From 86a521ef42b69d5d1e7074f669f80782272c3fb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 3 Sep 2020 23:09:35 +0200
Subject: [PATCH] FASJSON: we don't need the host keytab
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 playbooks/openshift-apps/fasjson.yml                       | 6 ------
 roles/openshift-apps/fasjson/templates/Dockerfile          | 1 -
 .../openshift-apps/fasjson/templates/deploymentconfig.yml  | 7 -------
 3 files changed, 14 deletions(-)

diff --git a/playbooks/openshift-apps/fasjson.yml b/playbooks/openshift-apps/fasjson.yml
index 2e1abdbed5..bd62e7dbaf 100644
--- a/playbooks/openshift-apps/fasjson.yml
+++ b/playbooks/openshift-apps/fasjson.yml
@@ -52,12 +52,6 @@
     # The ipa-ldap delegation target is declared during IPA installation
 
   # Keytabs
-  - role: openshift/keytab
-    app: fasjson
-    key: host
-    secret_name: fasjson-keytab-host
-    service: host
-    host: "fasjson{{ env_suffix }}.fedoraproject.org"
   - role: openshift/keytab
     app: fasjson
     key: http
diff --git a/roles/openshift-apps/fasjson/templates/Dockerfile b/roles/openshift-apps/fasjson/templates/Dockerfile
index ab9d8699da..d57445e9fa 100644
--- a/roles/openshift-apps/fasjson/templates/Dockerfile
+++ b/roles/openshift-apps/fasjson/templates/Dockerfile
@@ -37,7 +37,6 @@ RUN git clone https://github.com/fedora-infra/fasjson.git && \
     popd && \
     rm -rf fasjson
 RUN rm -f /etc/krb5.conf && ln -sf /etc/krb5/krb5.conf /etc/krb5.conf && \
-    ln -sf /etc/keytabs/host /etc/krb5.keytab && \
     rm -f /etc/openldap/ldap.conf && ln -sf /etc/ipa/ldap.conf /etc/openldap/ldap.conf
 EXPOSE 8080
 ENTRYPOINT bash /etc/fasjson/start.sh
diff --git a/roles/openshift-apps/fasjson/templates/deploymentconfig.yml b/roles/openshift-apps/fasjson/templates/deploymentconfig.yml
index 922d43ecb6..94a5f497c6 100644
--- a/roles/openshift-apps/fasjson/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/fasjson/templates/deploymentconfig.yml
@@ -31,10 +31,6 @@ spec:
         ports:
         - containerPort: 8080
         volumeMounts:
-        - name: keytab-host-volume
-          mountPath: /etc/keytabs/host
-          subPath: host
-          readOnly: true
         - name: keytab-http-volume
           mountPath: /etc/keytabs/http
           subPath: http
@@ -68,9 +64,6 @@ spec:
       - name: fasjson-config-volume
         configMap:
           name: fasjson-config
-      - name: keytab-host-volume
-        secret:
-          secretName: fasjson-keytab-host
       - name: keytab-http-volume
         secret:
           secretName: fasjson-keytab-http