diff --git a/utilities/platform-util/centos/platform-util.spec b/utilities/platform-util/centos/platform-util.spec index 3fa4d13e..940789ca 100644 --- a/utilities/platform-util/centos/platform-util.spec +++ b/utilities/platform-util/centos/platform-util.spec @@ -65,6 +65,7 @@ install -m 555 %{_buildsubdir}/scripts/update-iso.sh %{buildroot}%{local_bindir} install -m 555 %{_buildsubdir}/scripts/gen-bootloader-iso.sh %{buildroot}%{local_bindir} install -m 555 %{_buildsubdir}/scripts/stx-iso-utils.sh %{buildroot}%{local_bindir} install -m 555 %{_buildsubdir}/scripts/show-certs.sh %{buildroot}%{local_bindir} +install -m 555 %{_buildsubdir}/scripts/update_docker_registry_auth.sh %{buildroot}%{local_bindir} install -d %{buildroot}%{local_etc_initd} install %{_buildsubdir}/scripts/log_functions.sh %{buildroot}%{local_etc_initd} @@ -115,6 +116,7 @@ systemctl enable opt-platform.service %{local_bindir}/gen-bootloader-iso.sh %{local_bindir}/stx-iso-utils.sh %{local_bindir}/show-certs.sh +%{local_bindir}/update_docker_registry_auth.sh %files noncontroller %defattr(-,root,root,-) diff --git a/utilities/platform-util/debian/deb_folder/controller.install b/utilities/platform-util/debian/deb_folder/controller.install index 5dd99235..1bc12653 100644 --- a/utilities/platform-util/debian/deb_folder/controller.install +++ b/utilities/platform-util/debian/deb_folder/controller.install @@ -2,3 +2,4 @@ scripts/gen-bootloader-iso.sh usr/local/bin scripts/show-certs.sh usr/local/bin scripts/stx-iso-utils.sh usr/local/bin scripts/update-iso.sh usr/local/bin +scripts/update_docker_registry_auth.sh usr/local/bin diff --git a/utilities/platform-util/debian/deb_folder/platform-util-controller.install b/utilities/platform-util/debian/deb_folder/platform-util-controller.install index 48174476..75ed7cb0 100644 --- a/utilities/platform-util/debian/deb_folder/platform-util-controller.install +++ b/utilities/platform-util/debian/deb_folder/platform-util-controller.install @@ -2,3 +2,4 @@ /usr/local/bin/show-certs.sh /usr/local/bin/stx-iso-utils.sh /usr/local/bin/update-iso.sh +/usr/local/bin/update_docker_registry_auth.sh diff --git a/utilities/platform-util/debian/deb_folder/rules b/utilities/platform-util/debian/deb_folder/rules index 2ff80437..ec97e9e0 100755 --- a/utilities/platform-util/debian/deb_folder/rules +++ b/utilities/platform-util/debian/deb_folder/rules @@ -33,6 +33,7 @@ override_dh_auto_install: install -m 555 scripts/gen-bootloader-iso.sh $(DEBIAN_BUILDDIR)/usr/local/bin/ install -m 555 scripts/stx-iso-utils.sh $(DEBIAN_BUILDDIR)/usr/local/bin/ install -m 555 scripts/show-certs.sh $(DEBIAN_BUILDDIR)/usr/local/bin/ + install -m 555 scripts/update_docker_registry_auth.sh $(DEBIAN_BUILDDIR)/usr/local/bin/ install -m 555 scripts/is-rootdisk-device.sh $(DEBIAN_BUILDDIR)/usr/local/bin/ install -m 755 scripts/connectivity_test $(DEBIAN_BUILDDIR)/usr/local/bin/ install -m 750 scripts/set_keystone_user_option.sh $(DEBIAN_BUILDDIR)/usr/local/bin/ @@ -46,5 +47,5 @@ override_dh_auto_install: override_dh_fixperms: dh_fixperms -Xupdate-iso.sh -Xgen-bootloader-iso.sh -Xstx-iso-utils.sh \ - -Xshow-certs.sh -Xis-rootdisk-device.sh -Xpatch-restart-* -Xconnectivity_test \ - -Xset_keystone_user_option.sh + -Xshow-certs.sh -Xupdate_docker_registry_auth.sh -Xis-rootdisk-device.sh \ + -Xpatch-restart-* -Xconnectivity_test -Xset_keystone_user_option.sh diff --git a/utilities/platform-util/scripts/update_docker_registry_auth.sh b/utilities/platform-util/scripts/update_docker_registry_auth.sh new file mode 100755 index 00000000..582a7802 --- /dev/null +++ b/utilities/platform-util/scripts/update_docker_registry_auth.sh @@ -0,0 +1,89 @@ +#!/bin/bash -e +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# This script is to update the docker registry credentials +# + +USAGE="Usage: ${0##*/} " + +get_password() +{ + read -s -p "Password of ${usr}: " pw + echo + read -s -p "Password of ${usr} (again): " pw2 + while [ "${pw}" != "${pw2}" ]; do + echo + echo "Incorrect input of password, please try again." + read -s -p "Password of ${usr}: " pw + echo + read -s -p "Password of ${usr} (again): " pw2 + done +} + +if [ $# -eq 0 ]; then + read -p "Username: " usr + get_password +elif [ $# -eq 1 ]; then + usr=${1} + get_password +elif [ $# -eq 2 ]; then + usr=${1} + pw=${2} +else + echo Too many arguments. + echo $USAGE + echo + exit +fi + +NEW_CREDS="username:${usr} password:${pw}" + +echo + +source /etc/platform/openrc + +for REGISTRY in docker-registry quay-registry elastic-registry gcr-registry \ + k8s-registry ghcr-registry; do + echo -n "Updating" $REGISTRY "credentials ." + SECRET_UUID=$(system service-parameter-list | fgrep $REGISTRY |\ + fgrep auth-secret | awk '{print $10}') + if [ -z "$SECRET_UUID" ]; then + echo "No $REGISTRY entry in service-parameters" + echo + continue + fi + + SECRET_REF=$(openstack secret list | fgrep ${SECRET_UUID} |\ + awk '{print $2}') + echo -n "." + SECRET_VALUE=$(openstack secret get ${SECRET_REF} --payload -f value) + echo -n "." + openstack secret delete ${SECRET_REF} > /dev/null + echo -n "." + NEW_SECRET_VALUE=$NEW_CREDS + openstack secret store -n ${REGISTRY}-secret -p "${NEW_SECRET_VALUE}" \ + >/dev/null + echo -n "." + NEW_SECRET_REF=$(openstack secret list | fgrep ${REGISTRY}-secret |\ + awk '{print $2}') + NEW_SECRET_UUID=$(echo "${NEW_SECRET_REF}" | awk -F/ '{print $6}') + system service-parameter-modify docker $REGISTRY \ + auth-secret="${NEW_SECRET_UUID}" > /dev/null + echo -n "." + echo " done." + + echo -n "Validating $REGISTRY credentials updated to: " + SECRET_UUID=$(system service-parameter-list | fgrep $REGISTRY |\ + fgrep auth-secret | awk '{print $10}') + if [ -z "$SECRET_UUID" ]; then + continue + fi + SECRET_REF=$(openstack secret list | fgrep ${SECRET_UUID} | awk '{print $2}') + SECRET_VALUE=$(openstack secret get ${SECRET_REF} --payload -f value) + echo $SECRET_VALUE + + echo +done