AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Project signing with GPG and ansible-sign — Video Tutorial

How to sign an Ansible project using GPG and ansible-sign command line utility. Practical examples and step-by-step guidance on Project signing with GPG.

Watch on YouTube · Read the written article

Tutorial summary

What you'll learn

  • How to sign an Ansible project?
  • ansible-sign
  • Playbook
  • 1. install ansible-sign
  • 2. create a MANIFEST.in file
  • 3. ensure the GPG utility is installed
  • 4. GPG key successfully created
  • 5. Sign our project directory
  • Verification
  • Conclusion
How to sign an Ansible project? From a non-signed to a GPG-signed Ansible project. ansible-sign - available since 2022 - GPG signature - command line The `ansible-sign` command has been available since 2022 for installation in the most modern operating system. It is a command line tool so simplify the Project signing process using your terminal. Using the `ansible-sign` command, you sign a project using a GPG signature. Playbook - GPG sign a project At the beginning of this example, we start with a project with all our Ansible files without any GPG signature files. By the end of this Playbook, you are obtaining a GPG-signed project directory. Project directory files: - playbooks/ping.yml ```yaml --- - name: ping module Playbook hosts: all tasks: - name: test connection ansible.builtin.ping: ``` - inventory ```ini localhost ansible_connection=local ``` - MANIFEST.in ```ini recursive-exclude .git * include inventory recursive-include playbooks *.yml ``` 1. install ansible-sign Verify if the `ansible-sign` command is available in your terminal. When you obtain a command not found error, you should install it. ```bash $ ansible-sign command not found: ansible-sign ``` When the package is not available on our favorite package manager (apt, DNF, yum, zypper, brew, conda), we can rely on the PIP Python package manager: `$ pip3 install ansible-sign` Expected output: ```bash $ pip3 install ansible-sign Collecting ansible-sign Downloading ansible_sign-0.1.1-py3-none-any.whl (15 kB) Requirement already satisfied: distlib in /opt/homebrew/lib/python3.10/site-packages (from ansible-sign) (0.3.6) Requirement already satisfied: python-gnupg in /opt/homebrew/lib/python3.10/site-packages (from ansible-sign) (0.5.0) Installing collected packages: ansible-sign Successfully installed ansible-sign-0.1.1 ``` By the end of this step, the command will be available with the following output: ```bash $ ansible-sign usage: ansible-sign [-h] [--version] [--debug] [--nocolor] CONTENT_TYPE ... ansible-sign: error: the following arguments are required: CONTENT_TYPE ``` 2. create a MANIFEST.in file When the MANIFEST.in file is not present, we obtain the following message on the screen: ```bash $ ansible-sign project gpg-sign . [ERROR] Could not find a MANIFEST.in file in the specified project. [NOTE ] If you are attempting to sign a project, please create this file. [NOTE ] See the ansible-sign documentation for more information. ``` When some parts of the MANIFEST.in file is not correct; we obtain the following error on the screen: ```bash [ERROR] An error was encountered while parsing MANIFEST.in: 'recursive-include' expects <dir> <pattern1> <pattern2> ... [NOTE ] You can use the --debug global flag to view the full traceback. ``` 3. ensure the GPG utility is installed When the GPG utility (`gpg` command) is not present in our system, we obtain the following message on the screen: ```bash OSError: Unable to run gpg (gpg) - it ma

About this tutorial

  • Author: Luca Berton
  • Difficulty: Beginner
  • Read time: 7 min
  • Category: installation

Topics covered

Related video tutorials