diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh index 1aa1622b3..09acbf292 100755 --- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh +++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh @@ -17,6 +17,12 @@ if [[ -n "$AWS_ACCOUNT_IMAGE_BUILDER_ARN" ]]; then [default] aws_access_key_id = "$ACCESS_KEY_ID" aws_secret_access_key = "$SECRET_ACCESS_KEY" +EOF + + sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF +[aws] +credentials = "${WORKER_CONFIG_AWS_CREDENTIALS:-}" +bucket = "${WORKER_CONFIG_AWS_BUCKET:-}" EOF fi diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh index 2da8606d2..c2bfbf750 100755 --- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh +++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh @@ -16,3 +16,8 @@ sudo tee /etc/osbuild-worker/azure_credentials.toml > /dev/null << EOF client_id = "$CLIENT_ID" client_secret = "$CLIENT_SECRET" EOF + +sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF +[azure] +credentials = "/etc/osbuild-worker/azure_credentials.toml" +EOF diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh index 16cfd8177..1ea58ba20 100755 --- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh +++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh @@ -8,3 +8,9 @@ echo "Deploy GCP credentials." /usr/local/bin/aws secretsmanager get-secret-value \ --endpoint-url "${SECRETS_MANAGER_ENDPOINT_URL}" \ --secret-id "${GCP_SERVICE_ACCOUNT_IMAGE_BUILDER_ARN}" | jq -r ".SecretString" > /etc/osbuild-worker/gcp_credentials.json + + +sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF +[gcp] +credentials = "/etc/osbuild-worker/gcp_credentials.json" +EOF diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/offline_token.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/offline_token.sh index 9e203b640..ba6e5a470 100755 --- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/offline_token.sh +++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/offline_token.sh @@ -11,3 +11,9 @@ echo "Writing offline token." jq -r ".offline_token" /tmp/offline-token.json > /etc/osbuild-worker/offline-token rm -f /tmp/offline-token.json + +sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF +[authentication] +oauth_url = "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token" +offline_token = "/etc/osbuild-worker/offline-token" +EOF diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/worker_service.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/worker_service.sh index 7ab6eab54..863eb439d 100755 --- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/worker_service.sh +++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/worker_service.sh @@ -2,20 +2,7 @@ set -euo pipefail source /tmp/cloud_init_vars -echo "Setting up worker services." - -sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF -[authentication] -oauth_url = "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token" -offline_token = "/etc/osbuild-worker/offline-token" -[gcp] -credentials = "/etc/osbuild-worker/gcp_credentials.json" -[azure] -credentials = "/etc/osbuild-worker/azure_credentials.toml" -[aws] -credentials = "${WORKER_CONFIG_AWS_CREDENTIALS:-}" -bucket = "${WORKER_CONFIG_AWS_BUCKET:-}" -EOF +echo "Starting worker service and monit." # Prepare osbuild-composer's remote worker services and sockets. systemctl enable --now "osbuild-remote-worker@${COMPOSER_HOST}:${COMPOSER_PORT}"