diff --git a/playbooks/openshift-apps/poddlers.yml b/playbooks/openshift-apps/poddlers.yml index 200a0dce98..de17366ee5 100644 --- a/playbooks/openshift-apps/poddlers.yml +++ b/playbooks/openshift-apps/poddlers.yml @@ -46,11 +46,17 @@ tags: - appowners + # Keytabs - role: openshift/keytab keytab_app: poddlers keytab_key: service.keytab keytab_secret_name: keytab keytab_service: toddlers + - role: openshift/keytab + keytab_app: poddlers + keytab_key: sync-group.keytab + keytab_secret_name: sync-group-keytab + keytab_service: toddlers-sync-group - role: openshift/ipa-client ipa_client_app: poddlers diff --git a/roles/ipa/server/tasks/toddlers.yml b/roles/ipa/server/tasks/toddlers.yml index 5904c89b2e..85f5c36407 100644 --- a/roles/ipa/server/tasks/toddlers.yml +++ b/roles/ipa/server/tasks/toddlers.yml @@ -2,7 +2,7 @@ - name: Create toddlers toddlers-sync-groups service ansible.builtin.include_role: - name: "keytab/service" # noqa role-name[path] + name: "ipa/service" # noqa role-name[path] vars: host: os-control01{{ env_suffix }}.fedoraproject.org # noqa: var-naming[no-role-prefix] service: toddlers-sync-group # noqa: var-naming[no-role-prefix] diff --git a/roles/openshift-apps/poddlers/templates/deploymentconfig.yml.j2 b/roles/openshift-apps/poddlers/templates/deploymentconfig.yml.j2 index f864d052c0..724882ef35 100644 --- a/roles/openshift-apps/poddlers/templates/deploymentconfig.yml.j2 +++ b/roles/openshift-apps/poddlers/templates/deploymentconfig.yml.j2 @@ -30,9 +30,19 @@ spec: volumeMounts: {{ common_volume_mounts() }} + {% if toddler.name == "clean-packagers-groups" %} + - name: sync-group-keytab-volume + mountPath: /etc/sync-group-keytabs + readOnly: true + {% endif %} volumes: {{ common_volumes() }} + {% if toddler.name == "clean-packagers-groups" %} + - name: sync-group-keytab-volume + secret: + secretName: sync-group-keytab + {% endif %} triggers: - type: ConfigChange