                        gpg_key="$2"
+                        shift 2
+                        ;;
                 -u|--user-data)
                         user_data="$2"
                         shift 2
@@ -78,6 +82,12 @@
         cp $ssh_key $config_dir/root_auth_keys
 fi
 
+if [ "$gpg_key" ] && [ -f "$gpg_key" ]; then
+        echo "adding gpg key from $gpg_key"
+        mkdir $config_dir/gpg
+        cp $gpg_key $config_dir/gpg/salt_master_pillar.asc
+fi
+
 if [ "$user_data" ] && [ -f "$user_data" ]; then
         echo "adding user data from $user_data"
         cp $user_data $config_dir/user-data

config-drive/master_config.yaml

diff --git a/config-drive/master_config.yaml b/config-drive/master_config.yaml
index 3e68c74..c3db534 100644
--- a/config-drive/master_config.yaml
+++ b/config-drive/master_config.yaml
@@ -227,6 +227,11 @@
 
     echo "Configuring salt"
     envsubst < /root/minion.conf > /etc/salt/minion.d/minion.conf
+    if [ -f /mnt/gpg/salt_master_pillar.asc ]; then
+      mkdir /etc/salt/gpgkeys
+      chmod 700 /etc/salt/gpgkeys
+      GNUPGHOME=/etc/salt/gpgkeys gpg --import /mnt/gpg/salt_master_pillar.asc
+    fi
     enable_services
 
     # Wait for salt-master and salt-minion to wake up after restart