Skip to content

Commit

Permalink
Create podman secret as manageiq user
Browse files Browse the repository at this point in the history
  • Loading branch information
@agrare
agrare committed Apr 3, 2024
1 parent 3898967 commit 2889114
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions app/models/opentofu_worker.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,11 @@ def unit_environment_variables
end

def create_podman_secret
return if AwesomeSpawn.run("podman", :params => %w[secret exists opentofu-runner-secret]).success?
return if AwesomeSpawn.run("runuser", :params => %w[secret exists opentofu-runner-secret]).success?

database_password = ActiveRecord::Base.connection_db_config.configuration_hash[:password]
secret = {"DATABASE_PASSWORD" => database_password}

AwesomeSpawn.run!("podman", :params => %w[secret create opentofu-runner-secret -], :in_data => secret.to_json)
AwesomeSpawn.run!("runuser", :params => [[:login, "manageiq"], [:command, "podman secret create opentofu-runner-secret -"]], :in_data => secret.to_json)
end
end
2 changes: 1 addition & 1 deletion systemd/opentofu-runner.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ WantedBy=opentofu-runner.target
User=manageiq
Group=manageiq
ExecStartPre=/bin/rm -f /tmp/%n.cid
ExecStart=/usr/bin/podman run --conmon-pidfile %T/%N.pid --cidfile %T/%N.cid --cgroup-manager=cgroupfs --cgroups=no-conmon --log-driver=journald --name=opentofu-runner docker.io/agrare/sleep:latest
ExecStart=/usr/bin/podman run --conmon-pidfile %T/%N.pid --cidfile %T/%N.cid --cgroup-manager=cgroupfs --cgroups=no-conmon --log-driver=journald --name=opentofu-runner --secret=opentofu-runner-secret docker.io/agrare/sleep:latest
ExecStop=/usr/bin/podman stop --ignore -t 30 --cidfile %T/%N.cid --cgroup-manager=cgroupfs
ExecStopPost=/usr/bin/podman rm --ignore --cidfile %T/%N.cid --cgroup-manager=cgroupfs
ExecStopPost=/usr/bin/rm -f %T/%N.pid %T/%N.cid
Expand Down

0 comments on commit 2889114

Please sign in to comment.