Uploaded image for project: 'CentOS Stream Pipeline'
  1. CentOS Stream Pipeline
  2. CS-1376

Migrate koji infra auth from REDHAT.COM to IPA.REDHAT.COM

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • None
    • cpe-planning, Infrastructure
    • None
    • False
    • None
    • False
    • Testable

      All the provisioned infra for Stream koji (and related services) was configured to use REDHAT.COM keytab files.

      That krb5 REALM is now considered legacy and all internal services should point to IPA.REDHAT.COM (there is a cross trust at this stage).

      Pointer : https://source.redhat.com/groups/public/identity-access-management/identity__access_management_wiki/2022_policy_changes

      We should:

      • migrate/test our .stg. (staging) environment to IPA.REDHAT.COM
      • once fully tested, ask for new keytabs
      • schedule/announce a maintenance window and reconfigure our whole koji Stream infra

            Unassigned Unassigned
            farrotin@redhat.com Fabian Arrotin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: