Puppet: System Administration Automated

Support

Recipe for managing apt gpg keys

This puppet definition allows you to import pgp keys into apt. 

define apt::key($keyid, $ensure, $keyserver = "keyserver.ubuntu.com") {
        case $ensure {
                present: {
                        exec { "Import $keyid to apt keystore":
                                path        => "/bin:/usr/bin",
                                environment => "HOME=/root",
                                command     => "gpg --keyserver $keyserver --recv-keys $keyid && gpg --export --armor $keyid | apt-key add -",
                                user        => "root",
                                group       => "root",
                                unless      => "apt-key list | grep $keyid",
                                logoutput   => on_failure,
                        }
                }
                absent:  {
                        exec { "Remove $keyid from apt keystore":
                                path    => "/bin:/usr/bin",
                                environment => "HOME=/root",
                                command => "apt-key del $keyid",
                                user    => "root",
                                group   => "root",
                                onlyif  => "apt-key list | grep $keyid",
                        }
                }
                default: {
                        fail "Invalid 'ensure' value '$ensure' for apt::key"
                }
        }
}

You can use this definition as follows: 

node mynode {
        apt::key { "KEYID":
                keyid  => "KEYID",
                ensure => present,
        }
        apt::key { "UNWANTEDKEYID":
                keyid  => "UNWANTEDKEYID",
                ensure => absent,
        }
}