particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

templates/packer: configure oracle cloud credentials on startup

Browse source
This commit is contained in:
Sanne Raymaekers 2023-09-20 13:12:57 +02:00
parent 9e39080d00
commit 0dc1a01077
2 changed files with 44 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

43
templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_oci_creds.sh Executable file
View file

@ -0,0 +1,43 @@
#!/bin/bash
set -eo pipefail
source /tmp/cloud_init_vars
echo "Deploy OCI credentials."
if [[ -z "$OCI_ACCOUNT_IMAGE_BUILDER_ARN" ]]; then
echo "OCI_ACCOUNT_IMAGE_BUILDER_ARN not defined, skipping."
exit 0
fi
/usr/local/bin/aws secretsmanager get-secret-value \
--endpoint-url "${SECRETS_MANAGER_ENDPOINT_URL}" \
--secret-id "${OCI_ACCOUNT_IMAGE_BUILDER_ARN}" | jq -r ".SecretString" > /tmp/oci_credentials.json
USER=$(jq -r ".user" /tmp/oci_credentials.json)
TENANCY=$(jq -r ".tenancy" /tmp/oci_credentials.json)
REGION=$(jq -r ".region" /tmp/oci_credentials.json)
FINGERPRINT=$(jq -r ".fingerprint" /tmp/oci_credentials.json)
NAMESPACE=$(jq -r ".namespace" /tmp/oci_credentials.json)
BUCKET_NAME=$(jq -r ".bucket" /tmp/oci_credentials.json)
COMPARTMENT=$(jq -r ".compartment" /tmp/oci_credentials.json)
PRIV_KEY_DATA=$(jq -r ".priv_key_data" /tmp/oci_credentials.json)
rm /tmp/oci_credentials.json
sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
[oci]
credentials = "/etc/osbuild-worker/oci-credentials.toml"
EOF
sudo tee /etc/osbuild-worker/oci-credentials.toml > /dev/null << EOF
user = "$USER"
tenancy = "$TENANCY"
region = "$REGION"
fingerprint = "$FINGERPRINT"
namespace = "$NAMESPACE"
bucket = "$BUCKET_NAME"
compartment = "$COMPARTMENT"
private_key = """
$PRIV_KEY_DATA
"""
EOF

1
templates/packer/ansible/roles/common/files/worker-initialization.service
View file

@ -16,6 +16,7 @@ ExecStart=/usr/local/libexec/worker-initialization-scripts/get_aws_creds.sh
ExecStart=/usr/local/libexec/worker-initialization-scripts/get_azure_creds.sh
ExecStart=/usr/local/libexec/worker-initialization-scripts/get_gcp_creds.sh
ExecStart=/usr/local/libexec/worker-initialization-scripts/get_koji_creds.sh
ExecStart=/usr/local/libexec/worker-initialization-scripts/get_oci_creds.sh
ExecStart=/usr/local/libexec/worker-initialization-scripts/worker_service.sh
[Install]