Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Switch to krb for staging builders

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2016-10-28 12:37:13 +00:00
parent a23e33183d
commit a75297b0a2
2 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/koji_builder/tasks/main.yml
View file

@ -1,6 +1,12 @@
# #
# This is a base koji_builder role. # This is a base koji_builder role.
# #
dependencies:
- role: keytab/service
kt_location: /etc/kojid/kojid.keytab
service: compile
when: env == "staging"
- name: set hostname - name: set hostname
hostname: name="{{inventory_hostname}}" hostname: name="{{inventory_hostname}}"
tags: tags:

7
roles/koji_builder/templates/kojid.conf
View file

@ -66,8 +66,15 @@ from_addr=Fedora Koji Build System <buildsys@fedoraproject.org>
;configuration for SSL athentication ;configuration for SSL athentication
{% if env == "staging" %}
; Kerberos configuration
host_principal_format = compile/%s@{{ ipa_realm }}
keytab = /etc/kojid/kojid.keytab
krbservice = host
{% else %}
;client certificate - puppet generated ;client certificate - puppet generated
cert = /etc/kojid/kojibuilder.pem cert = /etc/kojid/kojibuilder.pem
{% endif %}
;certificate of the CA that issued the client certificate ;certificate of the CA that issued the client certificate
ca = /etc/kojid/cacert.pem ca = /etc/kojid/cacert.pem