From 7374fd72457eeb527007d886175ce6e0bee3e591 Mon Sep 17 00:00:00 2001
From: Adam Miller <admiller@redhat.com>
Date: Thu, 1 Dec 2016 16:42:12 +0000
Subject: [PATCH] fix osbs krb5 keytab path, add new koji_kerb conf in
 osbs-client role

Signed-off-by: Adam Miller <admiller@redhat.com>
---
 playbooks/groups/buildvm.yml             |  6 +++---
 playbooks/groups/koji-hub.yml            |  6 +++---
 playbooks/groups/osbs-cluster.yml        | 12 ++++++------
 roles/osbs-client/defaults/main.yml      |  3 +++
 roles/osbs-client/templates/osbs.conf.j2 | 18 ++++++++++++++++++
 5 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index a1807bb22e..eb90179547 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -56,9 +56,9 @@
         default: {
           username: "{{ osbs_koji_stg_username }}",
           password: "{{ osbs_koji_stg_password }}",
-          use_kerberos: True,
-          kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}",
-          kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
+          koji_use_kerberos: True,
+          koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
+          koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
           openshift_url: 'https://{{ osbs_url }}/',
           registry_uri: 'https://{{ docker_registry }}/v2',
           source_registry_uri: 'https://{{ source_registry }}/v2',
diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml
index 77857a4a61..6cb1e0090e 100644
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@@ -42,9 +42,9 @@
         default: {
           username: "{{ osbs_koji_prod_username }}",
           password: "{{ osbs_koji_prod_password }}",
-          use_kerberos: True,
-          kerberos_keytab: "/etc/krb5.osbs_{{osbs_url}}",
-          kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
+          koji_use_kerberos: True,
+          koji_kerberos_keytab: "/etc/krb5.osbs_{{osbs_url}}.keytab",
+          koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
           openshift_url: 'https://{{ osbs_url }}/',
           registry_uri: 'https://{{ docker_registry }}/v2',
           source_registry_uri: 'https://{{ source_registry }}/v2',
diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml
index 4f90ffdde8..d8a676401c 100644
--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@@ -466,9 +466,9 @@
         default: {
           username: "{{ osbs_koji_stg_username }}",
           password: "{{ osbs_koji_stg_password }}",
-          use_kerberos: True,
-          kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}",
-          kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
+          koji_use_kerberos: True,
+          koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
+          koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
           openshift_url: 'https://{{osbs_url}}/',
           registry_uri: 'https://{{docker_registry}}/v2',
           source_registry_uri: 'https://{{source_registry}}/v2',
@@ -498,9 +498,9 @@
         default: {
           username: "{{ osbs_koji_prod_username }}",
           password: "{{ osbs_koji_prod_password }}",
-          use_kerberos: True,
-          kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}",
-          kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
+          koji_use_kerberos: True,
+          koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
+          koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
           openshift_url: 'https://{{osbs_url}}/',
           registry_uri: 'https://{{docker_registry}}/v2',
           source_registry_uri: 'https://{{source_registry}}/v2',
diff --git a/roles/osbs-client/defaults/main.yml b/roles/osbs-client/defaults/main.yml
index 5882bae2b9..46b634fe20 100644
--- a/roles/osbs-client/defaults/main.yml
+++ b/roles/osbs-client/defaults/main.yml
@@ -33,6 +33,9 @@ default:
   registry_api_versions: v2
   builder_openshift_url: https://172.17.0.1:8443/
   koji_certs_secret: false
+  koji_use_kerberos: false
+  koji_kerberos_keytab: ""
+  koji_kerberos_principal: ""
   use_kerberos: false
   kerberos_keytab: ""
   kerberos_principal: ""
diff --git a/roles/osbs-client/templates/osbs.conf.j2 b/roles/osbs-client/templates/osbs.conf.j2
index aea56762fc..ba245a98c7 100644
--- a/roles/osbs-client/templates/osbs.conf.j2
+++ b/roles/osbs-client/templates/osbs.conf.j2
@@ -13,6 +13,15 @@ password = {{ default.password }}
 {% if default.koji_certs_secret is defined %}
 koji_certs_secret = {{ default.koji_certs_secret }}
 {% endif %}
+{% if default.koji_use_kerberos is defined %}
+koji_use_kerberos = {{ default.koji_use_kerberos }}
+{% endif %}
+{% if default.koji_kerberos_keytab is defined %}
+koji_kerberos_keytab = {{ default.koji_kerberos_keytab }}
+{% endif %}
+{% if default.koji_kerberos_principal is defined %}
+koji_kerberos_principal = {{ default.koji_kerberos_principal }}
+{% endif %}
 {% if default.use_kerberos is defined %}
 use_kerberos = {{ default.use_kerberos }}
 {% endif %}
@@ -50,6 +59,15 @@ password = {{ default.password }}
 {% if default.koji_certs_secret is defined %}
 koji_certs_secret = {{ default.koji_certs_secret }}
 {% endif %}
+{% if default.koji_use_kerberos is defined %}
+koji_use_kerberos = {{ default.koji_use_kerberos }}
+{% endif %}
+{% if default.koji_kerberos_keytab is defined %}
+koji_kerberos_keytab = {{ default.koji_kerberos_keytab }}
+{% endif %}
+{% if default.koji_kerberos_principal is defined %}
+koji_kerberos_principal = {{ default.koji_kerberos_principal }}
+{% endif %}
 {% if default.use_kerberos is defined %}
 use_kerberos = {{ default.use_kerberos }}
 {% endif %}