Refresh the OSBS ODCS OIDC token.
Signed-off-by: Clement Verna <cverna@tutanota.com>
This commit is contained in:
Clement Verna
parent
8db145eba7
commit
54b65662d0
1 changed files with 24 additions and 0 deletions
24
refresh_osbs_odcs_oicd_token.md
Normal file
24
refresh_osbs_odcs_oicd_token.md
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
# How to refresh the odcs oidc token used by OSBS
|
||||
|
||||
OSBS needs to trigger composes to ODCS for flatpak build, this is done using an OIDC token to authenticate the requests.
|
||||
This token expires every 365 days so it needs to be regenerated every year.
|
||||
|
||||
## Generate a new token
|
||||
In the ansible repo run the following command:
|
||||
|
||||
scripts/generate-oidc-token osbs -e 365 -s https://id.fedoraproject.org/scope/groups -s https://pagure.io/odcs/new-compose -s https://pagure.io/odcs/renew-compose -s https://pagure.io/odcs/delete-compose
|
||||
|
||||
|
||||
Follow the instructions given by the script and run the SQL command on the ipsilon database server:
|
||||
|
||||
ssh db-fas01.iad2.fedoraproject.org
|
||||
sudo -u postgres -i ipsilon
|
||||
ipsilon=# BEGIN;
|
||||
....
|
||||
ipsilon=# COMMIT;
|
||||
|
||||
Save the value of the token generated by the script in the ansible-private repo under `ansible-private/files/osbs/production/odcs-oidc-token` (same needs to be done for the staging cluster)
|
||||
|
||||
## Deploy the change
|
||||
|
||||
Run the following playbook to deploy the new token `ansible-playbook /srv/web/infra/ansible/playbooks/groups/osbs/configure-osbs.yml`
|
||||
Loading…
Add table
Add a link
Reference in a new issue