Merge branch 'main' into arm-dev

quay · May 2, 2024 · 257ab72 · 257ab72
2 parents fe74699 + 26d82ce
commit 257ab72
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 2 deletions.
diff --git a/ansible-runner/context/app/project/roles/mirror_appliance/tasks/secret-vars.yaml b/ansible-runner/context/app/project/roles/mirror_appliance/tasks/secret-vars.yaml
@@ -2,5 +2,5 @@
   set_fact:
     secret_key: "{{ lookup('community.general.random_string', length=48, base64=True) }}"
     database_secret_key: "{{ lookup('community.general.random_string', length=48, base64=True) }}"
-    pgdb_password: "{{ lookup('community.general.random_string', length=24, base64=True) }}"
-    redis_password: "{{ lookup('community.general.random_string', length=24, base64=True) }}"
+    pgdb_password: "{{ lookup('community.general.random_string', length=24, special=False) }}"
+    redis_password: "{{ lookup('community.general.random_string', length=24, special=False) }}"
diff --git a/ansible-runner/context/app/project/roles/mirror_appliance/tasks/upgrade-config-vars.yaml b/ansible-runner/context/app/project/roles/mirror_appliance/tasks/upgrade-config-vars.yaml
@@ -0,0 +1,18 @@
+- name: Look up quay_root, set it to /etc/quay-install if not found.
+  ansible.builtin.set_fact:
+    quay_root: "{{ quay_root | default('/etc/quay-install') }}"
+
+- name: Include vars of the config.yaml into the 'quay_config_file' variable.
+  ansible.builtin.slurp:
+    src: "{{ quay_root }}/quay-config/config.yaml"
+  register: remote_yaml_file
+
+- name: Parse the remote YAML file and set as a fact
+  ansible.builtin.set_fact:
+    quay_config_file: "{{ remote_yaml_file['content'] | b64decode | from_yaml }}"
+
+- name: Set facts for the pre-existing secrets only if they are a string and not a jinja2 variable in the config.yaml.
+  ansible.builtin.set_fact:
+    REDIS_PASSWORD : "{{ quay_config_file['USER_EVENTS_REDIS']['password'] }}"
+    PGDB_PASSWORD : "{{ quay_config_file['DB_URI'].split('@')[0].split(':')[2] }}"
+  when: quay_config_file['DATABASE_SECRET_KEY'] is string and quay_config_file['USER_EVENTS_REDIS']['password'] is string and quay_config_file['DB_URI'] is string
diff --git a/...ble-runner/context/app/project/roles/mirror_appliance/tasks/upgrade-postgres-service.yaml b/...ble-runner/context/app/project/roles/mirror_appliance/tasks/upgrade-postgres-service.yaml
@@ -15,6 +15,13 @@
   retries: 5
   delay: 5
 
+- name: Create Postgres Password Secret
+  containers.podman.podman_secret:
+    state: present
+    name: pgdb_pass
+    data: "{{ PGDB_PASSWORD }}"
+    skip_existing: true
+
 - name: Start Postgres service
   systemd:
     name: quay-postgres.service

diff --git a/ansible-runner/context/app/project/roles/mirror_appliance/tasks/upgrade-redis-service.yaml b/ansible-runner/context/app/project/roles/mirror_appliance/tasks/upgrade-redis-service.yaml
@@ -15,6 +15,13 @@
   retries: 5
   delay: 5
 
+- name: Create Redis Password Secret
+  containers.podman.podman_secret:
+    state: present
+    name: redis_pass
+    data: "{{ REDIS_PASSWORD }}"
+    skip_existing: true
+
 - name: Start Redis service
   systemd:
     name: quay-redis.service

diff --git a/ansible-runner/context/app/project/roles/mirror_appliance/tasks/upgrade.yaml b/ansible-runner/context/app/project/roles/mirror_appliance/tasks/upgrade.yaml
@@ -13,6 +13,9 @@
 - name: Autodetect Image Archive
   include_tasks: autodetect-image-archive.yaml
 
+- name: Autodetect existing Secrets in config.yaml
+  include_tasks: upgrade-config-vars.yaml
+
 - name: Upgrade Quay Pod Service
   include_tasks: upgrade-pod-service.yaml