From f239c0f263d23d8170d37ebe90623585628c6bdb Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Tue, 5 Dec 2017 16:00:54 +0100
Subject: [PATCH] Add custom krb5.conf file for simple-koji-ci

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 roles/simple-koji-ci/tasks/main.yml      |  1 +
 roles/simple-koji-ci/templates/krb5.conf | 35 ++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 roles/simple-koji-ci/templates/krb5.conf

diff --git a/roles/simple-koji-ci/tasks/main.yml b/roles/simple-koji-ci/tasks/main.yml
index ae072ce286..ed4911aec9 100644
--- a/roles/simple-koji-ci/tasks/main.yml
+++ b/roles/simple-koji-ci/tasks/main.yml
@@ -21,6 +21,7 @@
   with_items:
   - { file: simple_koji_ci.py, location: /etc/fedmsg.d }
   - { file: endpoints.py, location: /etc/fedmsg.d }
+  - { file: krb5.conf, location: /etc/ }
   changed_when: "1 != 1"
   tags:
   - config
diff --git a/roles/simple-koji-ci/templates/krb5.conf b/roles/simple-koji-ci/templates/krb5.conf
new file mode 100644
index 0000000000..4bb007188a
--- /dev/null
+++ b/roles/simple-koji-ci/templates/krb5.conf
@@ -0,0 +1,35 @@
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+{% if env == 'staging' %}
+ default_realm = STG.FEDORAPROJECT.ORG
+{% else %}
+ default_realm = FEDORAPROJECT.ORG
+{% endif %}
+ rdns = false
+ dns_canonicalize_hostname = false
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+
+[realms]
+{% if env == 'staging' %}
+ STG.FEDORAPROJECT.ORG = {
+  kdc = https://id.stg.fedoraproject.org/KdcProxy
+ }
+{% else %}
+ FEDORAPROJECT.ORG = {
+  kdc = https://id.fedoraproject.org/KdcProxy
+ }
+{% endif %}
+
+[domain_realm]
+ .fedoraproject.org = FEDORAPROJECT.ORG
+ fedoraproject.org = FEDORAPROJECT.ORG
+ .stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
+ stg.fedoraproject.org = STG.FEDORAPROJECT.ORG