koji: add config files to configure kerberos settings
Kerberos keytabs and principals are configured per koji server both in composer and in the worker. Signed-off-by: Tom Gundersen <teg@jklm.no>
This commit is contained in:
Tom Gundersen
parent
9666be2891
commit
c6cf9de85d
6 changed files with 129 additions and 17 deletions
|
|
@ -9,11 +9,13 @@ import (
|
|||
"os"
|
||||
"path"
|
||||
|
||||
"github.com/BurntSushi/toml"
|
||||
"github.com/osbuild/osbuild-composer/internal/distro/fedora31"
|
||||
"github.com/osbuild/osbuild-composer/internal/distro/fedora32"
|
||||
"github.com/osbuild/osbuild-composer/internal/distro/rhel8"
|
||||
"github.com/osbuild/osbuild-composer/internal/jobqueue/fsjobqueue"
|
||||
"github.com/osbuild/osbuild-composer/internal/kojiapi"
|
||||
"github.com/osbuild/osbuild-composer/internal/upload/koji"
|
||||
|
||||
"github.com/osbuild/osbuild-composer/internal/common"
|
||||
"github.com/osbuild/osbuild-composer/internal/distro"
|
||||
|
|
@ -25,6 +27,8 @@ import (
|
|||
"github.com/coreos/go-systemd/activation"
|
||||
)
|
||||
|
||||
const configFile = "/etc/osbuild-composer/osbuild-composer.toml"
|
||||
|
||||
type connectionConfig struct {
|
||||
CACertFile string
|
||||
ServerKeyFile string
|
||||
|
|
@ -55,10 +59,30 @@ func createTLSConfig(c *connectionConfig) (*tls.Config, error) {
|
|||
}
|
||||
|
||||
func main() {
|
||||
var config struct {
|
||||
KojiServers map[string]struct {
|
||||
Kerberos *struct {
|
||||
Principal string `toml:"principal"`
|
||||
KeyTab string `toml:"keytab"`
|
||||
} `toml:"kerberos,omitempty"`
|
||||
} `toml:"koji"`
|
||||
}
|
||||
var verbose bool
|
||||
flag.BoolVar(&verbose, "v", false, "Print access log")
|
||||
flag.Parse()
|
||||
|
||||
_, err := toml.DecodeFile(configFile, &config)
|
||||
if err == nil {
|
||||
log.Println("Composer configuration:")
|
||||
encoder := toml.NewEncoder(log.Writer())
|
||||
err := encoder.Encode(&config)
|
||||
if err != nil {
|
||||
log.Fatalf("Could not print config: %v", err)
|
||||
}
|
||||
} else if !os.IsNotExist(err) {
|
||||
log.Fatalf("Could not load config file '%s': %v", configFile, err)
|
||||
}
|
||||
|
||||
stateDir, ok := os.LookupEnv("STATE_DIRECTORY")
|
||||
if !ok {
|
||||
log.Fatal("STATE_DIRECTORY is not set. Is the service file missing StateDirectory=?")
|
||||
|
|
@ -151,7 +175,19 @@ func main() {
|
|||
|
||||
// Optionally run Koji API
|
||||
if kojiListeners, exists := listeners["osbuild-composer-koji.socket"]; exists {
|
||||
kojiServer := kojiapi.NewServer(workers, rpm, distros)
|
||||
kojiServers := make(map[string]koji.GSSAPICredentials)
|
||||
for server, creds := range config.KojiServers {
|
||||
if creds.Kerberos == nil {
|
||||
// For now we only support Kerberos authentication.
|
||||
continue
|
||||
}
|
||||
kojiServers[server] = koji.GSSAPICredentials{
|
||||
Principal: creds.Kerberos.Principal,
|
||||
KeyTab: creds.Kerberos.KeyTab,
|
||||
}
|
||||
}
|
||||
|
||||
kojiServer := kojiapi.NewServer(workers, rpm, distros, kojiServers)
|
||||
|
||||
tlsConfig, err := createTLSConfig(&connectionConfig{
|
||||
CACertFile: "/etc/osbuild-composer/ca-crt.pem",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue