Move automation user create to separate script to run after playbook state

2025-12-06 09:12:45 +01:00 · 2020-09-30 17:02:02 -04:00
parent 8e80b41ca9
commit 6361c790e9
4 changed files with 65 additions and 33 deletions
--- a/salt/playbook/automation_user_create.sls
+++ b/salt/playbook/automation_user_create.sls
@@ -0,0 +1,14 @@
+
+# This state will import the initial default playbook database. 
+# If there is an existing playbook database, it will be overwritten - no backups are made.
+
+include:
+  - playbook
+
+salt://playbook/files/create_automation_user.sh:
+  cmd.script:
+    - cwd: /root
+    - template: jinja
+
+'sleep 5':
+  cmd.run
--- a/salt/playbook/files/create_automation_user.sh
+++ b/salt/playbook/files/create_automation_user.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) -%}
+# {%- set automation_pass = salt['pillar.get']('secrets:playbook_automation', None) %}
+
+local_salt_dir=/opt/so/saltstack/local
+
+try_count=6
+interval=10
+
+while [[ $try_count -le 6 ]]; do
+    if docker top "so-playbook"; then
+        #Create Automation user
+        automation_group=6
+
+        mapfile -t automation_res < <(
+            curl -s --location --request POST 'http://127.0.0.1:3200/playbook/users.json' --user "admin:{{ admin_pass }}" --header 'Content-Type: application/json' --data '{
+                "user" : {
+                    "login" : "Automation",
+                    "password": "{{ automation_pass }}",
+                    "firstname": "SecOps",
+                    "lastname": "Automation",
+                    "mail": "automation2@localhost.local"
+                }
+            }' | jq -r '.user.api_key, .user.id'
+        )
+
+        automation_api_key=${automation_res[0]}
+        automation_user_id=${automation_res[1]}
+
+        curl --location --request POST "http://127.0.0.1:3200/playbook/groups/${automation_group}/users.json" \
+            --user "admin:{{ admin_pass }}" \
+            --header 'Content-Type: application/json' \
+            --data "{
+                \"user_id\" : ${automation_user_id}
+            }"
+
+        if (grep -qi "playbook_api_key" $local_salt_dir/pillar/global.sls); then
+            sed -i "/s/playbook_api_key:.*/playbook_api_key: ${automation_api_key}/g" $local_salt_dir/pillar/global.sls
+        else
+            echo "  playbook_api_key: ${automation_api_key}" >> $local_salt_dir/pillar/global.sls
+        fi
+    fi
+    ((try_count++))
+    sleep "${interval}s"
+done
+
--- a/salt/playbook/files/playbook_db_init.sh
+++ b/salt/playbook/files/playbook_db_init.sh
@@ -1,10 +1,8 @@
 #!/bin/bash
 # {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
 # {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) -%}
-# {%- set automation_pass = salt['pillar.get']('secrets:playbook_automation', None) %}

 default_salt_dir=/opt/so/saltstack/default
-local_salt_dir=/opt/so/saltstack/local

 # Generate salt + hash for admin user
 admin_salt=$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 32 | head -n 1)
@@ -16,34 +14,3 @@ sed -i "s/ADMIN_SALT/${admin_salt}/g" $default_salt_dir/salt/playbook/files/play
 # Copy file to destination + execute SQL
 docker cp $default_salt_dir/salt/playbook/files/playbook_db_init.sql so-mysql:/tmp/playbook_db_init.sql
 docker exec so-mysql /bin/bash -c "/usr/bin/mysql -b  -uroot -p{{MYSQLPASS}}  < /tmp/playbook_db_init.sql"
-
-#Create Automation user
-automation_group=6
-
-mapfile -t automation_res < <(
-    curl -s --location --request POST 'http://127.0.0.1:3200/playbook/users.json' --user "admin:{{ admin_pass }}" --header 'Content-Type: application/json' --data '{
-        "user" : {
-            "login" : "Automation",
-            "password": "{{ automation_pass }}",
-            "firstname": "SecOps",
-            "lastname": "Automation",
-            "mail": "automation2@localhost.local"
-        }
-    }' | jq -r '.user.api_key, .user.id'
-)
-
-automation_api_key=${automation_res[0]}
-automation_user_id=${automation_res[1]}
-
-curl --location --request POST "http://127.0.0.1:3200/playbook/groups/${automation_group}/users.json" \
-    --user "admin:{{ admin_pass }}" \
-    --header 'Content-Type: application/json' \
-    --data "{
-        \"user_id\" : ${automation_user_id}
-    }"
-
-if (grep -qi "playbook_api_key" $local_salt_dir/pillar/global.sls); then
-    sed -i "/s/playbook_api_key:.*/playbook_api_key: ${automation_api_key}/g" $local_salt_dir/pillar/global.sls
-else
-    echo "  playbook_api_key: ${automation_api_key}" >> $local_salt_dir/pillar/global.sls
-fi
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -654,6 +654,11 @@ fi

 		set_progress_str 73 "$(print_salt_state_apply 'playbook')"
 		salt-call state.apply -l info playbook >> $setup_log 2>&1
+
+		set_progress_str 73 "$(print_salt_state_apply 'playbook.automation_user_create')"
+		salt-call state.apply -l info playbook.automation_user_create >> $setup_log 2>&1
+
+		set_progress_str 73 "Update playbook rules"
 		so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 &
 	fi