fm-orchestrator

Clone
Source Code
GIT

#1633 C3I: switch koji auth from ssl to kerberos
Merged 3 years ago by breilly. Opened 3 years ago by mkovarik.
mkovarik/fm-orchestrator c3i_switch_to_krb  into  master

file modified
+1 -1 
@@ -29,7 +29,7 @@ 
 

            }
 

            openshift.withCluster() {
 

              openshift.withProject(params.PIPELINE_AS_A_SERVICE_BUILD_NAMESPACE) {
 

-               def services = 'umb mbs-frontend mbs-backend krb5 ldap koji-hub'
 

+               def services = 'umb mbs-frontend mbs-backend krb5 ldap koji-hub dist-git'
 

                if (env.REUSE_PROJECT == "true") {
 

                  c3i.buildAndWait(script: this, objs: "bc/pipeline-as-a-service",
 

                    '-e', "DEFAULT_IMAGE_TAG=${env.ENVIRONMENT}",

file modified
+2 -2 
@@ -79,8 +79,8 @@ 
 

         echo "${TEST_TARGET_BUILD_TAG} does not have perm set to admin"
 

         continue
 

      fi
 

-     if ! grep -q "  mock.package_manager : 'dnf'" ${TEST_TARGET_TAG_INFO_FILE}; then
 

-        echo "${TEST_TARGET_BUILD_TAG} is not configured to use dnf"
 

+     if ! grep -q "  mock.package_manager : 'yum'" ${TEST_TARGET_TAG_INFO_FILE}; then
 

+        echo "${TEST_TARGET_BUILD_TAG} is not configured to use yum"
 

         continue
 

      fi
 

      if ! grep -q "  repo_include_all : True" ${TEST_TARGET_TAG_INFO_FILE}; then

file modified
+2 -2 
@@ -82,8 +82,8 @@ 
 

          echo "${target.build_tag_name} does not have perm set to admin"
 

          return false
 

        }
 

-       if (taginfo.extra.get("mock.package_manager", "") != "dnf") {
 

-         echo "${target.build_tag_name} is not configured to use dnf"
 

+       if (taginfo.extra.get("mock.package_manager", "") != "yum") {
 

+         echo "${target.build_tag_name} is not configured to use yum"
 

          return false
 

        }
 

        if (!taginfo.extra.get("repo_include_all", false)) {

file modified
+4 -7 
@@ -11,8 +11,10 @@ 
 

      exit 0
 

  fi
 

  

+ DOMAIN=${2:-"cloud.paas.psi.redhat.com"}
 

+ CONTROLLER=http://${PIPELINE_ID}.${DOMAIN}
 

+ 

  export TEST_DIR=$(realpath $(dirname $0))
 

- CONTROLLER=http://${PIPELINE_ID}.cloud.paas.psi.redhat.com
 

  echo "Provisioning pipeline services..."
 

  curl -X POST -F data=@${TEST_DIR}/mbs-cgimport-vars.yaml $CONTROLLER/scripts/provision
 

  CERT_DIR=$(mktemp -d)
 
@@ -26,10 +28,6 @@ 
 

  export MBS_USER_PASSWORD=$(curl -s ${CONTROLLER}/krb5/principal/${MBS_USER})
 

  kinit -V $MBS_USER <<<$MBS_USER_PASSWORD
 

  

- CLIENT_CERTS="${CERT_DIR}/client.pem"
 

- curl -s ${CONTROLLER}/ca/${MBS_USER}/cert > ${CLIENT_CERTS}
 

- curl -s ${CONTROLLER}/ca/${MBS_USER}/key >> ${CLIENT_CERTS}
 

- 

  KOJI_HUB_HOST="$(curl -s ${CONTROLLER}/vars/KOJI_HUB_HOST)"
 

  export KOJI_CONFIG=$(mktemp)
 

  cat > $KOJI_CONFIG <<EOF
 
@@ -37,8 +35,7 @@ 
 

  server = https://${KOJI_HUB_HOST}/kojihub
 

  weburl = https://${KOJI_HUB_HOST}/koji
 

  serverca = $CACERT
 

- authtype = ssl
 

- cert = ${CLIENT_CERTS}
 

+ authtype = kerberos
 

  EOF
 

  

  for TEST_FILE in $(ls ${TEST_DIR}); do

New pipeline-as-a-service Koji is going to use Kerberos instead SSL.

rebased onto 17507e70268552111deb6e96c483f180dcabbd09
3 years ago

LGTM

Build 17507e70268552111deb6e96c483f180dcabbd09 FAILED!
Rebase or make new commits to rebuild.

It is unclear to me what some of these changes have to do with switching koji auth. They might be reasonable changes, but it should be clear why we are making them.

  • adding dist-git to the services list in mbs-integration-test.groovy
  • changing dnf check to yum check in multiple places

rebased onto 5b770df
3 years ago

Updated commit description. The changes are hidden since the code is using internal C3I pipeline-as-a-service and changes were done there. This is just test part which has to be updated. I suppose that these tests will be replaced by Vitals tests.

Isn't the latter going to break running this tests in more modern environments?

Also, shifting from using dnf to using yum is the reverse of the direction I would expect to see. These tests were working before, so what has changed?

pretty please pagure-ci rebuild
3 years ago

Originally these services were deployed using deployer from gitlab devops/factory2-segment-tests, pipeline-as-a-service is new generation of that deployer. Now the main focus of c3i pipeline-as-a-service is to run Vitals rpm - we are focusing on redhat build environment. That's reason why we are switching to yum.

Pull-Request has been merged by breilly
3 years ago
Changes Summary 4
+1 -1
file changed
openshift/integration/koji/pipelines/snippets/mbs-integration-test.groovy
+2 -2
file changed
openshift/integration/koji/pipelines/tests/module-build-init
+2 -2
file changed
openshift/integration/koji/pipelines/tests/module-build-init.groovy
+4 -7
file changed
openshift/integration/koji/pipelines/tests/runtests
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.