Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: create secrets during upgrades (PROJQUAY-7001) #150

Closed
wants to merge 1 commit into from
Closed

fix: create secrets during upgrades (PROJQUAY-7001) #150

wants to merge 1 commit into from

Conversation

dmage
Copy link
Contributor

@dmage dmage commented Apr 17, 2024

No description provided.

@dmage dmage force-pushed the create-podman-secrets branch from 7e45a4d to 2d794a7 Compare April 17, 2024 12:13
@dmage dmage changed the title Create secrets during upgrades fix: create secrets during upgrades (PROJQUAY-7001) Apr 17, 2024
@dmage dmage added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Apr 17, 2024
harishsurf
harishsurf approved these changes Apr 17, 2024
View reviewed changes
Copy link
Contributor

@harishsurf harishsurf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

harishsurf
harishsurf approved these changes Apr 17, 2024
View reviewed changes
ansible-runner/context/app/project/roles/mirror_appliance/tasks/migrate-pre-1_3_11.yaml
- name: Create Postgres Password Secret
containers.podman.podman_secret:
state: present
name: pgdb_pass
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: do we want to replace it with {{ pgdb_password }} defined in secret-vars.yaml

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would probably break existing users postgres DB's, right? If they got swapped from password to an autogenerated password?

I'm not sure how redis handles that change, guessing if its ephemeral it won't cause an issue.

@BadgerOps
Copy link
Contributor

BadgerOps commented Apr 17, 2024
edited
Loading

Hey @harishsurf @dmage sorry for this regression - I'm just wrapping up some local testing for a similar PR that generates facts :

- name: Include vars of the config.yaml into the 'quay_config' variable (2.2).
  ansible.builtin.include_vars:
    file: "{{ quay_root }}/quay-config/config.yaml"
    name: quay_config

Then creates the podman secrets with those - the reason I was thinking of going this route is to protect backwards compatibility. Of course, if the better option is to reset the passwords to what is autogenerated in secret-vars.yaml then I'm all for that, and I'll toss my branch 🤣

Edit: Specifically the reason I was considering this route was in case other users had already manually changed the secrets in the config.yaml, and don't want to break their existing installs.

@BadgerOps
Copy link
Contributor

I just submitted #151 with another way - let me know if y'all would prefer to do it another way and I'll close mine!

@dmage
Copy link
Contributor Author

dmage commented Apr 18, 2024

Replaced by #151.

@dmage dmage closed this Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BadgerOps BadgerOps BadgerOps left review comments

@harishsurf harishsurf harishsurf approved these changes

Assignees
No one assigned
Labels
ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dmage @BadgerOps @harishsurf