Straighten out krb perms for the koji package list sync script.

author: Ralph Bean <rbean@redhat.com> 2017-09-06 15:25:52 +0000
committer: Ralph Bean <rbean@redhat.com> 2017-09-06 15:25:52 +0000
commit: e4d091edb663cf11a97a7a10763d8423dc003848 (patch)
tree: b9651a7e100b4770f9d34c713ebef109e90d6bb5
parent: f65b852044bac4923cd6a67a2004ef03bbee708a (diff)
download: ansible-e4d091edb663cf11a97a7a10763d8423dc003848.tar.gz
ansible-e4d091edb663cf11a97a7a10763d8423dc003848.tar.xz
ansible-e4d091edb663cf11a97a7a10763d8423dc003848.zip
2 files changed, 5 insertions, 0 deletions
diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml
index 9140c6c15..d9c37165d 100644
--- a/playbooks/groups/bodhi-backend.yml
+++ b/playbooks/groups/bodhi-backend.yml
@@ -46,6 +46,8 @@
 
   - role: keytab/service
     service: pkgdb
+    owner_user: fedmsg
+    owner_group: fedmsg
   - role: keytab/service
     owner_user: apache
     owner_group: apache
diff --git a/roles/bodhi2/backend/files/koji-sync-listener.service b/roles/bodhi2/backend/files/koji-sync-listener.service
index 09dfa0797..07f5f6444 100644
--- a/roles/bodhi2/backend/files/koji-sync-listener.service
+++ b/roles/bodhi2/backend/files/koji-sync-listener.service
@@ -8,5 +8,8 @@ User=fedmsg
 Group=fedmsg
 Restart=on-failure
 
+# Use a different ccname so we don't share tickets with bodhi.
+Environment=KRB5CCNAME=/var/tmp/owner-sync-krbcc
+
 [Install]
 WantedBy=multi-user.target
author	Ralph Bean <rbean@redhat.com>	2017-09-06 15:25:52 +0000
committer	Ralph Bean <rbean@redhat.com>	2017-09-06 15:25:52 +0000
commit	e4d091edb663cf11a97a7a10763d8423dc003848 (patch)
tree	b9651a7e100b4770f9d34c713ebef109e90d6bb5
parent	f65b852044bac4923cd6a67a2004ef03bbee708a (diff)
download	ansible-e4d091edb663cf11a97a7a10763d8423dc003848.tar.gz ansible-e4d091edb663cf11a97a7a10763d8423dc003848.tar.xz ansible-e4d091edb663cf11a97a7a10763d8423dc003848.zip