Infrastructure/infra-docs-fpo
3
0
Fork 0
Code Issues 100 Pull requests 6 Projects Releases Packages Wiki Activity Actions
infra-docs-fpo/modules/howtos/pages/refresh_osbs_odcs_oicd_token.adoc
Nils Philippsen b4afb2f945 DC move: iad => rdu3, 10.3. => 10.16. 
And remove some obsolete things.

Signed-off-by: Nils Philippsen <nils@redhat.com>
2025-07-04 16:32:42 +02:00

33 lines
1.1 KiB
Text
Raw Permalink Blame History

= How to refresh the ODCS OIDC token used by OSBS
OSBS needs to trigger composes to ODCS for flatpak build, this is done using an OIDC token
to authenticate the requests.
This token expires every 365 days so it needs to be regenerated every year.
== Generate a new token
In the ansible repo run the following command:
----
scripts/generate-oidc-token osbs -e 365 -s https://id.fedoraproject.org/scope/groups -s https://pagure.io/odcs/new-compose -s https://pagure.io/odcs/renew-compose -s https://pagure.io/odcs/delete-compose
----
Follow the instructions given by the script and run the SQL command on the ipsilon database server:
----
ssh db-fas01.rdu3.fedoraproject.org
sudo -u postgres -i ipsilon
ipsilon=# BEGIN;
....
ipsilon=# COMMIT;
----
Save the value of the token generated by the script in the ansible-private repo under
`ansible-private/files/osbs/production/odcs-oidc-token` (same needs to be done for the
staging cluster)
== Deploy the change
Run the following playbook to deploy the new token
----
ansible-playbook /srv/web/infra/ansible/playbooks/groups/osbs/configure-osbs.yml
----
Reference in a new issue View git blame Copy permalink