summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2015-03-06 23:07:58 +0100
committerLeif Johansson <leifj@sunet.se>2015-03-06 23:07:58 +0100
commitc04894515146e2e762d25abcff275c0d03dfe0c6 (patch)
tree3a6c85908c18fdd605d9a1da75cef6005732033b
parentbc70832f4c33a458f2e913af702823539b2da7a1 (diff)
fix & simplify edit-secretsmultiverse
-rwxr-xr-xedit-secrets21
1 files changed, 4 insertions, 17 deletions
diff --git a/edit-secrets b/edit-secrets
index 08ec257..742321f 100755
--- a/edit-secrets
+++ b/edit-secrets
@@ -32,19 +32,13 @@ if [ "x$1" != "x-l" ]; then
trap "rm -f $TMPFILE $TMPFILE2" EXIT
- ssh -t $host /var/cache/cosmos/repo/edit-secrets -l
- scp -q $host:$LAST_OUTPUT_FILENAME $TMPFILE
+ ssh -t root@$host /var/cache/cosmos/repo/edit-secrets -l
+ scp -q root@$host:$LAST_OUTPUT_FILENAME $TMPFILE
if grep ^"STATUS=UPDATED" $TMPFILE > /dev/null; then
# extract the path of the file that should be updated in the Cosmos repo
- save_to=$(grep ^"SAVE_TO=" $TMPFILE | cut -d = -f 2-)
- if [ ! -f $save_to ]; then
- echo "$0: Output file $save_to doesn't exist"
- echo " (leaving output in $TMPFILE)"
- rm $TMPFILE2
- trap EXIT # clear trap command to preserve $TMPFILE
- exit 1
- fi
+ save_to="${host}/overlay/etc/hiera/data/secrets.yaml.asc"
+ mkdir -p "`dirname $save_to`"
# extract the GPG output
perl -e '$a = 0; while (<>) { $a = 1 if ($_ =~ /-+BEGIN PGP MESSAGE-+/);
print $_ if $a; $a = 0 if ($_ =~ /-+END PGP MESSAGE-+/); }' < $TMPFILE > $TMPFILE2
@@ -132,17 +126,10 @@ else
# figure out this hosts gpg key id
recipient=$($GPG --list-secret-key | grep ^sec | head -1 | awk '{print $2}' | cut -d / -f 2)
- save_to="`hostname --fqdn`/overlay${SECRETFILE}"
echo ""
(
echo "STATUS=UPDATED"
- echo "SAVE_TO=$save_to"
echo ""
) > $LAST_OUTPUT_FILENAME
$GPG --output - --armor --recipient $recipient --sign --encrypt $TMPFILE >> $LAST_OUTPUT_FILENAME
- echo ""
- echo "GPG output saved in $LAST_OUTPUT_FILENAME - save it in Cosmos as"
- echo ""
- echo " $save_to"
- echo ""
fi