@@ -5,18 +5,21 @@ subscription_manager_register() {
55 local -r vmname=" $1 "
66
77 if [ -f /tmp/subscription-manager-org ]; then
8- # CI workflow
9- local -r sub_script=$( mktemp /tmp/sub.XXXXXX)
10- cat << EOF > "${sub_script} "
8+ # CI workflow.
9+ # Create a subscription manager registration script which will run elevated.
10+ # This is a workaround to avoid sudo logging its command line containing
11+ # secrets in the system logs.
12+ local -r sub_script=$( mktemp /tmp/submgr_script.XXXXXXXX.sh)
13+ cat > " ${sub_script} " << 'EOF '
1114#!/bin/bash
12- set -xeuo pipefail
15+ set -euo pipefail
1316
14- if ! sudo subscription-manager status; then
15- for try in \ $
16- echo "Trying to register the system: attempt #\ $
17- if sudo subscription-manager register --force \
18- --org="\ $\
19- --activationkey="\ $
17+ if ! subscription-manager status; then
18+ for try in $(seq 3) ; do
19+ echo "Trying to register the system: attempt #${try}"
20+ if subscription-manager register --force \
21+ --org="$(cat /tmp/subscription-manager-org)" \
22+ --activationkey="$(cat /tmp/subscription-manager-act-key)"; then
2023 exit 0
2124 fi
2225 sleep 5
2932 copy_file_to_vm " ${vmname} " " ${sub_script} " " ${sub_script} "
3033 copy_file_to_vm " ${vmname} "
3134 copy_file_to_vm " ${vmname} "
32- run_command_on_vm " ${vmname} " " chmod +x ${sub_script} && sudo ${sub_script} "
35+ run_command_on_vm " ${vmname} " " chmod 600 /tmp/subscription-manager-org /tmp/subscription-manager-act-key"
36+ run_command_on_vm " ${vmname} " " chmod 700 ${sub_script} && sudo ${sub_script} "
3337 else
3438 # Local developer workflow
3539 run_command_on_vm " ${vmname} " " sudo subscription-manager register"
![openshift-merge-bot[bot]](https://avatars.githubusercontent.com/in/412865?v=4&size=40){kind=avatar}
0 commit comments