#
set -eu
+set -o pipefail
# The parameter file
declare CONFIG_FILE=local.params
# and then clone a regular repository (with a checkout)
# from that.
- ssh $DEPLOY_USER@$NODE git init --bare ${GITTARGET}.git
+ ssh $DEPLOY_USER@$NODE git init --bare --shared=0600 ${GITTARGET}.git
if ! git remote add $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git ; then
git remote set-url $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git
fi
git push $NODE $BRANCH
- ssh $DEPLOY_USER@$NODE git clone ${GITTARGET}.git ${GITTARGET}
+ ssh $DEPLOY_USER@$NODE "umask 0077 && git clone ${GITTARGET}.git ${GITTARGET}"
fi
# The update case.
logfile=deploy-${NODE}-$(date -Iseconds).log
if [[ "$NODE" = localhost ]] ; then
- SUDO=''
+ SUDO=''
if [[ $(whoami) != 'root' ]] ; then
SUDO=sudo
fi
fi
echo "Initializing $SETUPDIR"
- git init $SETUPDIR
+ git init --shared=0600 $SETUPDIR
cp -r *.sh tests $SETUPDIR
cp local.params.example.$PARAMS $SETUPDIR/${CONFIG_FILE}
logfile=terraform-$(date -Iseconds).log
(cd terraform/vpc && terraform apply) 2>&1 | tee -a $logfile
(cd terraform/data-storage && terraform apply) 2>&1 | tee -a $logfile
- (cd terraform/services && terraform apply) 2>&1 | tee -a $logfile
+ (cd terraform/services && terraform apply) 2>&1 | grep -v letsencrypt_iam_secret_access_key | tee -a $logfile
+ (cd terraform/services && echo -n 'letsencrypt_iam_secret_access_key = ' && terraform output letsencrypt_iam_secret_access_key) 2>&1 | tee -a $logfile
;;
generate-tokens)
projects / arvados.git / blobdiff