X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/87c0aff0cdbaf9b0779bb253fa707dfba1bfebb9..284f37a08fcdff15012b9f731000c57c1d7c56f1:/tools/salt-install/installer.sh diff --git a/tools/salt-install/installer.sh b/tools/salt-install/installer.sh index 5f6e7a0381..21f36faace 100755 --- a/tools/salt-install/installer.sh +++ b/tools/salt-install/installer.sh @@ -14,6 +14,7 @@ # set -eu +set -o pipefail # The parameter file declare CONFIG_FILE=local.params @@ -72,12 +73,12 @@ sync() { # and then clone a regular repository (with a checkout) # from that. - ssh $DEPLOY_USER@$NODE git init --bare ${GITTARGET}.git + ssh $DEPLOY_USER@$NODE git init --bare --shared=0600 ${GITTARGET}.git if ! git remote add $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git ; then git remote set-url $NODE $DEPLOY_USER@$NODE:${GITTARGET}.git fi git push $NODE $BRANCH - ssh $DEPLOY_USER@$NODE git clone ${GITTARGET}.git ${GITTARGET} + ssh $DEPLOY_USER@$NODE "umask 0077 && git clone ${GITTARGET}.git ${GITTARGET}" fi # The update case. @@ -107,7 +108,7 @@ deploynode() { logfile=deploy-${NODE}-$(date -Iseconds).log if [[ "$NODE" = localhost ]] ; then - SUDO='' + SUDO='' if [[ $(whoami) != 'root' ]] ; then SUDO=sudo fi @@ -171,7 +172,7 @@ case "$subcmd" in fi echo "Initializing $SETUPDIR" - git init $SETUPDIR + git init --shared=0600 $SETUPDIR cp -r *.sh tests $SETUPDIR cp local.params.example.$PARAMS $SETUPDIR/${CONFIG_FILE} @@ -204,7 +205,8 @@ case "$subcmd" in logfile=terraform-$(date -Iseconds).log (cd terraform/vpc && terraform apply) 2>&1 | tee -a $logfile (cd terraform/data-storage && terraform apply) 2>&1 | tee -a $logfile - (cd terraform/services && terraform apply) 2>&1 | tee -a $logfile + (cd terraform/services && terraform apply) 2>&1 | grep -v letsencrypt_iam_secret_access_key | tee -a $logfile + (cd terraform/services && echo -n 'letsencrypt_iam_secret_access_key = ' && terraform output letsencrypt_iam_secret_access_key) 2>&1 | tee -a $logfile ;; generate-tokens)