[arvados] updated: 2.7.0-6548-gc0c47d7650

git repository hosting git at public.arvados.org
Mon May 13 19:14:12 UTC 2024 

Summary of changes:
 tools/salt-install/installer.sh | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

       via  c0c47d765087ade9cfe749bb4afc29c7c64892de (commit)
      from  ef4f350438ec7465b5fd71aeda834c2a707b80b3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit c0c47d765087ade9cfe749bb4afc29c7c64892de
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date:   Mon May 13 16:12:43 2024 -0300

    21678: Improves credentials passing even further.
    
    By using a here-doc, the token doesn't get leaked on any of the process lists.
    This also has the advantage of not needing any config file management.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>

diff --git a/tools/salt-install/installer.sh b/tools/salt-install/installer.sh
index 9930fd7708..e97917d333 100755
--- a/tools/salt-install/installer.sh
+++ b/tools/salt-install/installer.sh
@@ -465,19 +465,13 @@ diagnostics-internal)
   declare TESTNODE=$(echo ${ROLE2NODES['shell']} | cut -d\, -f1)
   declare SSH=$(ssh_cmd "$TESTNODE")
 
-  # Set up credentials
-  declare CONFFILE=$(mktemp)
-  trap 'rm "$CONFFILE"' EXIT INT TERM QUIT
-  {
-    echo "ARVADOS_API_HOST=$ARVADOS_API_HOST"
-    echo "ARVADOS_API_TOKEN=$ARVADOS_API_TOKEN"
-  } > $CONFFILE
-  $SSH $DEPLOY_USER@$TESTNODE "sudo bash -c 'mkdir -m 0700 -p ~/.config/arvados'"
-  cat $CONFFILE | $SSH $DEPLOY_USER@$TESTNODE "sudo bash -c 'cat > ~/.config/arvados/settings.conf'"
-
   # Run diagnostics
   echo "Running diagnostics in $TESTNODE..."
-  $SSH $DEPLOY_USER@$TESTNODE "sudo arvados-client diagnostics -internal-client"
+  $SSH $DEPLOY_USER@$TESTNODE bash <<EOF
+  export ARVADOS_API_HOST="${DOMAIN}:${CONTROLLER_EXT_SSL_PORT}" 
+  export ARVADOS_API_TOKEN="$SYSTEM_ROOT_TOKEN" 
+  sudo --preserve-env=ARVADOS_API_HOST,ARVADOS_API_TOKEN arvados-client diagnostics -internal-client
+EOF
 
   ;;
 

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list