Uploaded image for project: 'CentOS Stream Pipeline'
  1. CentOS Stream Pipeline
  2. CS-1376

Migrate koji infra auth from REDHAT.COM to IPA.REDHAT.COM

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • False
    • None
    • False
    • Testable

    Description

      All the provisioned infra for Stream koji (and related services) was configured to use REDHAT.COM keytab files.

      That krb5 REALM is now considered legacy and all internal services should point to IPA.REDHAT.COM (there is a cross trust at this stage).

      Pointer : https://source.redhat.com/groups/public/identity-access-management/identity__access_management_wiki/2022_policy_changes

      We should:

      • migrate/test our .stg. (staging) environment to IPA.REDHAT.COM
      • once fully tested, ask for new keytabs
      • schedule/announce a maintenance window and reconfigure our whole koji Stream infra

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              farrotin@redhat.com Fabian Arrotin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: