IPA client for openshift: deploy a krb5.conf file

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

roles/openshift/ipa-client/defaults/main.yml

@@ -0,0 +1 @@
+public_hostname: "{{ inventory_hostname }}"

roles/openshift/ipa-client/templates/configmap.yml

@@ -11,3 +11,5 @@ data:
     {{ load_file('default.conf') | indent(4) }}
   ca.crt: |-
     {{ ipa_ca_cert | indent(4) }}
+  krb5.conf: |-
+    {{ load_file('krb5.conf') | indent(4) }}

roles/openshift/ipa-client/templates/krb5.conf

@@ -0,0 +1,36 @@
+# includedir /etc/krb5.conf.d/
+
+[libdefaults]
+  default_realm = {{ ipa_realm }}
+  dns_lookup_realm = false
+  dns_lookup_kdc = false
+  rdns = false
+  dns_canonicalize_hostname = false
+  ticket_lifetime = 24h
+  renew_lifetime = 7d
+  forwardable = true
+  udp_preference_limit = 0
+  default_ccache_name = FILE:/tmp/%u.ccache
+  default_keytab_name = FILE:/etc/keytabs/host.keytab
+
+[realms]
+  {{ ipa_realm }} = {
+    kdc = {{ ipa_server }}:88
+    master_kdc = {{ ipa_server }}:88
+    admin_server = {{ ipa_server }}:749
+    kpasswd_server = {{ ipa_server }}:464
+    default_domain = {{ ipa_realm | lower }}
+    pkinit_anchors = FILE:/etc/ipa/ca.crt
+    pkinit_pool = FILE:/etc/ipa/ca.crt
+  }
+
+[domain_realm]
+  .fedoraproject.org = FEDORAPROJECT.ORG
+  fedoraproject.org = FEDORAPROJECT.ORG
+  .{{ datacenter }}.fedoraproject.org = FEDORAPROJECT.ORG
+  {{ datacenter }}.fedoraproject.org = FEDORAPROJECT.ORG
+  .stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
+  stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
+  .{{ datacenter }}.stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
+  {{ datacenter }}.stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
+  {{ public_hostname }} = {{ ipa_realm }}