From ec87815defd353e9ad4b8aa4cbf7776f03686ff2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Kalu=C5=BEa?= <jkaluza@redhat.com>
Date: Tue, 28 Nov 2017 08:20:17 +0000
Subject: [PATCH] Generate keytab for ODCS and use it in Koji profile.

---
 playbooks/groups/odcs.yml                                 | 6 ++++++
 roles/odcs/backend/templates/etc/koji.conf.d/odcs.conf.j2 | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/playbooks/groups/odcs.yml b/playbooks/groups/odcs.yml
index 89b518a233..ada36c7c64 100644
--- a/playbooks/groups/odcs.yml
+++ b/playbooks/groups/odcs.yml
@@ -115,6 +115,12 @@
     nfs_src_dir: 'fedora_koji'
     when: env == 'staging'
 
+  - role: keytab/service
+    service: odcs
+    owner_user: odcs
+    owner_group: odcs
+    host: "odcs{{env_suffix}}.fedoraproject.org"
+
   post_tasks:
   - file: src=/mnt/fedora_koji/koji dest=/mnt/koji state=link
     tags: nfs/client
diff --git a/roles/odcs/backend/templates/etc/koji.conf.d/odcs.conf.j2 b/roles/odcs/backend/templates/etc/koji.conf.d/odcs.conf.j2
index 89d092f3f6..bea9632c66 100644
--- a/roles/odcs/backend/templates/etc/koji.conf.d/odcs.conf.j2
+++ b/roles/odcs/backend/templates/etc/koji.conf.d/odcs.conf.j2
@@ -4,6 +4,8 @@ weburl = https://koji.fedoraproject.org/koji
 topurl = https://kojipkgs.fedoraproject.org/
 authtype = kerberos
 krb_rdns = false
+principal = odcs/odcs.fedoraproject.org@FEDORAPROJECT.ORG
+keytab = /etc/krb5.odcs_odcs{{env_suffix}}.fedoraproject.org.keytab
 
 [staging]
 server = https://koji.stg.fedoraproject.org/kojihub
@@ -11,3 +13,6 @@ weburl = https://koji.stg.fedoraproject.org/koji
 topurl = https://kojipkgs.stg.fedoraproject.org/
 authtype = kerberos
 krb_rdns = false
+principal = odcs/odcs.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG
+keytab = /etc/krb5.odcs_odcs{{env_suffix}}.fedoraproject.org.keytab
+