diff options
author | Leif Johansson <leifj@sunet.se> | 2015-03-06 23:07:58 +0100 |
---|---|---|
committer | Leif Johansson <leifj@sunet.se> | 2015-03-06 23:07:58 +0100 |
commit | c04894515146e2e762d25abcff275c0d03dfe0c6 (patch) | |
tree | 3a6c85908c18fdd605d9a1da75cef6005732033b | |
parent | bc70832f4c33a458f2e913af702823539b2da7a1 (diff) |
fix & simplify edit-secretsmultiverse
-rwxr-xr-x | edit-secrets | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/edit-secrets b/edit-secrets index 08ec257..742321f 100755 --- a/edit-secrets +++ b/edit-secrets @@ -32,19 +32,13 @@ if [ "x$1" != "x-l" ]; then trap "rm -f $TMPFILE $TMPFILE2" EXIT - ssh -t $host /var/cache/cosmos/repo/edit-secrets -l - scp -q $host:$LAST_OUTPUT_FILENAME $TMPFILE + ssh -t root@$host /var/cache/cosmos/repo/edit-secrets -l + scp -q root@$host:$LAST_OUTPUT_FILENAME $TMPFILE if grep ^"STATUS=UPDATED" $TMPFILE > /dev/null; then # extract the path of the file that should be updated in the Cosmos repo - save_to=$(grep ^"SAVE_TO=" $TMPFILE | cut -d = -f 2-) - if [ ! -f $save_to ]; then - echo "$0: Output file $save_to doesn't exist" - echo " (leaving output in $TMPFILE)" - rm $TMPFILE2 - trap EXIT # clear trap command to preserve $TMPFILE - exit 1 - fi + save_to="${host}/overlay/etc/hiera/data/secrets.yaml.asc" + mkdir -p "`dirname $save_to`" # extract the GPG output perl -e '$a = 0; while (<>) { $a = 1 if ($_ =~ /-+BEGIN PGP MESSAGE-+/); print $_ if $a; $a = 0 if ($_ =~ /-+END PGP MESSAGE-+/); }' < $TMPFILE > $TMPFILE2 @@ -132,17 +126,10 @@ else # figure out this hosts gpg key id recipient=$($GPG --list-secret-key | grep ^sec | head -1 | awk '{print $2}' | cut -d / -f 2) - save_to="`hostname --fqdn`/overlay${SECRETFILE}" echo "" ( echo "STATUS=UPDATED" - echo "SAVE_TO=$save_to" echo "" ) > $LAST_OUTPUT_FILENAME $GPG --output - --armor --recipient $recipient --sign --encrypt $TMPFILE >> $LAST_OUTPUT_FILENAME - echo "" - echo "GPG output saved in $LAST_OUTPUT_FILENAME - save it in Cosmos as" - echo "" - echo " $save_to" - echo "" fi |