From f7e3dcc2b2a9d7496cb9c748719cc2253ae40413 Mon Sep 17 00:00:00 2001
From: Michael Simacek <msimacek@redhat.com>
Date: Mon, 4 Dec 2017 10:54:22 +0200
Subject: [PATCH] Configure GSSAPI auth for koschei stg

---
 roles/koschei/backend/tasks/main.yml               | 14 ++++++++++++++
 .../backend/templates/config-backend.cfg.j2        |  4 ++++
 .../backend/templates/systemd-environment.conf.j2  |  2 ++
 3 files changed, 20 insertions(+)
 create mode 100644 roles/koschei/backend/templates/systemd-environment.conf.j2

diff --git a/roles/koschei/backend/tasks/main.yml b/roles/koschei/backend/tasks/main.yml
index 60ce4d4a61..ce9b44744d 100644
--- a/roles/koschei/backend/tasks/main.yml
+++ b/roles/koschei/backend/tasks/main.yml
@@ -51,6 +51,20 @@
   - config
   - service
 
+- name: install systemd config files (environment)
+  template: >
+    src=systemd-environment.conf.j2
+    dest=/etc/systemd/system/{{ item }}.service.d/environment.conf
+  with_items: "{{ koschei_backend_services }}"
+  when: env == 'staging'
+  notify:
+  - reload systemd
+  - restart koschei backend services
+  tags:
+  - koschei
+  - config
+  - service
+
 - name: install config files
   template: >
     src="{{ item }}.j2"
diff --git a/roles/koschei/backend/templates/config-backend.cfg.j2 b/roles/koschei/backend/templates/config-backend.cfg.j2
index cdffc6332c..e34c230d66 100644
--- a/roles/koschei/backend/templates/config-backend.cfg.j2
+++ b/roles/koschei/backend/templates/config-backend.cfg.j2
@@ -14,6 +14,9 @@ config = {
         "server": "https://{{ koschei_koji_hub }}/kojihub",
         "weburl": "https://{{ koschei_koji_web }}/koji",
         "topurl": "https://{{ koschei_kojipkgs }}",
+        {% if env == 'staging' %}
+        "login_method": "gssapi_login",
+        {% else %}
         "login_method": "krb_login",
         "login_args": {
             "keytab": "/etc/krb5.koschei_{{ inventory_hostname }}.keytab",
@@ -22,6 +25,7 @@ config = {
         "session_opts": {
             "krb_rdns": False,
         },
+        {% endif %}
         {% if env == 'staging' %}
         "max_builds": 16,
         "build_arches": ['x86_64'],
diff --git a/roles/koschei/backend/templates/systemd-environment.conf.j2 b/roles/koschei/backend/templates/systemd-environment.conf.j2
new file mode 100644
index 0000000000..559d2e0741
--- /dev/null
+++ b/roles/koschei/backend/templates/systemd-environment.conf.j2
@@ -0,0 +1,2 @@
+[Service]
+Environment="KRB5_CLIENT_KTNAME=FILE:/etc/krb5.koschei_{{ inventory_hostname }}.keytab"