From dab038065328bcbb46fb1553fbc336802f017724 Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Thu, 9 Apr 2020 15:39:41 +0200 Subject: [PATCH] releng: copy the koji.conf needed to authenticate Signed-off-by: Clement Verna --- playbooks/manual/releng/koji-release-tags.yml | 10 ++++- .../manual/releng/templates/koji.conf.j2 | 39 +++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 playbooks/manual/releng/templates/koji.conf.j2 diff --git a/playbooks/manual/releng/koji-release-tags.yml b/playbooks/manual/releng/koji-release-tags.yml index 0ed8f71a88..d929593a9d 100644 --- a/playbooks/manual/releng/koji-release-tags.yml +++ b/playbooks/manual/releng/koji-release-tags.yml @@ -7,15 +7,21 @@ - ktdreyer.koji_ansible tasks: + - name: copy the koji.conf file with the correct variables + template: + src: koji.conf.j2 + dest: /etc/koji.conf + owner: root + group: root + mode: 0644 + - name: create the main koji tag koji_tag: - koji: stg name: f33 state: present perm: admin - name: create the updates tag koji_tag: - koji: stg name: f33-updates state: present perm: admin diff --git a/playbooks/manual/releng/templates/koji.conf.j2 b/playbooks/manual/releng/templates/koji.conf.j2 new file mode 100644 index 0000000000..bf2ae4918e --- /dev/null +++ b/playbooks/manual/releng/templates/koji.conf.j2 @@ -0,0 +1,39 @@ +[koji] +;configuration for koji cli tool +;url of XMLRPC server +server = https://koji{{env_suffix}}.fedoraproject.org/kojihub + +;url of web interface +weburl = https://koji{{env_suffix}}.fedoraproject.org/koji + +topurl = https://kojipkgs{{env_suffix}}.fedoraproject.org/ + +;configuration for Kerberos authentication +authtype = kerberos +krb_rdns = false + +;the service name of the principal being used by the hub +krbservice = compose + +;the principal to auth as for automated clients +{% if env == "staging" %} +principal = compose/koji.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG +krb_server_realm = STG.FEDORAPROJECT.ORG +keytab = /etc/krb5.compose_koji.stg.phx2.fedoraproject.org.keytab +{% else %} +principal = compose/koji.fedoraproject.org@FEDORAPROJECT.ORG +krb_server_realm = FEDORAPROJECT.ORG +keytab = /etc/krb5.compose_koji.phx2.fedoraproject.org.keytab +{%endif%} + +;enable to lookup dns canonical hostname for krb auth +;krb_canon_host = no + +;[not_implemented_yet] +;enabled plugins for CLI, runroot and save_failed_tree are available +;plugins = +; runroot plugin is enabled by default in fedora +plugins = runroot + +; use the fast upload feature of koji by default +use_fast_upload = yes