packer: remove config tinkering from worker_service.sh

Let's set each cloud section of the config in the respective cloud script. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
2022-03-11 10:31:43 +01:00 · 2022-03-11 10:31:43 +01:00 · 4c0ba50ea1
commit 4c0ba50ea1
parent 2813507ac9
5 changed files with 24 additions and 14 deletions
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_aws_creds.sh
@ -17,6 +17,12 @@ if [[ -n "$AWS_ACCOUNT_IMAGE_BUILDER_ARN" ]]; then
 [default]
 aws_access_key_id = "$ACCESS_KEY_ID"
 aws_secret_access_key = "$SECRET_ACCESS_KEY"
+EOF
+
+  sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
+[aws]
+credentials = "${WORKER_CONFIG_AWS_CREDENTIALS:-}"
+bucket = "${WORKER_CONFIG_AWS_BUCKET:-}"
 EOF

 fi
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_azure_creds.sh
@ -16,3 +16,8 @@ sudo tee /etc/osbuild-worker/azure_credentials.toml > /dev/null << EOF
 client_id =     "$CLIENT_ID"
 client_secret = "$CLIENT_SECRET"
 EOF
+
+sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
+[azure]
+credentials = "/etc/osbuild-worker/azure_credentials.toml"
+EOF
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/get_gcp_creds.sh
@ -8,3 +8,9 @@ echo "Deploy GCP credentials."
 /usr/local/bin/aws secretsmanager get-secret-value \
  --endpoint-url "${SECRETS_MANAGER_ENDPOINT_URL}" \
  --secret-id "${GCP_SERVICE_ACCOUNT_IMAGE_BUILDER_ARN}" | jq -r ".SecretString" > /etc/osbuild-worker/gcp_credentials.json
+
+
+sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
+[gcp]
+credentials = "/etc/osbuild-worker/gcp_credentials.json"
+EOF
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/offline_token.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/offline_token.sh
@ -11,3 +11,9 @@ echo "Writing offline token."

 jq -r ".offline_token" /tmp/offline-token.json > /etc/osbuild-worker/offline-token
 rm -f /tmp/offline-token.json
+
+sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
+[authentication]
+oauth_url = "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token"
+offline_token = "/etc/osbuild-worker/offline-token"
+EOF
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/worker_service.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/worker_service.sh
@ -2,20 +2,7 @@
 set -euo pipefail
 source /tmp/cloud_init_vars

-echo "Setting up worker services."
-
-sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
-[authentication]
-oauth_url = "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token"
-offline_token = "/etc/osbuild-worker/offline-token"
-[gcp]
-credentials = "/etc/osbuild-worker/gcp_credentials.json"
-[azure]
-credentials = "/etc/osbuild-worker/azure_credentials.toml"
-[aws]
-credentials = "${WORKER_CONFIG_AWS_CREDENTIALS:-}"
-bucket = "${WORKER_CONFIG_AWS_BUCKET:-}"
-EOF
+echo "Starting worker service and monit."

 # Prepare osbuild-composer's remote worker services and sockets.
 systemctl enable --now "osbuild-remote-worker@${COMPOSER_HOST}:${COMPOSER_PORT}"