Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow setting MIQ admin password during deployment #250

Merged
merged 4 commits into from
Dec 7, 2017
Merged

Allow setting MIQ admin password during deployment #250

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2952bd8
Allow setting of MIQ admin password during deployment
fbladilo Nov 30, 2017
73f988a
Apply necessary changes to ext-db template
fbladilo Nov 30, 2017
542869d
Minor parameter fix to ext-db template
fbladilo Nov 30, 2017
896e0b7
- Simplified password set call
fbladilo Dec 7, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions images/miq-app/docker-assets/appliance-initialize.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ case $? in

# Restore symlinks from PV to application rootdir
restore_pv_data

# Set admin pwd
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment hardly seems necessary.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chessbyte Surely , already commented and working on requested changes..

set_admin_pwd
;;
4) # new_replica
echo "== Starting New Replica =="
Expand Down
9 changes: 9 additions & 0 deletions images/miq-app/docker-assets/container-scripts/container-deploy-common.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,15 @@ function migrate_db() {
) 2>&1 | tee ${PV_MIGRATE_DB_LOG}
}

# Set EVM admin pwd
function set_admin_pwd() {
echo "== Setting admin password =="

cd ${APP_ROOT} && bin/rails runner -e production "EvmDatabase.seed_primordial; user = User.find_by_userid('admin'); user.password = ENV['APPLICATION_ADMIN_PASSWORD']; user.save; exit;"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can simplify the ruby here.

EvmDatabase.seed_primordial; User.find_by_userid('admin').update_attributes!(:password => ENV['APPLICATION_ADMIN_PASSWORD'])

@bdunne this look good to you?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, I think RAILS_ENV=production is exported in /etc/default/evm so we shouldn't need the -e production here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@carbonin Yep , will go ahead and test with the simplied version. /etc/default/evm is already sourced so should work without -e.


[ "$?" -ne "0" ] && echo "ERROR: Failed to set admin password, please check appliance logs"
}

# Process DATA_PERSIST_FILE which contains the desired files/dirs to store on the PV
# Use rsync to transfer files/dirs, log output and check return status
# Ensure we always store an initial data backup on PV
Expand Down
12 changes: 12 additions & 0 deletions templates/miq-template-ext-db.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ objects:
name: "${NAME}-secrets"
stringData:
pg-password: "${DATABASE_PASSWORD}"
admin-password: "${APPLICATION_ADMIN_PASSWORD}"
database-url: postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_SERVICE_NAME}/${DATABASE_NAME}?encoding=utf8&pool=5&wait_timeout=5
v2-key: "${V2_KEY}"
- apiVersion: v1
Expand Down Expand Up @@ -126,6 +127,11 @@ objects:
secretKeyRef:
name: "${NAME}-secrets"
key: v2-key
- name: APPLICATION_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: "${NAME}-secrets"
key: admin-password
- name: ANSIBLE_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -751,6 +757,12 @@ parameters:
displayName: Application Database Region
description: Database region that will be used for application.
value: '0'
- name: APPLICATION_ADMIN_PASSWORD
displayName: Application Admin Password
required: true
description: Admin password that will be set on the application.
from: "[a-zA-Z0-9]{8}"
generate: expression
- name: ANSIBLE_DATABASE_NAME
displayName: Ansible PostgreSQL database name
required: true
Expand Down
12 changes: 12 additions & 0 deletions templates/miq-template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ objects:
name: "${NAME}-secrets"
stringData:
pg-password: "${DATABASE_PASSWORD}"
admin-password: "${APPLICATION_ADMIN_PASSWORD}"
database-url: postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_SERVICE_NAME}/${DATABASE_NAME}?encoding=utf8&pool=5&wait_timeout=5
v2-key: "${V2_KEY}"
- apiVersion: v1
Expand Down Expand Up @@ -387,6 +388,11 @@ objects:
secretKeyRef:
name: "${NAME}-secrets"
key: v2-key
- name: APPLICATION_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: "${NAME}-secrets"
key: admin-password
- name: ANSIBLE_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -888,6 +894,12 @@ parameters:
displayName: Application Database Region
description: Database region that will be used for application.
value: '0'
- name: APPLICATION_ADMIN_PASSWORD
displayName: Application Admin Password
required: true
description: Admin password that will be set on the application.
from: "[a-zA-Z0-9]{8}"
generate: expression
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like we should keep the default value here rather than using a generator.

If someone wants to change the password on deploy they can set the parameter, otherwise I think we should just keep "smartvm"

- name: ANSIBLE_DATABASE_NAME
displayName: Ansible PostgreSQL database name
required: true
Expand Down