Make Koschei backend auth to Koji using GSSAPI

roles/koschei/backend/tasks/main.yml

@@ -56,7 +56,6 @@
     src=systemd-environment.conf.j2
     dest=/etc/systemd/system/{{ item }}.service.d/environment.conf
   with_items: "{{ koschei_backend_services }}"
-  when: env == 'staging'
   notify:
   - reload systemd
   - restart koschei backend services

roles/koschei/backend/templates/config-backend.cfg.j2

@@ -14,18 +14,7 @@ config = {
         "server": "https://{{ koschei_koji_hub }}/kojihub",
         "weburl": "https://{{ koschei_koji_web }}/koji",
         "topurl": "https://{{ koschei_kojipkgs }}",
-        {% if env == 'staging' %}
         "login_method": "gssapi_login",
-        {% else %}
-        "login_method": "krb_login",
-        "login_args": {
-            "keytab": "/etc/krb5.koschei_{{ inventory_hostname }}.keytab",
-            "principal": "koschei/{{ inventory_hostname }}@{{ ipa_realm }}",
-        },
-        "session_opts": {
-            "krb_rdns": False,
-        },
-        {% endif %}
         {% if env == 'staging' %}
         "max_builds": 16,
         "build_arches": ['x86_64'],

roles/koschei/backend/templates/koji.conf.j2

@@ -1,11 +1,7 @@
 [koji]
-server = http://{{ koschei_koji_hub }}/kojihub
+server = https://{{ koschei_koji_hub }}/kojihub
-topurl = http://{{ koschei_kojipkgs }}
+topurl = https://{{ koschei_kojipkgs }}
-weburl = http://{{ koschei_koji_web }}/koji
+weburl = https://{{ koschei_koji_web }}/koji
 topdir = /mnt/koji
 authtype = kerberos
 krbservice = host
-principal = koschei/{{ inventory_hostname }}@{{ ipa_realm }}
-keytab = /etc/krb5.koschei_{{ inventory_hostname }}.keytab
-ccache = /tmp/koschei-koji-krb-ccache
-krb_rdns = False