Bugfix/22915 limit databag encrypted way

resources/bin/rb_configure_leader.sh

@@ -122,13 +122,14 @@ function configure_dataBags(){
   HASH_FUNCTION="SHA256"
 
   ## Data bags ##
+  mkdir -p /var/chef/data/data_bag_encrypted/passwords/
   mkdir -p /var/chef/data/data_bag/passwords/
   mkdir -p /var/chef/data/data_bag/rBglobal/
   mkdir -p /var/chef/data/data_bag/certs/
   mkdir -p /var/chef/data/data_bag/backend/
 
   ## DB opscode (chef) passwords
-  cat > /var/chef/data/data_bag/passwords/db_opscode_chef.json <<-_RBEOF_
+  cat > /var/chef/data/data_bag_encrypted/passwords/db_opscode_chef.json <<-_RBEOF_
 {
   "id": "db_opscode_chef",
   "username": "opscode_chef",
@@ -188,7 +189,6 @@ _RBEOF_
 }
 _RBEOF_
 
-  mkdir -p /var/chef/data/data_bag_encrypted/passwords/
   cat > /var/chef/data/data_bag_encrypted/passwords/vrrp.json <<-_RBEOF_
 {
   "id": "vrrp",
@@ -199,7 +199,7 @@ _RBEOF_
 _RBEOF_
 
   # DB druid passwords
-  cat > /var/chef/data/data_bag/passwords/db_druid.json <<-_RBEOF_
+  cat > /var/chef/data/data_bag_encrypted/passwords/db_druid.json <<-_RBEOF_
 {
   "id": "db_druid",
   "username": "druid",
@@ -211,7 +211,7 @@ _RBEOF_
 _RBEOF_
 
   # DB redborder passwords
-  cat > /var/chef/data/data_bag/passwords/db_redborder.json <<-_RBEOF_
+  cat > /var/chef/data/data_bag_encrypted/passwords/db_redborder.json <<-_RBEOF_
 {
   "id": "db_redborder",
   "username": "redborder",
@@ -223,7 +223,7 @@ _RBEOF_
 _RBEOF_
 
   # DB radius passwords
-  cat > /var/chef/data/data_bag/passwords/db_radius.json <<- _RBEOF2_
+  cat > /var/chef/data/data_bag_encrypted/passwords/db_radius.json <<- _RBEOF2_
 {
   "id": "db_radius",
   "username": "radius",
@@ -235,7 +235,7 @@ _RBEOF_
 _RBEOF2_
 
   # Vault passwords
-  cat > /var/chef/data/data_bag/passwords/vault.json <<-_RBEOF_
+  cat > /var/chef/data/data_bag_encrypted/passwords/vault.json <<-_RBEOF_
 {
   "id": "vault",
   "hash_key": "$HASH_KEY",
@@ -276,7 +276,7 @@ _RBEOF_
 
   #webui secret token
   WEBISECRET="`< /dev/urandom tr -dc A-Za-z0-9 | head -c128 | sed 's/ //g'`"
-  cat > /var/chef/data/data_bag/passwords/webui_secret.json <<-_RBEOF_
+  cat > /var/chef/data/data_bag_encrypted/passwords/webui_secret.json <<-_RBEOF_
 {
   "id": "webui_secret",
   "secret": "$WEBISECRET"
@@ -285,7 +285,7 @@ _RBEOF_
 
   #redis password token
   REDIS_SECRET="`< /dev/urandom tr -dc A-Za-z0-9 | head -c128 | sed 's/ //g'`"
-  cat > /var/chef/data/data_bag/passwords/redis.json <<-_RBEOF_
+  cat > /var/chef/data/data_bag_encrypted/passwords/redis.json <<-_RBEOF_
 {
   "id": "redis",
   "pass": "$REDIS_SECRET"
@@ -295,7 +295,7 @@ _RBEOF_
   #airflow password token
   AIRFLOW_USER="airflow"
   AIRFLOW_SECRET="`< /dev/urandom tr -dc A-Za-z0-9 | head -c32 | sed 's/ //g'`"
-  cat > /var/chef/data/data_bag/passwords/db_airflow.json <<-_RBEOF_
+  cat > /var/chef/data/data_bag_encrypted/passwords/db_airflow.json <<-_RBEOF_
 {
   "id": "db_airflow",
   "user": "$AIRFLOW_USER",

resources/bin/rb_create_rsa.sh

@@ -41,11 +41,11 @@ if [ "x$OVR" == "xy" -o "x$OVR" == "xY" ]; then
  \"public_rsa\": \"`cat /var/www/rb-rails/config/rsa.pub`\"
 }" > $JSON
 
-  knife data bag from file passwords $JSON
+  knife data bag from file rBglobal $JSON
   rm -f $JSON
   echo "Checking NEW ssh rsa databag: "
 
-  knife data bag show passwords ssh
+  knife data bag show rBglobal ssh
   if [ $? -eq 0 ]; then
     UPLOAD=1
   fi