Use data/containers/storage for image/secret

app/models/opentofu_worker.rb

@@ -62,11 +62,11 @@ def unit_environment_variables
   end
 
   def create_podman_secret
-    return if AwesomeSpawn.run("runuser", :params => %w[secret exists opentofu-runner-secret]).success?
+    return if AwesomeSpawn.run("runuser", :params => [[:login, "manageiq"], [:command, "podman secret exists --root=#{Rails.root.join("data/containers/storage")} opentofu-runner-secret"]]).success?
 
     database_password = ActiveRecord::Base.connection_db_config.configuration_hash[:password]
     secret = {"DATABASE_PASSWORD" => database_password}
 
-    AwesomeSpawn.run!("runuser", :params => [[:login, "manageiq"], [:command, "podman secret create opentofu-runner-secret -"]], :in_data => secret.to_json)
+    AwesomeSpawn.run!("runuser", :params => [[:login, "manageiq"], [:command, "podman secret create --root=#{Rails.root.join("data/containers/storage")} opentofu-runner-secret -"]], :in_data => secret.to_json)
   end
 end

systemd/opentofu-runner.service

@@ -6,7 +6,7 @@ WantedBy=opentofu-runner.target
 User=manageiq
 Group=manageiq
 ExecStartPre=/bin/rm -f /tmp/%n.cid
-ExecStart=/usr/bin/podman run --conmon-pidfile %T/%N.pid --cidfile %T/%N.cid --cgroup-manager=cgroupfs --cgroups=no-conmon --log-driver=journald --name=opentofu-runner --secret=opentofu-runner-secret docker.io/agrare/opentofu-runner:latest
+ExecStart=/usr/bin/podman run --conmon-pidfile %T/%N.pid --cidfile %T/%N.cid --cgroup-manager=cgroupfs --cgroups=no-conmon --log-driver=journald --name=opentofu-runner --secret=opentofu-runner-secret --root=/var/www/miq/vmdb/data/containers/storage docker.io/agrare/opentofu-runner:latest
 ExecStop=/usr/bin/podman stop --ignore -t 30 --cidfile %T/%N.cid --cgroup-manager=cgroupfs
 ExecStopPost=/usr/bin/podman rm --ignore --cidfile %T/%N.cid --cgroup-manager=cgroupfs
 ExecStopPost=/usr/bin/rm -f %T/%N.pid %T/%N.cid