Refactor MariaDB password handling in clone-module script

imageroot/actions/clone-module/19generate_secrets

@@ -10,6 +10,9 @@ import random
 import string
 import os
 
+# rename the old password file
+os.rename("passwords.env", "passwords.old")
+
 def gen_password(length=32):
     """Generates a random password of specified length."""
     choice_pool = string.ascii_letters+string.digits
@@ -33,4 +36,4 @@ passwords = {
     "REPORTS_SECRET": gen_password()
 }
 
-agent.write_envfile("passwords.new", passwords)
+agent.write_envfile("passwords.env", passwords)

imageroot/actions/clone-module/20start_mariadb_service

@@ -9,19 +9,24 @@ import agent
 
 
 # we need to store the old password in a temporary file
-MARIADB_ROOT_PASSWORD_OLD = agent.read_envfile("passwords.env")['MARIADB_ROOT_PASSWORD']
-agent.write_envfile("passwords.tmp",  {"MARIADB_ROOT_PASSWORD": MARIADB_ROOT_PASSWORD_OLD})
+MARIADB_ROOT_PASSWORD_OLD = agent.read_envfile("passwords.old")['MARIADB_ROOT_PASSWORD']
+AMPDBPASS_OLD = agent.read_envfile("passwords.old")['AMPDBPASS']
+agent.write_envfile("passwords.tmp",  {"MARIADB_ROOT_PASSWORD": MARIADB_ROOT_PASSWORD_OLD, "AMPDBPASS": AMPDBPASS_OLD})
 
 # mariadb must know the new root password and be prepared to be used by the systemd service
-MARIADB_ROOT_PASSWORD_NEW = agent.read_envfile("passwords.new")['MARIADB_ROOT_PASSWORD']
+# MARIADB_ROOT_PASSWORD_NEW = agent.read_envfile("passwords.env")['MARIADB_ROOT_PASSWORD']
 # read from  the passwords.new file
-PHONEBOOK_DB_PASS_NEW = agent.read_envfile("passwords.new")['PHONEBOOK_DB_PASS']
+# PHONEBOOK_DB_PASS_NEW = agent.read_envfile("passwords.new")['PHONEBOOK_DB_PASS']
 # read from  the passwords.new file ad update the MARIADB_ROOT_PASSWORD and PHONEBOOK_DB_PASS
+AMPDBPASS_NEW = agent.read_envfile("passwords.env")['AMPDBPASS']
 passwordsfile = agent.read_envfile("passwords.env")
-passwordsfile['MARIADB_ROOT_PASSWORD'] = MARIADB_ROOT_PASSWORD_NEW
-passwordsfile['PHONEBOOK_DB_PASS'] = PHONEBOOK_DB_PASS_NEW
+passwordsfile['AMPDBPASS'] = AMPDBPASS_OLD
+# passwordsfile['PHONEBOOK_DB_PASS'] = PHONEBOOK_DB_PASS_NEW
 # write the passwords.env file
 agent.write_envfile("passwords.env", passwordsfile)
 
 # Start the MariaDB service
 agent.run_helper(*'systemctl --user start mariadb.service'.split()).check_returncode()
+
+passwordsfile['AMPDBPASS'] = AMPDBPASS_NEW
+agent.write_envfile("passwords.env", passwordsfile)

imageroot/actions/clone-module/21set_mariadb_passwords

@@ -8,10 +8,10 @@
 import agent
 
 # new password for AMPDBPASS
-AMPDBPASS_NEW = agent.read_envfile("passwords.new")['AMPDBPASS']
+AMPDBPASS_NEW = agent.read_envfile("passwords.env")['AMPDBPASS']
 
 # old and new password for MARIADB_ROOT_PASSWORD
-MARIADB_ROOT_PASSWORD_NEW = agent.read_envfile("passwords.new")['MARIADB_ROOT_PASSWORD']
+MARIADB_ROOT_PASSWORD_NEW = agent.read_envfile("passwords.env")['MARIADB_ROOT_PASSWORD']
 MARIADB_ROOT_PASSWORD_OLD = agent.read_envfile("passwords.tmp")['MARIADB_ROOT_PASSWORD']
 
 # Set new mariadb root password

imageroot/actions/clone-module/22set_db_services_ports

@@ -9,7 +9,7 @@ import agent
 import os
 
 # Set new service ports
-MARIADB_ROOT_PASSWORD = agent.read_envfile("passwords.new")['MARIADB_ROOT_PASSWORD']
+MARIADB_ROOT_PASSWORD = agent.read_envfile("passwords.env")['MARIADB_ROOT_PASSWORD']
 # SQL query to update kvstore_Sipsettings
 SQL_QUERY = f"""
 UPDATE `kvstore_Sipsettings`

imageroot/actions/clone-module/35remove_passfiles

@@ -9,7 +9,5 @@ set -e
 # redirect output to stder
 exec 1>&2
 
-# mv passwords.new, we will use passwords.env
-/usr/bin/mv -vf ./passwords.new ./passwords.env
 # remove passwords.tmp
-/usr/bin/rm -vf ./passwords.tmp
+/usr/bin/rm -vf ./passwords.tmp ./passwords.old