Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Prepare koji auth for prod

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2016-11-23 13:37:19 +00:00
parent c70a3f2758
commit 180860f390
2 changed files with 1 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/koji_hub/templates/kojiweb.conf.j2
View file

@ -21,17 +21,11 @@ Alias /robots.txt /var/www/html/robots.txt
</Directory> </Directory>
<Location /koji/login> <Location /koji/login>
{% if env == "production" %}
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars
{% else %}
AuthType GSSAPI AuthType GSSAPI
GssapiSSLonly On GssapiSSLonly On
AuthName "GSSAPI Single Sign On Login" AuthName "GSSAPI Single Sign On Login"
GssapiCredStore keytab:/etc/koji-hub-http.keytab GssapiCredStore keytab:/etc/koji-hub-http.keytab
Require valid-user Require valid-user
{% endif %}
</Location> </Location>

6
roles/koji_hub/templates/web.conf.j2
View file

@ -21,13 +21,9 @@ KojiFilesURL = https://kojipkgs.fedoraproject.org/
{% endif %} {% endif %}
# SSL authentication options # SSL authentication options
{% if env == "production" %}
WebCert = /etc/pki/tls/private/kojiweb_cert_key.pem
{% else %}
KrbRDNS = False KrbRDNS = False
WebKeytab = /etc/koji-hub-http.keytab WebKeytab = /etc/koji-hub-http.keytab
WebPrincipal = HTTP/koji.stg.fedoraproject.org WebPrincipal = HTTP/koji.{% if env == "staging" %}stg.{% endif %}fedoraproject.org
{% endif %}
ClientCA = /etc/pki/tls/certs/upload_cacert.pem ClientCA = /etc/pki/tls/certs/upload_cacert.pem
KojiHubCA = /etc/pki/tls/certs/extras_cacert.pem KojiHubCA = /etc/pki/tls/certs/extras_cacert.pem