particle-os/debian-koji-osbuild
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

container/builder: switch to kerberos auth

Browse source 
Instead of using client certificates, use kerberos auth.
This commit is contained in:
Christian Kellner 2020-09-05 16:31:02 +02:00
parent 63355fe0a4
commit 2597569855
4 changed files with 19 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
container/builder/Dockerfile
View file

@ -14,5 +14,6 @@ RUN dnf -y upgrade \
COPY container/builder/kojid.conf /etc/kojid/kojid.conf
COPY plugins/builder/osbuild.py /usr/lib/koji-builder-plugins/
COPY container/builder/run-kojid.sh /app/run-kojid.sh
COPY container/builder/osbuild.krb5.conf /etc/krb5.conf.d/
ENTRYPOINT /app/run-kojid.sh

16
container/builder/kojid.conf
View file

@ -1,13 +1,15 @@
[kojid]
server=http://localhost/kojihub
user = b1.localhost
topurl=http://localhost/kojifiles
server=http://org.osbuild.koji.koji/kojihub
topurl=http://org.osbuild.koji.koji/kojifiles
workdir=/tmp/koji
topdir=/mnt/koji
cert = /share/ssl/kojid/client.pem
ca = /share/ssl/kojid/serverca.crt
serverca = /share/ssl/kojid/serverca.crt
host_principal_format = compile/%s@LOCAL
keytab = /share/kojid.keytab
plugins = osbuild
; cert = /share/ssl/kojid/client.pem
; ca = /share/ssl/kojid/serverca.crt
serverca = /share/ca-crt.pem
plugins = osbuild

5
container/builder/osbuild.krb5.conf Normal file
View file

@ -0,0 +1,5 @@
[realms]
LOCAL = {
kdc = org.osbuild.koji.kdc
admin_server = org.osbuild.koji.kdc
}

8
container/builder/run-kojid.sh
View file

@ -1,16 +1,16 @@
#!/bin/bash
set -eux
koji --server=http://localhost/kojihub \
koji --server=http://org.osbuild.koji.koji/kojihub \
--user=kojiadmin \
--password=kojipass \
--authtype=password \
add-host kojid i386 x86_64 || true
add-host org.osbuild.koji.kojid i386 x86_64 || true
koji --server=http://localhost/kojihub \
koji --server=http://org.osbuild.koji.koji/kojihub \
--user=kojiadmin \
--password=kojipass \
--authtype=password \
add-host-to-channel kojid image || true
add-host-to-channel org.osbuild.koji.kojid image || true
/usr/sbin/kojid -d -v -f --force-lock || cat /var/log/kojid.log