From dc827de23d09214aeb46c14fa4738c3ad0d31415 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Thu, 18 Mar 2021 09:59:46 +1100
Subject: [PATCH] Add kerberos-client group

We duplicate the KDC settings over all our kerberos clients.  Add
clients to a "kerberos-client" group and set the variables in a group
file.

Change-Id: I25ed5f8c68065060205dfbb634c6558488003a38
---
 inventory/service/group_vars/kerberos-client.yaml         | 5 +++++
 inventory/service/groups.yaml                             | 8 ++++++++
 .../files/inventory_plugins/test-fixtures/results.yaml    | 3 +++
 playbooks/service-mirror-update.yaml                      | 5 -----
 playbooks/service-mirror.yaml                             | 5 -----
 playbooks/service-static.yaml                             | 5 -----
 playbooks/service-zuul.yaml                               | 5 -----
 7 files changed, 16 insertions(+), 20 deletions(-)
 create mode 100644 inventory/service/group_vars/kerberos-client.yaml

diff --git a/inventory/service/group_vars/kerberos-client.yaml b/inventory/service/group_vars/kerberos-client.yaml
new file mode 100644
index 0000000000..c52a238697
--- /dev/null
+++ b/inventory/service/group_vars/kerberos-client.yaml
@@ -0,0 +1,5 @@
+kerberos_realm: 'OPENSTACK.ORG'
+kerberos_admin_server: 'kdc.openstack.org'
+kerberos_kdcs:
+  - kdc03.openstack.org
+  - kdc04.openstack.org
diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml
index 4a473651cd..3a07e3ff4b 100644
--- a/inventory/service/groups.yaml
+++ b/inventory/service/groups.yaml
@@ -72,6 +72,14 @@ groups:
     - health[0-9]*.openstack.org
   jvb:
     - jvb[0-9]*.opendev.org
+  kerberos-client:
+    - afs[0-9]*.open*.org
+    - afsdb*.open*.org
+    - kdc[0-9]*.openstack.org
+    - mirror[0-9]*.opendev.org
+    - mirror-update[0-9]*.opendev.org
+    - static[0-9]*.opendev.org
+    - ze[0-9]*.open*.org
   kerberos-kdc:
     - kdc03.openstack.org
     - kdc04.openstack.org
diff --git a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml
index 36c82edeb9..bf60bd977f 100644
--- a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml
+++ b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml
@@ -11,6 +11,7 @@ results:
     - afs-server-common
     - afs-file-server
     - afs-client
+    - kerberos-client
 
   firehose01.openstack.org:
     - firehose
@@ -34,6 +35,7 @@ results:
 
   mirror02.regionone.linaro-us.opendev.org:
     - afs-client
+    - kerberos-client
     - letsencrypt
     - mirror
 
@@ -48,6 +50,7 @@ results:
 
   ze01.opendev.org:
     - afs-client
+    - kerberos-client
     - zuul
     - zuul-executor
 
diff --git a/playbooks/service-mirror-update.yaml b/playbooks/service-mirror-update.yaml
index 705177fce5..fc71bd98f0 100644
--- a/playbooks/service-mirror-update.yaml
+++ b/playbooks/service-mirror-update.yaml
@@ -3,11 +3,6 @@
   roles:
     - role: iptables
     - role: kerberos-client
-      kerberos_realm: 'OPENSTACK.ORG'
-      kerberos_admin_server: 'kdc.openstack.org'
-      kerberos_kdcs:
-        - kdc03.openstack.org
-        - kdc04.openstack.org
     - role: openafs-client
       openafs_client_cache_size: "{{ afs_client_cache_size | default(10000000) }}" # 10GiB
     - role: mirror-update
diff --git a/playbooks/service-mirror.yaml b/playbooks/service-mirror.yaml
index 01844ff1a4..45760f2d89 100644
--- a/playbooks/service-mirror.yaml
+++ b/playbooks/service-mirror.yaml
@@ -3,11 +3,6 @@
   roles:
     - role: iptables
     - role: kerberos-client
-      kerberos_realm: 'OPENSTACK.ORG'
-      kerberos_admin_server: 'kdc.openstack.org'
-      kerberos_kdcs:
-        - kdc03.openstack.org
-        - kdc04.openstack.org
     - role: openafs-client
       openafs_client_cache_size: "{{ afs_client_cache_size | default(50000000) }}" # 50GiB
     - role: mirror
diff --git a/playbooks/service-static.yaml b/playbooks/service-static.yaml
index bacd9bf4da..eaac6958a2 100644
--- a/playbooks/service-static.yaml
+++ b/playbooks/service-static.yaml
@@ -3,11 +3,6 @@
   roles:
     - role: iptables
     - role: kerberos-client
-      kerberos_realm: 'OPENSTACK.ORG'
-      kerberos_admin_server: 'kdc.openstack.org'
-      kerberos_kdcs:
-        - kdc03.openstack.org
-        - kdc04.openstack.org
     - role: openafs-client
       openafs_client_cache_size: "{{ afs_client_cache_size | default(50000000) }}" # 50GiB
       openafs_client_cache_directory: '/opt/cache/openafs'
diff --git a/playbooks/service-zuul.yaml b/playbooks/service-zuul.yaml
index e4e372e438..17fe95fb69 100644
--- a/playbooks/service-zuul.yaml
+++ b/playbooks/service-zuul.yaml
@@ -24,11 +24,6 @@
   name: "Configure zuul executor"
   roles:
     - role: kerberos-client
-      kerberos_realm: 'OPENSTACK.ORG'
-      kerberos_admin_server: 'kdc.openstack.org'
-      kerberos_kdcs:
-        - kdc03.openstack.org
-        - kdc04.openstack.org
     - role: openafs-client
       openafs_client_cache_size: "{{ afs_client_cache_size | default(10000000) }}" # 10GiB
     - role: zuul-executor