AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Project signature verification with GPG and ansible-sign — Video Tutorial

Learn how to GPG-sign an Ansible project using the ansible-sign command line tool. Watch a live Playbook by Luca Berton and transform your project.

Watch on YouTube · Read the written article

Tutorial summary

What you'll learn

  • How to verify an Ansible project signature?
  • ansible-sign
  • Playbook
  • 1. install ansible-sign
  • 2. ensure the GPG utility is installed
  • 3. GPG key successfully imported
  • 4. Ansible Project verification
  • File mismatch
  • Signature mismatch
  • Conclusion
How to verify an Ansible project signature? A step to step guide to verify the signature using the `ansible-sign` of a GPG-signed Ansible project. ansible-sign - available since 2022 - command line - GPG signature The `ansible-sign` command has been available since 2022 for installation in the most modern operating system. It is a command line tool so simplify the Project signing process using your terminal. Using the `ansible-sign` command, we can verify the GPG signature of an Ansible project. Playbook - GPG sign verification a project At the beginning of this example, we start with a project with all our Ansible files already signed with a GPG signature. By the end of this Playbook, we will verify if the signature is correct for the current Ansible project directory. Project directory files: - playbooks/ping.yml ```bash --- - name: ping module Playbook hosts: all tasks: - name: test connection ansible.builtin.ping: ``` - inventory ``` localhost ansible_connection=local ``` - MANIFEST.in ```bash recursive-exclude .git * include inventory recursive-include playbooks *.yml ``` Project signature files: - `.ansible-sign/sha256sum.txt` ```bash 8fda56fd3288141367f151fcaf8e3fca5d4b46cfe3ba7d8dfc66b17205284efd MANIFEST.in 49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763 inventory 1c666ccae8a05445d2c8b36341dec1671093999d995944e2ecdce671fc474f7c playbooks/ping.yml ``` - `.ansible-sign/sha256sum.txt.sig` ```bash -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRFr0MY44L/nHcn7m7siNPNNZbCMAUCY8KpMQAKCRDsiNPNNZbC MJvaAP97QUbnymXHaco5ZnF6vrReOc/7C7e8YDxSfh+6fsjbPAEAsnk4t4jTihkm O15QNa+3EwelTLjjeZkHfFyY1YPD6QE= =4rnz -----END PGP SIGNATURE----- ``` 1. install ansible-sign Verify if the ansible-sign command is available in your terminal. When you obtain a command not found error, you should install it. ```bash $ ansible-sign command not found: ansible-sign ``` When the package is not available on our favorite package manager (apt, DNF, yum, zypper, brew, conda), we can rely on the PIP Python package manager: `$ pip3 install ansible-sign` Expected output: ```bash $ pip3 install ansible-sign Collecting ansible-sign Downloading ansible_sign-0.1.1-py3-none-any.whl (15 kB) Requirement already satisfied: distlib in /opt/homebrew/lib/python3.10/site-packages (from ansible-sign) (0.3.6) Requirement already satisfied: python-gnupg in /opt/homebrew/lib/python3.10/site-packages (from ansible-sign) (0.5.0) Installing collected packages: ansible-sign Successfully installed ansible-sign-0.1.1 ``` By the end of this step, the command will be available with the following output: ```bash $ ansible-sign usage: ansible-sign [-h] [--version] [--debug] [--nocolor] CONTENT_TYPE ... ansible-sign: error: the following arguments are required: CONTENT_TYPE ``` 2. ensure the GPG utility is installed When the GPG utility (`gpg` command) is not present in our system, we obtain the following message on the screen: ```bash OS

About this tutorial

  • Author: Luca Berton
  • Difficulty: Beginner
  • Read time: 7 min
  • Category: installation

Topics covered

Related video tutorials