templates/packer: configure pulp creds on startup

templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_pulp_creds.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+set -eo pipefail
+source /tmp/cloud_init_vars
+
+echo "Deploy Pulp credentials."
+
+if [[ -z "$PULP_PASSWORD_ARN" ]]; then
+  echo "PULP_PASSWORD_ARN not defined, skipping."
+  exit 0
+fi
+
+/usr/local/bin/aws secretsmanager get-secret-value \
+  --endpoint-url "${SECRETS_MANAGER_ENDPOINT_URL}" \
+  --secret-id "${PULP_PASSWORD_ARN}" | jq -r ".SecretString" > /tmp/pulp_credentials.json
+
+PULP_PASSWORD=$(jq -r ".password" /tmp/pulp_credentials.json)
+rm /tmp/pulp_credentials.json
+
+PULP_USERNAME=${PULP_USERNAME:-admin}
+PULP_SERVER=${PULP_SERVER:-}
+
+sudo tee /etc/osbuild-worker/pulp_credentials.json > /dev/null << EOF
+{
+  "username": "$PULP_USERNAME",
+  "password": "$PULP_PASSWORD"
+}
+EOF
+
+sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
+[pulp]
+server_address = "$PULP_SERVER"
+credentials = "/etc/osbuild-worker/pulp_credentials.json"
+EOF

templates/packer/ansible/roles/common/files/worker-initialization.service

@@ -17,6 +17,7 @@ ExecStart=/usr/local/libexec/worker-initialization-scripts/get_azure_creds.sh
 ExecStart=/usr/local/libexec/worker-initialization-scripts/get_gcp_creds.sh
 ExecStart=/usr/local/libexec/worker-initialization-scripts/get_koji_creds.sh
 ExecStart=/usr/local/libexec/worker-initialization-scripts/get_oci_creds.sh
+ExecStart=/usr/local/libexec/worker-initialization-scripts/get_pulp_creds.sh
 ExecStart=/usr/local/libexec/worker-initialization-scripts/worker_service.sh
 
 [Install]