From f81f5a943f6cd356b0245386702a0d9783c76b51 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Tue, 17 Apr 2018 01:22:18 +0200
Subject: [PATCH 1/2] Add openshift/keytab

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/openshift/keytab/tasks/main.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 roles/openshift/keytab/tasks/main.yml

diff --git a/roles/openshift/keytab/tasks/main.yml b/roles/openshift/keytab/tasks/main.yml
new file mode 100644
index 0000000000..bb4197c67f
--- /dev/null
+++ b/roles/openshift/keytab/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: Create temporary file
+  tempfile: state=file
+  register: tmpfile
+  run_once: true
+
+- include_role: keytab/service
+  kt_location: "{{ tmpfile.path }}"
+
+- name: Call `oc secrets new` on the copied file
+  shell: oc -n {{app}} secrets new {{secret_name}} {{key}}={{tmpfile.path}}
+  run_once: true
+  register: create_out
+  failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
+
+- name: Delete temporary file
+  file: path={{tmpfile.path}} state=absent
+  run_once: true

From d9a17f5c5dab0e5d8866dfaeed5160b3b2b78105 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Tue, 17 Apr 2018 01:25:04 +0200
Subject: [PATCH 2/2] Try to add a keytab for bodhi

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 playbooks/openshift-apps/bodhi.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml
index 83f4dbe2d4..26725fa6bb 100644
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@@ -14,6 +14,12 @@
     description: bodhi
     appowners:
     - bowlofeggs
+  - role: openshift/keytab
+    app: bodhi
+    secret_name: bodhi-keytab
+    service: bodhi
+    host: "bodhi.stg.fedoraproject.org"
+    when: env == "staging"
   - role: openshift/secret-file
     app: bodhi
     secret_name: bodhi-fedmsg-key