Skip to content

Commit

Permalink
Use Debug flag in aws scripts (gravitational#15407)
Browse files Browse the repository at this point in the history 
Wrap set -x with DEBUG check to prevent inadvertently logging secrets, such as join tokens held in the /etc/teleport.d/conf.
  • Loading branch information
@Joerger
Joerger authored Aug 11, 2022
1 parent b368c98 commit 66a428b
Show file tree
Hide file tree
Showing 7 changed files with 22 additions and 8 deletions.
4 changes: 3 additions & 1 deletion assets/aws/files/bin/teleport-all-pre-start
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/bin/bash
# This script prepares a Letsencrypt certificate before all-in-one Teleport starts for the first time (if needed)
set -e
set -x
if [[ "${DEBUG}" == "true" ]]; then
set -x
fi

# Source variables from user-data (if present)
if [ -f /etc/teleport.d/conf ]; then
Expand Down
5 changes: 3 additions & 2 deletions assets/aws/files/bin/teleport-check-cert
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

# This script is called hourly to check if the certificate
# has been renewed on S3 and if it has been renewed, restart teleport proxies

set -x
if [[ "${DEBUG}" == "true" ]]; then
set -x
fi

# Source variables from user-data
. /etc/teleport.d/conf
Expand Down
4 changes: 3 additions & 1 deletion assets/aws/files/bin/teleport-get-cert
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@
# to prove to letsencrypt that they own the domain.

set -e
set -x
if [[ "${DEBUG}" == "true" ]]; then
set -x
fi

# Source variables from user-data
. /etc/teleport.d/conf
Expand Down
5 changes: 4 additions & 1 deletion assets/aws/files/bin/teleport-lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,11 @@
# Locking service makes sure that there is only one auth server performing certain action,
# for example renewing or getting letsencrypt certificates

set -x
set -e
if [[ "${DEBUG}" == "true" ]]; then
set -x
fi


# Source variables from user-data
. /etc/teleport.d/conf
Expand Down
4 changes: 3 additions & 1 deletion assets/aws/files/bin/teleport-renew-cert
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@
# needs renewal, and renews the cert after that

set -e
set -x
if [[ "${DEBUG}" == "true" ]]; then
set -x
fi

# Source variables from user-data
. /etc/teleport.d/conf
Expand Down
4 changes: 3 additions & 1 deletion assets/aws/files/bin/teleport-upload-cert
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@
# This script is called to upload renewed cert
# to the S3 bucket
set -e
set -x
if [[ "${DEBUG}" == "true" ]]; then
set -x
fi

# Source variables from user-data
. /etc/teleport.d/conf
Expand Down
4 changes: 3 additions & 1 deletion assets/aws/files/install.sh
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
#!/bin/bash
set -x
if [[ "${DEBUG}" == "true" ]]; then
set -x
fi

# Update packages
yum -y update
Expand Down

0 comments on commit 66a428b

Please sign in to comment.