Re: FBR - Fixing OSBS build

Fri, 27 Apr 2018 06:20:54 -0700 

+1

On 04/27/2018 02:02 PM, Clement Verna wrote:
> Currently OSBS builds are failing because of the kerberos
> configuration not been up-to-date.
> 
> I would like to add the following to the osbs-playbook, this will make
> sure that the buildroot container is rebuild using the latest
> krb5.conf file.
> 
> +1 ?
> 
> diff --git a/files/osbs/buildroot-Dockerfile-production.j2
> b/files/osbs/buildroot-Dockerfile-production.j2
> index 70b556380..3ac044d32 100644
> --- a/files/osbs/buildroot-Dockerfile-production.j2
> +++ b/files/osbs/buildroot-Dockerfile-production.j2
> @@ -2,7 +2,8 @@ FROM registry.fedoraproject.org/fedora
>  ADD ./infra-tags.repo /etc/yum.repos.d/infra-tags.repo
>  RUN dnf -y install --refresh dnf-plugins-core && dnf -y install
> docker git python-setuptools e2fsprogs koji python-backports-lzma
> osbs-client python-osbs-client gssproxy fedpkg python-docker-squash
> atomic-reactor python-atomic-reactor* go-md2man
>  RUN dnf -y install --refresh python2-productmd python3-productmd
> libmodulemd python2-gobject python3-gobject python2-modulemd
> python3-modulemd python2-pdc-client python3-pdc-client
> -RUN sed -i 's|.*default_ccache_name.*| default_ccache_name =
> DIR:/tmp/ccache_%{uid}|g' /etc/krb5.conf
> +ADD ./krb5.conf /etc
> +RUN printf '[libdefaults]\n default_ccache_name =
> DIR:/tmp/ccache_%{uid}' >/etc/krb5.conf.d/ccache.conf
>  ADD ./krb5.osbs_{{osbs_url}}.keytab /etc/
>  ADD ./ca.crt /etc/pki/ca-trust/source/anchors/osbs.ca.crt
>  RUN update-ca-trust
> diff --git a/playbooks/groups/osbs-cluster.yml
> b/playbooks/groups/osbs-cluster.yml
> index 77d9a941c..4c09307ae 100644
> --- a/playbooks/groups/osbs-cluster.yml
> +++ b/playbooks/groups/osbs-cluster.yml
> @@ -795,6 +795,14 @@
>        notify:
>          - buildroot container
> 
> +    - name: Upload krb5.conf for buildroot container
> +      template:
> +        src: "{{ ansible }}/roles/base/templates/krb5.conf.j2"
> +        dest: "/etc/osbs/buildroot/krb5.conf"
> +        mode: 0644
> +      notify:
> +        - buildroot container
> +
>      - name: Upload internal CA for buildroot
>        copy:
>          src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem"
> _______________________________________________
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
> 

-- 
Mikolaj Izdebski
Senior Software Engineer, Red Hat
IRC: mizdebsk
_______________________________________________
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Reply via email to