From d51530ea09ef34b1b62fdafe649449887cc4316c Mon Sep 17 00:00:00 2001 From: Kevin O'Gorman Date: Sun, 7 Jul 2019 06:28:07 -0700 Subject: [PATCH] Updated logs playbook to clean up unencrypted tarballs --- admin/securedrop_admin/__init__.py | 6 +++-- .../ansible-base/securedrop-logs.yml | 22 ++++++++++++++----- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/admin/securedrop_admin/__init__.py b/admin/securedrop_admin/__init__.py index d0e333039b..32c11d7046 100755 --- a/admin/securedrop_admin/__init__.py +++ b/admin/securedrop_admin/__init__.py @@ -41,6 +41,8 @@ sdlog = logging.getLogger(__name__) RELEASE_KEY = '22245C81E3BAEB4138B36061310F561200F4AD77' DEFAULT_KEYSERVER = 'hkps://keys.openpgp.org' +SUPPORT_ONION_URL = 'http://support6kv2242qx.onion' +SUPPORT_URL = 'https://support.freedom.press' EXIT_SUCCESS = 0 EXIT_SUBPROCESS_ERROR = 1 EXIT_INTERRUPT = 2 @@ -741,8 +743,8 @@ def get_logs(args): os.path.join(args.ansible_path, 'securedrop-logs.yml'), ] subprocess.check_call(ansible_cmd, cwd=args.ansible_path) - sdlog.info("Encrypt logs and send to securedrop@freedom.press or upload " - "to the SecureDrop support portal.") + sdlog.info("Please send the encrypted logs to securedrop@freedom.press or " + "upload them to the SecureDrop support portal: " + SUPPORT_URL) return 0 diff --git a/install_files/ansible-base/securedrop-logs.yml b/install_files/ansible-base/securedrop-logs.yml index 5089fcbbf5..ffa41c0c24 100644 --- a/install_files/ansible-base/securedrop-logs.yml +++ b/install_files/ansible-base/securedrop-logs.yml @@ -65,6 +65,16 @@ src: "{{ log_tarball_filename }}" dest: "{{ playbook_dir }}/{{ log_tarball_filename }}" + - name: Delete tarball from server admin home directory. + file: + path: "{{ log_tarball_filename }}" + state: absent + + - name: Clean directory for generated logs to save disk space + file: + path: /tmp/generated-logs + state: absent + - name: Fetch FPF GPG key. become: no local_action: >- @@ -86,12 +96,14 @@ environment: GNUPG_HOME: /home/amensia/.gnupg + - name: Delete local unencrypted log tarballs. + become: no + local_action: + module: file + path: "{{ log_tarball_filename }}" + state: absent + - name: Display filenames of local log tarballs. debug: msg: >- Logs copied successfully, find them at {{ (playbook_dir +'/'+ log_tarball_filename )|realpath }}.gpg . - - - name: Clean directory for generated logs to save disk space - file: - path: /tmp/generated-logs - state: absent