From 7e090b08948ec1d4e697f089aca98a3e6590aeda Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Nov 2020 16:23:34 -0500 Subject: [PATCH 1/2] dont echo salt minion config file to prevent mysql.pass from showing in sosetup.log --- setup/so-functions | 2 -- 1 file changed, 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 52d0435b8..c842c85b8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -430,8 +430,6 @@ configure_minion() { { systemctl restart salt-minion; - printf '%s\n' '----'; - cat "$minion_config"; } >> "$setup_log" 2>&1 } From 562a0165797ca13ad1bc0a8e9ef256f8400c07c8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 3 Nov 2020 10:23:56 -0500 Subject: [PATCH 2/2] remove more from sosetup.log --- setup/so-functions | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index c842c85b8..c1af97744 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1633,12 +1633,17 @@ salt_checkin() { done echo " Confirming existence of the CA certificate" - cat /etc/pki/ca.crt + openssl x509 -in /etc/pki/ca.crt -noout -subject -issuer -dates echo " Applyng a mine hack"; salt "$MINION_ID" mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt; salt "$MINION_ID" mine.update; - echo " Confirming salt mine now contain the certificate"; - salt "$MINION_ID" mine.get '*' x509.get_pem_entries; + echo "Confirming salt mine now contains the certificate"; + salt "$MINION_ID" mine.get '*' x509.get_pem_entries | grep -E 'BEGIN CERTIFICATE|END CERTIFICATE'; + if [ $? -eq 0 ]; then + echo "CA in mine" + else + echo "CA not in mine" + fi echo " Applying SSL state"; salt-call state.apply ssl; } >> "$setup_log" 2>&1