From f5b1887361a95a159cecc4e745120c09af726c47 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Sat, 31 Oct 2020 02:49:36 +0000 Subject: [PATCH 1/5] Creating admin account --- config/rbac/cluster_role.yaml | 1 + config/rbac/namespaced/role.yaml | 1 + roles/gitea-ocp/defaults/main.yml | 4 ++++ roles/gitea-ocp/tasks/main.yml | 18 ++++++++++++++++++ 4 files changed, 24 insertions(+) diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml index b5ef3d1..78cd00e 100644 --- a/config/rbac/cluster_role.yaml +++ b/config/rbac/cluster_role.yaml @@ -8,6 +8,7 @@ rules: - "" resources: - pods + - pods/exec - services - services/finalizers - endpoints diff --git a/config/rbac/namespaced/role.yaml b/config/rbac/namespaced/role.yaml index 307835b..62c7472 100644 --- a/config/rbac/namespaced/role.yaml +++ b/config/rbac/namespaced/role.yaml @@ -8,6 +8,7 @@ rules: - "" resources: - pods + - pods/exec - services - services/finalizers - endpoints diff --git a/roles/gitea-ocp/defaults/main.yml b/roles/gitea-ocp/defaults/main.yml index b5ff7da..aebe948 100644 --- a/roles/gitea-ocp/defaults/main.yml +++ b/roles/gitea-ocp/defaults/main.yml @@ -3,6 +3,10 @@ _gitea_state: present _gitea_namespace: gitea _gitea_name: gitea +_gitea_admin_user: administrator +_gitea_admin_password: openshift +_gitea_admin_email: tssc@redhat.com + _gitea_postgresql_service_name: postgresql _gitea_postgresql_database_name: giteadb _gitea_postgresql_user: giteauser diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml index 700cbd8..c605e63 100644 --- a/roles/gitea-ocp/tasks/main.yml +++ b/roles/gitea-ocp/tasks/main.yml @@ -78,3 +78,21 @@ retries: 50 delay: 10 ignore_errors: yes + +- name: Get Gitea pod info + k8s_info: + api_version: v1 + kind: Pod + namespace: '{{ _gitea_namespace }}' + label_selectors: + - "app=gitea" + register: gitea_pod + +- set_fact: + gitea_pod_name: '{{ gitea_pod.resources[0].metadata.name }}' + +- name: Create Gitea admin user + community.kubernetes.k8s_exec: + namespace: "{{ _gitea_namespace }}" + pod: '{{ gitea_pod_name }}' + command: /home/gitea/gitea --config=/home/gitea/conf/app.ini admin create-user --username '{{ _gitea_admin_user }}' --password '{{ _gitea_admin_password }}' --admin --email '{{ _gitea_admin_email }}' --access-token --must-change-password=false From 920e0153c3380378131ec1f212dda07790ea2379 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Mon, 2 Nov 2020 16:18:09 +0000 Subject: [PATCH 2/5] Adding element to 'set_fact' --- roles/gitea-ocp/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml index c605e63..d494b09 100644 --- a/roles/gitea-ocp/tasks/main.yml +++ b/roles/gitea-ocp/tasks/main.yml @@ -90,6 +90,7 @@ - set_fact: gitea_pod_name: '{{ gitea_pod.resources[0].metadata.name }}' + when: gitea_pod.resources - name: Create Gitea admin user community.kubernetes.k8s_exec: From e1f89e2fa10c0d0f82e03e596924f4a5bb2cb396 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Mon, 2 Nov 2020 18:55:21 +0000 Subject: [PATCH 3/5] Fixing syntax error --- roles/gitea-ocp/tasks/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml index d494b09..5ac19bc 100644 --- a/roles/gitea-ocp/tasks/main.yml +++ b/roles/gitea-ocp/tasks/main.yml @@ -85,12 +85,11 @@ kind: Pod namespace: '{{ _gitea_namespace }}' label_selectors: - - "app=gitea" + - "app={{ _gitea_name }}" register: gitea_pod - set_fact: gitea_pod_name: '{{ gitea_pod.resources[0].metadata.name }}' - when: gitea_pod.resources - name: Create Gitea admin user community.kubernetes.k8s_exec: From 1b717cf3375a45f0d1304e19943a5f0a89ba4cc2 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Mon, 2 Nov 2020 19:55:53 +0000 Subject: [PATCH 4/5] Updating hardcoded admin password --- roles/gitea-ocp/defaults/main.yml | 1 - roles/gitea-ocp/tasks/main.yml | 25 +++++++++++++++++++++---- roles/gitea-ocp/templates/secret.yml.j2 | 8 ++++++++ 3 files changed, 29 insertions(+), 5 deletions(-) create mode 100644 roles/gitea-ocp/templates/secret.yml.j2 diff --git a/roles/gitea-ocp/defaults/main.yml b/roles/gitea-ocp/defaults/main.yml index aebe948..b161608 100644 --- a/roles/gitea-ocp/defaults/main.yml +++ b/roles/gitea-ocp/defaults/main.yml @@ -4,7 +4,6 @@ _gitea_namespace: gitea _gitea_name: gitea _gitea_admin_user: administrator -_gitea_admin_password: openshift _gitea_admin_email: tssc@redhat.com _gitea_postgresql_service_name: postgresql diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml index 5ac19bc..7836700 100644 --- a/roles/gitea-ocp/tasks/main.yml +++ b/roles/gitea-ocp/tasks/main.yml @@ -91,8 +91,25 @@ - set_fact: gitea_pod_name: '{{ gitea_pod.resources[0].metadata.name }}' -- name: Create Gitea admin user - community.kubernetes.k8s_exec: +- name: Check for administrator credential secret + k8s_info: namespace: "{{ _gitea_namespace }}" - pod: '{{ gitea_pod_name }}' - command: /home/gitea/gitea --config=/home/gitea/conf/app.ini admin create-user --username '{{ _gitea_admin_user }}' --password '{{ _gitea_admin_password }}' --admin --email '{{ _gitea_admin_email }}' --access-token --must-change-password=false + kind: Secret + name: "{{ _gitea_name }}-admin-credentials" + register: gitea_admin_credentials + +- name: Generate administrator password + block: + - set_fact: + gitea_admin_password: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}" + + - name: Create gitea-admin-credentials Secret + k8s: + definition: "{{ lookup('template', 'secret.yml.j2') | from_yaml }}" + + - name: Create Gitea admin user + community.kubernetes.k8s_exec: + namespace: "{{ _gitea_namespace }}" + pod: '{{ gitea_pod_name }}' + command: /home/gitea/gitea --config=/home/gitea/conf/app.ini admin create-user --username '{{ _gitea_admin_user }}' --password '{{ gitea_admin_password }}' --admin --email '{{ _gitea_admin_email }}' --access-token --must-change-password=false + when: not gitea_admin_credentials.resources diff --git a/roles/gitea-ocp/templates/secret.yml.j2 b/roles/gitea-ocp/templates/secret.yml.j2 new file mode 100644 index 0000000..9edbd16 --- /dev/null +++ b/roles/gitea-ocp/templates/secret.yml.j2 @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ _gitea_name }}-admin-credentials" + namespace: "{{ _gitea_namespace }}" +data: + username: "{{ 'administrator' | b64encode }}" + password: "{{ gitea_admin_password | b64encode }}" From 58cf779292eb41c8ccb249ab7434afbfc9fa8af6 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Thu, 5 Nov 2020 14:43:49 +0000 Subject: [PATCH 5/5] Bumping up version --- hack/operate.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/operate.conf b/hack/operate.conf index 1f2b848..4336b6e 100644 --- a/hack/operate.conf +++ b/hack/operate.conf @@ -1,5 +1,5 @@ IMG=quay.io/redhatgov/gitea-operator KIND=Gitea CR_SAMPLE=redhatgov_v1alpha1_gitea_openshift.yaml -VERSION=0.0.3 +VERSION=0.0.4 CHANNELS=alpha