All builders are now krb_builder's
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
parent
c158f3412d
commit
80d0dca5e3
4 changed files with 0 additions and 23 deletions
|
|
@ -27,9 +27,7 @@
|
||||||
- role: keytab/service
|
- role: keytab/service
|
||||||
kt_location: /etc/kojid/kojid.keytab
|
kt_location: /etc/kojid/kojid.keytab
|
||||||
service: compile
|
service: compile
|
||||||
when: env == "staging" or krb_builder
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- include: "{{ tasks }}/2fa_client.yml"
|
- include: "{{ tasks }}/2fa_client.yml"
|
||||||
when: not inventory_hostname.startswith('bkernel')
|
when: not inventory_hostname.startswith('bkernel')
|
||||||
- include: "{{ tasks }}/motd.yml"
|
- include: "{{ tasks }}/motd.yml"
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,6 @@
|
||||||
- role: keytab/service
|
- role: keytab/service
|
||||||
kt_location: /etc/kojid/kojid.keytab
|
kt_location: /etc/kojid/kojid.keytab
|
||||||
service: compile
|
service: compile
|
||||||
when: env == "staging" or krb_builder
|
|
||||||
- role: keytab/service
|
- role: keytab/service
|
||||||
owner_user: root
|
owner_user: root
|
||||||
owner_group: root
|
owner_group: root
|
||||||
|
|
|
||||||
|
|
@ -145,20 +145,11 @@
|
||||||
- koji_builder
|
- koji_builder
|
||||||
# done oz/imagefactory
|
# done oz/imagefactory
|
||||||
|
|
||||||
- name: copy over koji ca cert
|
|
||||||
copy: src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/etc/kojid/cacert.pem
|
|
||||||
|
|
||||||
- name: copy over /etc/security/limits.conf
|
- name: copy over /etc/security/limits.conf
|
||||||
copy: src=limits.conf dest=/etc/security/limits.conf
|
copy: src=limits.conf dest=/etc/security/limits.conf
|
||||||
tags:
|
tags:
|
||||||
- koji_builder
|
- koji_builder
|
||||||
|
|
||||||
- name: copy over builder cert to /etc/kojid/kojibuilder.pem
|
|
||||||
copy: src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600
|
|
||||||
when: not krb_builder
|
|
||||||
tags:
|
|
||||||
- koji_builder
|
|
||||||
|
|
||||||
# oz.cfg upstream ram and cpu definitions are not enough
|
# oz.cfg upstream ram and cpu definitions are not enough
|
||||||
- name: oz.cfg
|
- name: oz.cfg
|
||||||
copy: src=oz.cfg dest=/etc/oz/oz.cfg
|
copy: src=oz.cfg dest=/etc/oz/oz.cfg
|
||||||
|
|
|
||||||
|
|
@ -66,22 +66,11 @@ from_addr=Fedora Koji Build System <buildsys@fedoraproject.org>
|
||||||
|
|
||||||
;configuration for SSL athentication
|
;configuration for SSL athentication
|
||||||
|
|
||||||
{% if env == "staging" or krb_builder %}
|
|
||||||
; Kerberos configuration
|
; Kerberos configuration
|
||||||
host_principal_format = compile/%s@{{ ipa_realm }}
|
host_principal_format = compile/%s@{{ ipa_realm }}
|
||||||
keytab = /etc/kojid/kojid.keytab
|
keytab = /etc/kojid/kojid.keytab
|
||||||
krbservice = host
|
krbservice = host
|
||||||
krb_rdns = false
|
krb_rdns = false
|
||||||
{% else %}
|
|
||||||
;client certificate - puppet generated
|
|
||||||
cert = /etc/kojid/kojibuilder.pem
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
;certificate of the CA that issued the client certificate
|
|
||||||
ca = /etc/kojid/cacert.pem
|
|
||||||
|
|
||||||
;certificate of the CA that issued the HTTP server certificate
|
|
||||||
serverca = /etc/kojid/cacert.pem
|
|
||||||
|
|
||||||
{% if 'runroot' in group_names %}
|
{% if 'runroot' in group_names %}
|
||||||
; Config for it lives in /etc/kojid/runroot.conf
|
; Config for it lives in /etc/kojid/runroot.conf
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue