Uploaded image for project: 'CentOS Stream Pipeline'
  1. CentOS Stream Pipeline
  2. CS-1376

Migrate koji infra auth from REDHAT.COM to IPA.REDHAT.COM

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • cpe-planning, Infrastructure
    • None
    • False
    • None
    • False
    • Testable

    Description

      All the provisioned infra for Stream koji (and related services) was configured to use REDHAT.COM keytab files.

      That krb5 REALM is now considered legacy and all internal services should point to IPA.REDHAT.COM (there is a cross trust at this stage).

      Pointer : https://source.redhat.com/groups/public/identity-access-management/identity__access_management_wiki/2022_policy_changes

      We should:

      • migrate/test our .stg. (staging) environment to IPA.REDHAT.COM
      • once fully tested, ask for new keytabs
      • schedule/announce a maintenance window and reconfigure our whole koji Stream infra

      Attachments

        Issue Links

          depends on

          Task - Represents a small unit of work that is not end-user facing. CS-1409 Convert koji STG env to IPA.REDHAT.COM

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed

          Activity

            People

              Unassigned Unassigned
              farrotin@redhat.com Fabian Arrotin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: