On Fri, Apr 27, 2018 at 02:02:34PM +0200, Clement Verna wrote:
Currently OSBS builds are failing because of the kerberos
configuration not been up-to-date.
I would like to add the following to the osbs-playbook, this will make
sure that the buildroot container is rebuild using the latest
krb5.conf file.
+1 ?
+1 for me
Pierre
diff --git a/files/osbs/buildroot-Dockerfile-production.j2
b/files/osbs/buildroot-Dockerfile-production.j2
index 70b556380..3ac044d32 100644
--- a/files/osbs/buildroot-Dockerfile-production.j2
+++ b/files/osbs/buildroot-Dockerfile-production.j2
@@ -2,7 +2,8 @@ FROM
registry.fedoraproject.org/fedora
ADD ./infra-tags.repo /etc/yum.repos.d/infra-tags.repo
RUN dnf -y install --refresh dnf-plugins-core && dnf -y install
docker git python-setuptools e2fsprogs koji python-backports-lzma
osbs-client python-osbs-client gssproxy fedpkg python-docker-squash
atomic-reactor python-atomic-reactor* go-md2man
RUN dnf -y install --refresh python2-productmd python3-productmd
libmodulemd python2-gobject python3-gobject python2-modulemd
python3-modulemd python2-pdc-client python3-pdc-client
-RUN sed -i 's|.*default_ccache_name.*| default_ccache_name =
DIR:/tmp/ccache_%{uid}|g' /etc/krb5.conf
+ADD ./krb5.conf /etc
+RUN printf '[libdefaults]\n default_ccache_name =
DIR:/tmp/ccache_%{uid}' >/etc/krb5.conf.d/ccache.conf
ADD ./krb5.osbs_{{osbs_url}}.keytab /etc/
ADD ./ca.crt /etc/pki/ca-trust/source/anchors/osbs.ca.crt
RUN update-ca-trust
diff --git a/playbooks/groups/osbs-cluster.yml
b/playbooks/groups/osbs-cluster.yml
index 77d9a941c..4c09307ae 100644
--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@@ -795,6 +795,14 @@
notify:
- buildroot container
+ - name: Upload krb5.conf for buildroot container
+ template:
+ src: "{{ ansible }}/roles/base/templates/krb5.conf.j2"
+ dest: "/etc/osbs/buildroot/krb5.conf"
+ mode: 0644
+ notify:
+ - buildroot container
+
- name: Upload internal CA for buildroot
copy:
src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem"
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org