Make Koschei backend auth to Koji using GSSAPI

2018-02-08 12:46:50 +01:00 · 2018-02-08 12:46:50 +01:00 · da2e9766d7
commit da2e9766d7
parent 0eec23dcd8
3 changed files with 3 additions and 19 deletions
--- a/roles/koschei/backend/tasks/main.yml
+++ b/roles/koschei/backend/tasks/main.yml
@ -56,7 +56,6 @@
    src=systemd-environment.conf.j2
    dest=/etc/systemd/system/{{ item }}.service.d/environment.conf
  with_items: "{{ koschei_backend_services }}"
-  when: env == 'staging'
  notify:
  - reload systemd
  - restart koschei backend services
--- a/roles/koschei/backend/templates/config-backend.cfg.j2
+++ b/roles/koschei/backend/templates/config-backend.cfg.j2
@ -14,18 +14,7 @@ config = {
        "server": "https://{{ koschei_koji_hub }}/kojihub",
        "weburl": "https://{{ koschei_koji_web }}/koji",
        "topurl": "https://{{ koschei_kojipkgs }}",
-        {% if env == 'staging' %}
        "login_method": "gssapi_login",
-        {% else %}
-        "login_method": "krb_login",
-        "login_args": {
-            "keytab": "/etc/krb5.koschei_{{ inventory_hostname }}.keytab",
-            "principal": "koschei/{{ inventory_hostname }}@{{ ipa_realm }}",
-        },
-        "session_opts": {
-            "krb_rdns": False,
-        },
-        {% endif %}
        {% if env == 'staging' %}
        "max_builds": 16,
        "build_arches": ['x86_64'],
--- a/roles/koschei/backend/templates/koji.conf.j2
+++ b/roles/koschei/backend/templates/koji.conf.j2
@ -1,11 +1,7 @@
 [koji]
-server = http://{{ koschei_koji_hub }}/kojihub
-topurl = http://{{ koschei_kojipkgs }}
-weburl = http://{{ koschei_koji_web }}/koji
+server = https://{{ koschei_koji_hub }}/kojihub
+topurl = https://{{ koschei_kojipkgs }}
+weburl = https://{{ koschei_koji_web }}/koji
 topdir = /mnt/koji
 authtype = kerberos
 krbservice = host
-principal = koschei/{{ inventory_hostname }}@{{ ipa_realm }}
-keytab = /etc/krb5.koschei_{{ inventory_hostname }}.keytab
-ccache = /tmp/koschei-koji-krb-ccache
-krb_rdns = False