Enable kerberos koji auth for koschei stg

2026-06-14 22:36:09 +08:00 · 2016-10-31 10:51:00 +01:00
parent 3ebca8f57e
commit 0f4a59ea54
2 changed files with 15 additions and 2 deletions
--- a/inventory/group_vars/koschei-backend-stg
+++ b/inventory/group_vars/koschei-backend-stg
@@ -9,8 +9,8 @@ num_cpus: 4

 koschei_topurl: https://apps.stg.fedoraproject.org/koschei
 koschei_pgsql_hostname: pgbdr.stg.phx2.fedoraproject.org
-koschei_koji_hub: koji01.stg.phx2.fedoraproject.org
-koschei_kojipkgs: koji01.stg.phx2.fedoraproject.org
+koschei_koji_hub: koji.stg.fedoraproject.org
+koschei_kojipkgs: koji.stg.fedoraproject.org
 koschei_koji_web: koji.stg.fedoraproject.org


--- a/roles/koschei/backend/templates/config-backend.cfg.j2
+++ b/roles/koschei/backend/templates/config-backend.cfg.j2
@@ -13,12 +13,25 @@ config = {
        "server": "http://{{ koschei_koji_hub }}/kojihub",
        "topurl": "http://{{ koschei_kojipkgs }}",
        "weburl": "http://{{ koschei_koji_web }}/koji",
+        {% if env == 'staging' %}
+        {# staging will use kerberos #}
+        "login_method": "krb_login",
+        "login_args": {
+            "keytab": "/etc/krb5.koschei_{{ inventory_hostname }}.keytab",
+            "principal": "koschei/{{ inventory_hostname }}@{{ ipa_realm }}",
+        },
+        "session_opts": {
+            "krb_rdns": False,
+        },
+        {% else %}
+        {# prod still uses ssl #}
        "login_method": "ssl_login",
        "login_args": {
            "cert": "/etc/koschei/koschei.pem",
            "ca": "/etc/koschei/fedora-ca.cert",
            "serverca": "/etc/koschei/fedora-ca.cert",
        },
+        {% endif %}
        {% if env == 'staging' %}
        "max_builds": 4,
        "build_arches": ['i386', 'x86_64', 'armhfp'],