Configure GSSAPI auth for koschei stg

roles/koschei/backend/tasks/main.yml

@@ -51,6 +51,20 @@
   - config
   - service
 
+- name: install systemd config files (environment)
+  template: >
+    src=systemd-environment.conf.j2
+    dest=/etc/systemd/system/{{ item }}.service.d/environment.conf
+  with_items: "{{ koschei_backend_services }}"
+  when: env == 'staging'
+  notify:
+  - reload systemd
+  - restart koschei backend services
+  tags:
+  - koschei
+  - config
+  - service
+
 - name: install config files
   template: >
     src="{{ item }}.j2"

roles/koschei/backend/templates/config-backend.cfg.j2

@@ -14,6 +14,9 @@ config = {
         "server": "https://{{ koschei_koji_hub }}/kojihub",
         "weburl": "https://{{ koschei_koji_web }}/koji",
         "topurl": "https://{{ koschei_kojipkgs }}",
+        {% if env == 'staging' %}
+        "login_method": "gssapi_login",
+        {% else %}
         "login_method": "krb_login",
         "login_args": {
             "keytab": "/etc/krb5.koschei_{{ inventory_hostname }}.keytab",
@@ -22,6 +25,7 @@ config = {
         "session_opts": {
             "krb_rdns": False,
         },
+        {% endif %}
         {% if env == 'staging' %}
         "max_builds": 16,
         "build_arches": ['x86_64'],

roles/koschei/backend/templates/systemd-environment.conf.j2

@@ -0,0 +1,2 @@
+[Service]
+Environment="KRB5_CLIENT_KTNAME=FILE:/etc/krb5.koschei_{{ inventory_hostname }}.keytab"