modules/fm-orchestrator
1
0
Fork 0
mirror of https://pagure.io/fm-orchestrator.git synced 2026-04-13 11:49:52 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Modify MBS to use a separate Kerberos context per thread so both threads can use the thread keyring to store the Kerberos cache

Browse Source 
This commit includes the backport of the changes to `krb_login` in
https://pagure.io/koji/pull-request/1187. This change is required
for our separate threads to use a separate Kerberos context per thread.
This commit is contained in:
mprahl
2018-12-13 14:24:32 -05:00
parent e17fdbdb5a
commit 25122cb53e
8 changed files with 141 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
module_build_service/builder/KojiModuleBuilder.py
View File

@@ -49,6 +49,7 @@ from module_build_service import log, conf, models
import module_build_service.scm
import module_build_service.utils
from module_build_service.builder.utils import execute_cmd
from module_build_service.builder.koji_backports import ClientSession as KojiClientSession
from module_build_service.errors import ProgrammingError
from module_build_service.builder.base import GenericBuilder
@@ -455,7 +456,7 @@ chmod 644 %buildroot/etc/rpm/macros.zz-modules
address = koji_config.server
log.info("Connecting to koji %r.", address)
koji_session = koji.ClientSession(address, opts=koji_config)
koji_session = KojiClientSession(address, opts=koji_config)
if not login:
return koji_session
@@ -463,13 +464,23 @@ chmod 644 %buildroot/etc/rpm/macros.zz-modules
authtype = koji_config.authtype
log.info("Authenticate session with %r.", authtype)
if authtype == "kerberos":
try:
import krbV
except ImportError:
raise RuntimeError(
"python-krbV must be installed to authenticate with Koji using Kerberos")
keytab = getattr(config, "krb_keytab", None)
principal = getattr(config, "krb_principal", None)
if not keytab and principal:
raise ValueError(
"The Kerberos keytab and principal aren't set for Koji authentication")
log.debug(" keytab: %r, principal: %r" % (keytab, principal))
koji_session.krb_login(principal=principal, keytab=keytab)
# We want to create a context per thread to avoid Kerberos cache corruption
ctx = krbV.Context()
# We want to use the thread keyring for the ccache to ensure we have one cache per
# thread to avoid Kerberos cache corruption
ccache = "KEYRING:thread:mbs"
koji_session.krb_login(principal=principal, keytab=keytab, ctx=ctx, ccache=ccache)
elif authtype == "ssl":
koji_session.ssl_login(
os.path.expanduser(koji_config.cert),