Don't trace RHEL Registration scripts

We don't want to trace the RHEL registration scripts because that
is likely to log things like passwords and activation keys.  To
still allow for debugging failed runs, add sanitized logging of
the arguments passed to the registration commands, since that is
the part of the process where problems are most likely to manifest.

Change-Id: I0f661e9c152f43b814fda61211bd56ba93e3b9dc
This commit is contained in:
Ben Nemec 2015-03-31 11:17:00 -05:00
parent 7917e7416b
commit 952915f25e
2 changed files with 30 additions and 4 deletions

View File

@ -1,6 +1,6 @@
#!/bin/bash
# dib-lint: disable=setu sete setpipefail dibdebugtrace
# dib-lint: disable=dibdebugtrace
set -eu
set -o pipefail
@ -109,21 +109,34 @@ if [ -n "${REG_TYPE:-}" ]; then
opts="$opts --type=$REG_TYPE"
fi
sanitized_opts=$(echo "$opts" | sed 's/--password \([^ ]*\)/--password ***/g')
sanitized_opts=$(echo "$sanitized_opts" | sed 's/--activationkey=\([^ ]*\)/--activationkey=***/g')
case "${REG_METHOD:-}" in
portal)
echo "Registering with options: $sanitized_opts"
subscription-manager register $opts
if [ -z "${REG_AUTO_ATTACH:-}" ]; then
echo "Attaching with options: $attach_opts"
subscription-manager attach $attach_opts
fi
echo "Enabling repos: $repos"
subscription-manager $repos
;;
satellite)
# Save an unmodified copy of the repo list for logging
user_repos=$repos
repos="$repos --enable ${satellite_repo}"
echo "Installing satellite dependencies"
rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true
echo "Registering with options: $sanitized_opts"
subscription-manager register $opts
echo "Enabling repos: $user_repos"
subscription-manager $repos
echo "Installing katello-agent"
yum install -y katello-agent || true # needed for errata reporting to satellite6
katello-package-upload
echo "Disabling satellite repo because it is no longer needed"
subscription-manager repos --disable ${satellite_repo}
;;
disable)

View File

@ -1,8 +1,9 @@
#!/bin/bash
if [ "${DIB_DEBUG_TRACE:-1}" -gt 0 ]; then
set -x
fi
# This script deals quite a bit with passwords, which we don't ever want
# included in trace output
# dib-lint: disable=dibdebugtrace
set -eu
set -o pipefail
@ -85,19 +86,31 @@ if [ -n "${REG_TYPE:-}" ]; then
opts="$opts --type=$REG_TYPE"
fi
sanitized_opts=$(echo "$opts" | sed 's/--password \([^ ]*\)/--password ***/g')
sanitized_opts=$(echo "$sanitized_opts" | sed 's/--activationkey=\([^ ]*\)/--activationkey=***/g')
case "${REG_METHOD:-}" in
portal)
echo "Registering with options: $sanitized_opts"
subscription-manager register $opts
if [ -z "${REG_AUTO_ATTACH:-}" ]; then
echo "Attaching with options: $attach_opts"
subscription-manager attach $attach_opts
fi
echo "Enabling repos: $repos"
subscription-manager $repos
;;
satellite)
# Save an unmodified copy of the repo list for logging
user_repos=$repos
repos="$repos --enable ${satellite_repo}"
echo "Installing satellite dependencies"
rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true
echo "Registering with options: $sanitized_opts"
subscription-manager register $opts
echo "Enabling repos: $user_repos"
subscription-manager $repos
echo "Disabling satellite repo because it is no longer needed"
subscription-manager repos --disable ${satellite_repo}
;;
disable)