Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Kerberize owner-sync-pkgdb

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2016-12-12 03:44:35 +00:00
parent c14c354416
commit 7df3878a7a
2 changed files with 14 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
playbooks/groups/bodhi-backend.yml
View file

@ -44,6 +44,8 @@
nfs_src_dir: 'fedora_koji'
when: env == 'staging'
- role: keytab/service
service: pkgdb
- role: keytab/service
owner_user: apache
owner_group: apache

15
roles/bodhi2/backend/templates/owner-sync-pkgdb.j2
View file

@ -47,15 +47,14 @@ def get_options():
# shamelessly stolen from koji CLI
opts = {
{% if env == 'staging' %}
'server': 'http://koji.stg.fedoraproject.org/kojihub',
'weburl': 'http://koji.stg.fedoraproject.org/koji',
'server': 'https://koji.stg.fedoraproject.org/kojihub',
'weburl': 'https://koji.stg.fedoraproject.org/koji',
{% else %}
'server': 'http://koji.fedoraproject.org/kojihub',
'weburl': 'http://koji.fedoraproject.org/koji',
'server': 'https://koji.fedoraproject.org/kojihub',
'weburl': 'https://koji.fedoraproject.org/koji',
{% endif %}
'cert': '/etc/pki/pkgdb/pkgdb.pem',
'ca': '/etc/pki/pkgdb/fedora-server-ca.cert',
'serverca': '/etc/pki/pkgdb/fedora-server-ca.cert'
'principal': 'pkgdb/{{inventor_hostname}}@{{ipa_realm}}',
'keytab': '/etc/krb5.pkgdb_{{inventory_hostname}}.keytab',
}
for configFile in ('/etc/koji.conf', os.path.expanduser('~/.koji/config')):
if os.access(configFile, os.F_OK):
@ -154,7 +153,7 @@ if __name__ == '__main__':
else:
session = koji.ClientSession("http://%s.koji.fedoraproject.org/kojihub" % arch)
try:
session.ssl_login(options['cert'], options['ca'], options['serverca'])
session.krb_login(options['principal'], options['keytab'])
except:
print "Unable to sync to %s hub" % arch
continue