From 5f299ac03aca55623ec6950e3bfa835bed03e9a0 Mon Sep 17 00:00:00 2001 From: Fabian Arrotin Date: Jun 22 2021 11:14:33 +0000 Subject: Added simple ansible note for restricted signing machine Signed-off-by: Fabian Arrotin --- diff --git a/docs/buildsys/koji-cbs-sigs.md b/docs/buildsys/koji-cbs-sigs.md index b354985..c1cc9fe 100644 --- a/docs/buildsys/koji-cbs-sigs.md +++ b/docs/buildsys/koji-cbs-sigs.md @@ -152,5 +152,11 @@ Here is the Kmods SIG [commit](https://git.centos.org/centos/centos.org/c/fc51c0 !!! warning Don't forget to also put the gpg passphrase in the git-crypted pkistore as it will be needed each time that we'll have to unlock the gpg keys in keyring (like on a reboot of the signing machine/service) +Last step is to then play the [stylo](https://github.com/centos/ansible-role-stylo) role with ansible after having updated the signing node `stylo_gpg_sigs` list in host_vars. Attention that gpg key id has to be written in lowercase though : + + * update ansible inventory with new gpg keyid / sig name + * `ansible-playbook playbooks/role-stylo.yml --tags "config"` + + ## Koji tags creation