Ipsilon: rename the service keytab file for coherence

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

playbooks/openshift-apps/ipsilon.yml

@@ -28,7 +28,7 @@
 
   - role: openshift/keytab
     app: ipsilon
-    key: ipsilon-keytab
+    key: service.keytab
     secret_name: ipsilon-keytab
     service: HTTP
     host: "id{{ env_suffix }}.fedoraproject.org"

roles/ipsilon/templates/configmap.yml

@@ -21,8 +21,8 @@ data:
      ticket_lifetime = 24h
      renew_lifetime = 7d
      forwardable = true
-     default_keytab_name = FILE:/etc/keytabs/ipsilon-keytab
-     default_client_keytab_name = FILE:/etc/keytabs/ipsilon-keytab
+     default_keytab_name = FILE:/etc/keytabs/service.keytab
+     default_client_keytab_name = FILE:/etc/keytabs/service.keytab
     [realms]
      {{ ipa_realm }} = {
       kdc = https://id{{ env_suffix }}.fedoraproject.org/KdcProxy

roles/ipsilon/templates/ipsilon-httpd.conf.j2

@@ -31,7 +31,7 @@ WSGIRestrictSignal Off
 
 <Location /login/gssapi/negotiate>
     AuthName "GSSAPI Single Sign On Login"
-    GssapiCredStore keytab:/etc/keytabs/ipsilon-keytab
+    GssapiCredStore keytab:/etc/keytabs/service.keytab
     AuthType GSSAPI
     # This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
     GssapiSSLonly Off