Deploy krb5.conf for bodhi

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-04-17 02:10:57 +00:00 · 2018-04-17 02:10:57 +00:00 · 251555b692
commit 251555b692
parent 559e7652b4
2 changed files with 32 additions and 1 deletions
--- a/roles/bodhi2/base/templates/configmap.yml
+++ b/roles/bodhi2/base/templates/configmap.yml
@ -6,6 +6,35 @@ metadata:
  labels:
    app: bodhi
 data:
+  krb5.conf: |-
+    [logging]
+     default = FILE:/var/log/krb5libs.log
+     kdc = FILE:/var/log/krb5kdc.log
+     admin_server = FILE:/var/log/kadmind.log
+    
+    [libdefaults]
+     default_realm = {{ ipa_realm }}
+     rdns = false
+     dns_canonicalize_hostname = false
+     dns_lookup_realm = false
+     dns_lookup_kdc = false
+     ticket_lifetime = 24h
+     renew_lifetime = 7d
+     forwardable = true
+    
+    [realms]
+     {{ ipa_realm }} = {
+      kdc = ipa01{{ env_suffix }}.phx2.fedoraproject.org
+     }
+    
+    [domain_realm]
+     .fedoraproject.org = FEDORAPROJECT.ORG
+     fedoraproject.org = FEDORAPROJECT.ORG
+    {% if env == "staging" %}
+     .stg.phx2.fedoraproject.org = STG.FEDORAPROJECT.ORG
+    {% endif %}
+     .stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
+     stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
  production.ini: |-
    {%- macro production_ini() %}    {% include "production.ini.j2" %}{%- endmacro -%}
    {{ production_ini() | indent() }}
--- a/roles/openshift-apps/bodhi/templates/buildconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/buildconfig.yml
@ -29,7 +29,9 @@ items:
        RUN mkdir -p /etc/pki/fedmsg/
        RUN ln -sf /etc/pki/fedmsg/key/fedmsg-bodhi.key /etc/pki/fedmsg/bodhi.key
        RUN ln -sf /etc/pki/fedmsg/crt/fedmsg-bodhi.crt /etc/pki/fedmsg/bodhi.crt
-        # Link keytab
+        # Set up krb5
+        RUN rm -f /etc/krb5.conf
+        RUN ln -sf /etc/bodhi/krb5.conf /etc/krb5.conf
        RUN ln -sf /etc/keytabs/koji-keytab /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab
        EXPOSE 8080
        ENV USER=openshift