Make koji-gc use kerberos
This commit is contained in:
Till Maas
parent
edbcae6000
commit
3236ac3eae
3 changed files with 10 additions and 20 deletions
|
|
@ -33,6 +33,9 @@
|
|||
- role: keytab/service
|
||||
service: kojira
|
||||
host: "koji{{env_suffix}}.fedoraproject.org"
|
||||
- role: keytab/service
|
||||
service: koji-gc
|
||||
host: "koji{{env_suffix}}.fedoraproject.org"
|
||||
- koji_hub
|
||||
- role: keytab/service
|
||||
service: shadow
|
||||
|
|
|
|||
|
|
@ -407,24 +407,6 @@
|
|||
- koji_hub
|
||||
when: env != 'staging' and ansible_hostname.startswith('koji')
|
||||
|
||||
- name: install cert for oscar (garbage collector) user
|
||||
copy: src={{ private }}/files/koji/gc/oscar_key_and_cert.pem dest=/etc/koji-gc/client.crt
|
||||
tags:
|
||||
- koji_hub
|
||||
when: env != 'staging' and ansible_hostname.startswith('koji')
|
||||
|
||||
- name: install serverca cert for oscar (garbage collector) user
|
||||
copy: src={{ private }}/files/fedora-ca.cert dest=/etc/koji-gc/serverca.crt
|
||||
tags:
|
||||
- koji_hub
|
||||
when: env != 'staging' and ansible_hostname.startswith('koji')
|
||||
|
||||
- name: install clientca cert for oscar (garbage collector) user
|
||||
copy: src={{ private }}/files/fedora-ca.cert dest=/etc/koji-gc/clientca.crt
|
||||
tags:
|
||||
- koji_hub
|
||||
when: env != 'staging' and ansible_hostname.startswith('koji')
|
||||
|
||||
- name: install koji-gc.conf
|
||||
template: src=koji-gc.conf.j2 dest=/etc/koji-gc/koji-gc.conf
|
||||
tags:
|
||||
|
|
|
|||
|
|
@ -2,6 +2,11 @@
|
|||
#earlier = higher precedence!
|
||||
|
||||
[main]
|
||||
; For Kerberos authentication
|
||||
; the principal to connect with
|
||||
principal=koji-gc/koji{{env_suffix}}.fedoraproject.org@{{ipa_realm}}
|
||||
; The location of the keytab for the principal above
|
||||
keytab=/etc/krb5.koji-gc_koji{{env_suffix}}.fedoraproject.org.keytab
|
||||
krb_rdns = True
|
||||
|
||||
key_aliases =
|
||||
|
|
@ -50,9 +55,9 @@ unprotected_keys =
|
|||
fedora-epel-6
|
||||
fedora-epel-7
|
||||
|
||||
server = https://koji.fedoraproject.org/kojihub
|
||||
server = {{ koji_server_url }}
|
||||
serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
weburl = http://koji.fedoraproject.org/koji
|
||||
weburl = {{ koji_web_url }}
|
||||
from_addr = Koji Build System <buildsys@fedoraproject.org>
|
||||
|
||||
[prune]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue