modules/fm-orchestrator
1
0
Fork 0
mirror of https://pagure.io/fm-orchestrator.git synced 2026-02-02 20:59:06 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow krb ccache to be configured

Browse Source 
Access to the kernel keyring may be restricted in containers. Allow users to specify non keyring ccache for kerberos.
This commit is contained in:
jmicanek
2023-02-27 17:32:26 +01:00
parent f58e07df2a
commit 8709c632b0
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
module_build_service/common/config.py
View File

@@ -333,6 +333,7 @@ class Config(object):
},
"krb_keytab": {"type": None, "default": None, "desc": ""},
"krb_principal": {"type": None, "default": None, "desc": ""},
'krb_ccache': {"type": None, "default": "KEYRING:thread:mbs", "desc": ""},
"messaging": {"type": str, "default": "fedmsg", "desc": "The messaging system to use."},
"messaging_topic_prefix": {
"type": list,

4
module_build_service/common/koji.py
View File

@@ -143,7 +143,9 @@ def get_session(config, login=True):
log.debug(" keytab: %r, principal: %r" % (keytab, principal))
# We want to use the thread keyring for the ccache to ensure we have one cache per
# thread to avoid Kerberos cache corruption
ccache = "KEYRING:thread:mbs"
# Keyring may be inaccessible in containers, so let's allow it to be configured
ccache = getattr(config, "krb_ccache", None)
log.debug(" ccache: %r" % (ccache))
koji_session.gssapi_login(principal=principal, keytab=keytab, ccache=ccache)
elif authtype == "ssl":
koji_session.ssl_login(