From 0f2e641d48d29d3dcfa7a11495edfc82e83f95c6 Mon Sep 17 00:00:00 2001
From: David Kirwan <dkirwan@redhat.com>
Date: Tue, 25 Oct 2022 12:12:33 +0100
Subject: [PATCH] CentOS-CI: Manual playbook for creation of CentOS CI keytabs

Signed-off-by: David Kirwan <dkirwan@redhat.com>
---
 playbooks/manual/centosci-keytab.yml | 15 +++++++++++++++
 roles/centosci-keytab/tasks/main.yml | 26 ++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 playbooks/manual/centosci-keytab.yml
 create mode 100644 roles/centosci-keytab/tasks/main.yml

diff --git a/playbooks/manual/centosci-keytab.yml b/playbooks/manual/centosci-keytab.yml
new file mode 100644
index 0000000000..0623b03ab3
--- /dev/null
+++ b/playbooks/manual/centosci-keytab.yml
@@ -0,0 +1,15 @@
+---
+- hosts: localhost
+  user: root
+  gather_facts: false
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+    - name: Centos CI Keytab Creation Role
+      include_role:
+        name: centosci-keytab
+        tasks_from: main
diff --git a/roles/centosci-keytab/tasks/main.yml b/roles/centosci-keytab/tasks/main.yml
new file mode 100644
index 0000000000..bdb46b934b
--- /dev/null
+++ b/roles/centosci-keytab/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: Create the CentosCIAuthorization operator keytab path
+  file:
+    path: "/etc/openshift_apps/centos-ci-authorization/"
+    state: directory
+    owner: root
+    group: root
+    mode: 0750
+
+- name: Acquire a keytab for staging
+  include_role:
+    name: keytab/service
+  vars:
+    kt_location:
+      "/etc/openshift_apps/centos-ci-authorization/centos-ci-authorization-operator-stg-keytab.kt"
+    service: "centos-ci-authorization-operator-stg"
+    host: "{{centosci_stg_ocp_api_hostname}}"
+
+- name: Acquire a keytab for prod
+  include_role:
+    name: keytab/service
+  vars:
+    kt_location:
+      "/etc/openshift_apps/centos-ci-authorization/centos-ci-authorization-operator-prod-keytab.kt"
+    service: "centos-ci-authorization-operator-prod"
+    host: "{{centosci_prod_ocp_api_hostname}}"