From 251555b692710c9085c421ca8b5c35f3cde31639 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Tue, 17 Apr 2018 02:10:57 +0000
Subject: [PATCH] Deploy krb5.conf for bodhi

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/bodhi2/base/templates/configmap.yml     | 29 +++++++++++++++++++
 .../bodhi/templates/buildconfig.yml           |  4 ++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/roles/bodhi2/base/templates/configmap.yml b/roles/bodhi2/base/templates/configmap.yml
index bd0ef0589b..bb652593a7 100644
--- a/roles/bodhi2/base/templates/configmap.yml
+++ b/roles/bodhi2/base/templates/configmap.yml
@@ -6,6 +6,35 @@ metadata:
   labels:
     app: bodhi
 data:
+  krb5.conf: |-
+    [logging]
+     default = FILE:/var/log/krb5libs.log
+     kdc = FILE:/var/log/krb5kdc.log
+     admin_server = FILE:/var/log/kadmind.log
+    
+    [libdefaults]
+     default_realm = {{ ipa_realm }}
+     rdns = false
+     dns_canonicalize_hostname = false
+     dns_lookup_realm = false
+     dns_lookup_kdc = false
+     ticket_lifetime = 24h
+     renew_lifetime = 7d
+     forwardable = true
+    
+    [realms]
+     {{ ipa_realm }} = {
+      kdc = ipa01{{ env_suffix }}.phx2.fedoraproject.org
+     }
+    
+    [domain_realm]
+     .fedoraproject.org = FEDORAPROJECT.ORG
+     fedoraproject.org = FEDORAPROJECT.ORG
+    {% if env == "staging" %}
+     .stg.phx2.fedoraproject.org = STG.FEDORAPROJECT.ORG
+    {% endif %}
+     .stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
+     stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
   production.ini: |-
     {%- macro production_ini() %}    {% include "production.ini.j2" %}{%- endmacro -%}
     {{ production_ini() | indent() }}
diff --git a/roles/openshift-apps/bodhi/templates/buildconfig.yml b/roles/openshift-apps/bodhi/templates/buildconfig.yml
index fa8195856d..0bca87c1a1 100644
--- a/roles/openshift-apps/bodhi/templates/buildconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/buildconfig.yml
@@ -29,7 +29,9 @@ items:
         RUN mkdir -p /etc/pki/fedmsg/
         RUN ln -sf /etc/pki/fedmsg/key/fedmsg-bodhi.key /etc/pki/fedmsg/bodhi.key
         RUN ln -sf /etc/pki/fedmsg/crt/fedmsg-bodhi.crt /etc/pki/fedmsg/bodhi.crt
-        # Link keytab
+        # Set up krb5
+        RUN rm -f /etc/krb5.conf
+        RUN ln -sf /etc/bodhi/krb5.conf /etc/krb5.conf
         RUN ln -sf /etc/keytabs/koji-keytab /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab
         EXPOSE 8080
         ENV USER=openshift