Create a podman secret when starting systemd unit

ManageIQ · Mar 20, 2024 · 5dd21af · 5dd21af
1 parent e5b0a0d
commit 5dd21af
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/app/models/opentofu_worker.rb b/app/models/opentofu_worker.rb
@@ -33,6 +33,11 @@ def container_image
     ENV["OPENTOFU_RUNNER_IMAGE"] || default_image
   end
 
+  def enable_systemd_unit
+    super
+    create_podman_secret
+  end
+
   def unit_config_file
     # Override this in a sub-class if the specific instance needs
     # any additional config
@@ -55,4 +60,13 @@ def unit_environment_variables
       "MEMCACHED_SERVER=#{::Settings.session.memcache_server}"
     ]
   end
+
+  def create_podman_secret
+    return if AwesomeSpawn.run("podman", :params => %w[secret exists opentofu-runner-secret]).success?
+
+    database_password = ActiveRecord::Base.connection_db_config.configuration_hash[:password]
+    secret = {"DATABASE_PASSWORD" => database_password}
+
+    AwesomeSpawn.run!("podman", :params => %w[secret create opentofu-runner-secret -], :in_data => secret.to_json)
+  end
 end