From 0f4a59ea54d91a0b01be5646a4aec09a5ca5437c Mon Sep 17 00:00:00 2001 From: Michael Simacek Date: Mon, 31 Oct 2016 10:51:00 +0100 Subject: [PATCH] Enable kerberos koji auth for koschei stg --- inventory/group_vars/koschei-backend-stg | 4 ++-- .../koschei/backend/templates/config-backend.cfg.j2 | 13 +++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/koschei-backend-stg b/inventory/group_vars/koschei-backend-stg index 8d39f50c3f..2bf38ee704 100644 --- a/inventory/group_vars/koschei-backend-stg +++ b/inventory/group_vars/koschei-backend-stg @@ -9,8 +9,8 @@ num_cpus: 4 koschei_topurl: https://apps.stg.fedoraproject.org/koschei koschei_pgsql_hostname: pgbdr.stg.phx2.fedoraproject.org -koschei_koji_hub: koji01.stg.phx2.fedoraproject.org -koschei_kojipkgs: koji01.stg.phx2.fedoraproject.org +koschei_koji_hub: koji.stg.fedoraproject.org +koschei_kojipkgs: koji.stg.fedoraproject.org koschei_koji_web: koji.stg.fedoraproject.org diff --git a/roles/koschei/backend/templates/config-backend.cfg.j2 b/roles/koschei/backend/templates/config-backend.cfg.j2 index ab55bf9e24..f5dac8aab0 100644 --- a/roles/koschei/backend/templates/config-backend.cfg.j2 +++ b/roles/koschei/backend/templates/config-backend.cfg.j2 @@ -13,12 +13,25 @@ config = { "server": "http://{{ koschei_koji_hub }}/kojihub", "topurl": "http://{{ koschei_kojipkgs }}", "weburl": "http://{{ koschei_koji_web }}/koji", + {% if env == 'staging' %} + {# staging will use kerberos #} + "login_method": "krb_login", + "login_args": { + "keytab": "/etc/krb5.koschei_{{ inventory_hostname }}.keytab", + "principal": "koschei/{{ inventory_hostname }}@{{ ipa_realm }}", + }, + "session_opts": { + "krb_rdns": False, + }, + {% else %} + {# prod still uses ssl #} "login_method": "ssl_login", "login_args": { "cert": "/etc/koschei/koschei.pem", "ca": "/etc/koschei/fedora-ca.cert", "serverca": "/etc/koschei/fedora-ca.cert", }, + {% endif %} {% if env == 'staging' %} "max_builds": 4, "build_arches": ['i386', 'x86_64', 'armhfp'],