diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_pulp_creds.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_pulp_creds.sh new file mode 100755 index 000000000..4635e042c --- /dev/null +++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_pulp_creds.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -eo pipefail +source /tmp/cloud_init_vars + +echo "Deploy Pulp credentials." + +if [[ -z "$PULP_PASSWORD_ARN" ]]; then + echo "PULP_PASSWORD_ARN not defined, skipping." + exit 0 +fi + +/usr/local/bin/aws secretsmanager get-secret-value \ + --endpoint-url "${SECRETS_MANAGER_ENDPOINT_URL}" \ + --secret-id "${PULP_PASSWORD_ARN}" | jq -r ".SecretString" > /tmp/pulp_credentials.json + +PULP_PASSWORD=$(jq -r ".password" /tmp/pulp_credentials.json) +rm /tmp/pulp_credentials.json + +PULP_USERNAME=${PULP_USERNAME:-admin} +PULP_SERVER=${PULP_SERVER:-} + +sudo tee /etc/osbuild-worker/pulp_credentials.json > /dev/null << EOF +{ + "username": "$PULP_USERNAME", + "password": "$PULP_PASSWORD" +} +EOF + +sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF +[pulp] +server_address = "$PULP_SERVER" +credentials = "/etc/osbuild-worker/pulp_credentials.json" +EOF diff --git a/templates/packer/ansible/roles/common/files/worker-initialization.service b/templates/packer/ansible/roles/common/files/worker-initialization.service index ace2e4706..528762f7c 100644 --- a/templates/packer/ansible/roles/common/files/worker-initialization.service +++ b/templates/packer/ansible/roles/common/files/worker-initialization.service @@ -17,6 +17,7 @@ ExecStart=/usr/local/libexec/worker-initialization-scripts/get_azure_creds.sh ExecStart=/usr/local/libexec/worker-initialization-scripts/get_gcp_creds.sh ExecStart=/usr/local/libexec/worker-initialization-scripts/get_koji_creds.sh ExecStart=/usr/local/libexec/worker-initialization-scripts/get_oci_creds.sh +ExecStart=/usr/local/libexec/worker-initialization-scripts/get_pulp_creds.sh ExecStart=/usr/local/libexec/worker-initialization-scripts/worker_service.sh [Install]