Don't trace RHEL Registration scripts

We don't want to trace the RHEL registration scripts because that is likely to log things like passwords and activation keys. To still allow for debugging failed runs, add sanitized logging of the arguments passed to the registration commands, since that is the part of the process where problems are most likely to manifest. Change-Id: I0f661e9c152f43b814fda61211bd56ba93e3b9dc
2015-03-31 11:17:00 -05:00 · 2015-03-31 11:17:00 -05:00 · 952915f25e
commit 952915f25e
parent 7917e7416b
2 changed files with 30 additions and 4 deletions
--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
+++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
@ -1,6 +1,6 @@
 #!/bin/bash

-# dib-lint: disable=setu sete setpipefail dibdebugtrace
+# dib-lint: disable=dibdebugtrace

 set -eu
 set -o pipefail
@ -109,21 +109,34 @@ if [ -n "${REG_TYPE:-}" ]; then
    opts="$opts --type=$REG_TYPE"
 fi

+sanitized_opts=$(echo "$opts" | sed 's/--password \([^ ]*\)/--password ***/g')
+sanitized_opts=$(echo "$sanitized_opts" | sed 's/--activationkey=\([^ ]*\)/--activationkey=***/g')
+
 case "${REG_METHOD:-}" in
    portal)
+        echo "Registering with options: $sanitized_opts"
        subscription-manager register $opts
        if [ -z "${REG_AUTO_ATTACH:-}" ]; then
+            echo "Attaching with options: $attach_opts"
            subscription-manager attach $attach_opts
        fi
+        echo "Enabling repos: $repos"
        subscription-manager $repos
        ;;
    satellite)
+        # Save an unmodified copy of the repo list for logging
+        user_repos=$repos
        repos="$repos --enable ${satellite_repo}"
+        echo "Installing satellite dependencies"
        rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true
+        echo "Registering with options: $sanitized_opts"
        subscription-manager register $opts
+        echo "Enabling repos: $user_repos"
        subscription-manager $repos
+        echo "Installing katello-agent"
        yum install -y katello-agent || true # needed for errata reporting to satellite6
        katello-package-upload
+        echo "Disabling satellite repo because it is no longer needed"
        subscription-manager repos --disable ${satellite_repo}
        ;;
    disable)
--- a/elements/rhel-common/pre-install.d/00-rhel-registration
+++ b/elements/rhel-common/pre-install.d/00-rhel-registration
@ -1,8 +1,9 @@
 #!/bin/bash

-if [ "${DIB_DEBUG_TRACE:-1}" -gt 0 ]; then
-    set -x
-fi
+# This script deals quite a bit with passwords, which we don't ever want
+# included in trace output
+# dib-lint: disable=dibdebugtrace
+
 set -eu
 set -o pipefail

@ -85,19 +86,31 @@ if [ -n "${REG_TYPE:-}" ]; then
    opts="$opts --type=$REG_TYPE"
 fi

+sanitized_opts=$(echo "$opts" | sed 's/--password \([^ ]*\)/--password ***/g')
+sanitized_opts=$(echo "$sanitized_opts" | sed 's/--activationkey=\([^ ]*\)/--activationkey=***/g')
+
 case "${REG_METHOD:-}" in
    portal)
+        echo "Registering with options: $sanitized_opts"
        subscription-manager register $opts
        if [ -z "${REG_AUTO_ATTACH:-}" ]; then
+            echo "Attaching with options: $attach_opts"
            subscription-manager attach $attach_opts
        fi
+        echo "Enabling repos: $repos"
        subscription-manager $repos
        ;;
    satellite)
+        # Save an unmodified copy of the repo list for logging
+        user_repos=$repos
        repos="$repos --enable ${satellite_repo}"
+        echo "Installing satellite dependencies"
        rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true
+        echo "Registering with options: $sanitized_opts"
        subscription-manager register $opts
+        echo "Enabling repos: $user_repos"
        subscription-manager $repos
+        echo "Disabling satellite repo because it is no longer needed"
        subscription-manager repos --disable ${satellite_repo}
        ;;
    disable)