25 lines
1.1 KiB
Markdown
25 lines
1.1 KiB
Markdown
|
# How to refresh the odcs oidc token used by OSBS
|
||
|
|
|
||
|
|
OSBS needs to trigger composes to ODCS for flatpak build, this is done using an OIDC token to authenticate the requests.
|
||
|
|
This token expires every 365 days so it needs to be regenerated every year.
|
||
|
|
|
||
|
|
## Generate a new token
|
||
|
|
In the ansible repo run the following command:
|
||
|
|
|
||
|
|
scripts/generate-oidc-token osbs -e 365 -s https://id.fedoraproject.org/scope/groups -s https://pagure.io/odcs/new-compose -s https://pagure.io/odcs/renew-compose -s https://pagure.io/odcs/delete-compose
|
||
|
|
|
||
|
|
|
||
|
|
Follow the instructions given by the script and run the SQL command on the ipsilon database server:
|
||
|
|
|
||
|
|
ssh db-fas01.iad2.fedoraproject.org
|
||
|
|
sudo -u postgres -i ipsilon
|
||
|
|
ipsilon=# BEGIN;
|
||
|
|
....
|
||
|
|
ipsilon=# COMMIT;
|
||
|
|
|
||
|
|
Save the value of the token generated by the script in the ansible-private repo under `ansible-private/files/osbs/production/odcs-oidc-token` (same needs to be done for the staging cluster)
|
||
|
|
|
||
|
|
## Deploy the change
|
||
|
|
|
||
|
|
Run the following playbook to deploy the new token `ansible-playbook /srv/web/infra/ansible/playbooks/groups/osbs/configure-osbs.yml`
|