Use standard Python containers, also add krb5.conf

Because that is perfectly reasonable. By which I mean completely outrageous.

Use standard Python containers, also add krb5.conf
557bdb3f · Albin Stjerna · 243c3889 · 557bdb3f · 557bdb3f
Commit 557bdb3f authored 8 years ago by Albin Stjerna
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,12 +13,13 @@ lint:
    - make lint

 test_2:
-  image: frolvlad/alpine-python2
+  image: python:2
  stage: test
  before_script:
     # Authenticate using the keytab:
-    - apk update && apk add make krb5 bash krb5-conf krb5-libs krb5-dev gcc python2-dev musl-dev
-    - bash -c "base64 -d <(echo \"$KRB_KEYTAB_CONTENTS\") > $KRB_USERNAME.keytab"
+    - DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y libkrb5-dev make build-essential krb5-user libpython-dev
+    - cp krb5.conf /etc/krb5.conf
+    - base64 -d <(echo \"$KRB_KEYTAB_CONTENTS\") > $KRB_USERNAME.keytab
    - kinit -k -t $KRB_USERNAME.keytab $KRB_USERNAME@CERN.CH
  script:
    - pip install -r requirements.txt
@@ -29,11 +30,13 @@ test_2:

 test_3:
  stage: test
-  image: frolvlad/alpine-python3
+  image: python:3
  before_script:
-    - apk update && apk add make krb5 bash krb5-conf krb5-libs krb5-dev gcc python3-dev musl-dev
+    - DEBIAN_FRONTEND=noninteractive apt-get update
+    - DEBIAN_FRONTEND=noninteractive apt-get install -y libkrb5-dev make build-essential krb5-user libpython-dev
+    - cp krb5.conf /etc/krb5.conf
     # Authenticate using the keytab:
-    - bash -c "base64 -d <(echo \"$KRB_KEYTAB_CONTENTS\") > $KRB_USERNAME.keytab"
+    - base64 -d <(echo \"$KRB_KEYTAB_CONTENTS\") > $KRB_USERNAME.keytab
    - kinit -k -t $KRB_USERNAME.keytab $KRB_USERNAME@CERN.CH
  script:
    - pip install -r requirements.txt

--- a/krb5.conf
+++ b/krb5.conf
+; AD  : This Kerberos configuration is for CERN's Active Directory realm.
+;
+; /etc/krb5.conf
+; On SLC nodes this file is maintained via ncm-krb5clt(1), local changes may be lost.
+; If you need to add your realm, look at the "template" file 
+; in /usr/lib/ncm/config/krb5clt/etc_krb5.conf.tpl
+; or get in touch with project-elfms@cern.ch
+;
+; Created   1-Apr-2011
+; Modified  3-Mar-2014
+;
+
+[libdefaults]
+ default_realm = CERN.CH
+ ticket_lifetime = 25h
+ renew_lifetime = 120h
+ forwardable = true
+ proxiable = true
+ default_tkt_enctypes = arcfour-hmac-md5 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
+ allow_weak_crypto = true
+
+[realms]
+ CERN.CH = {
+  default_domain = cern.ch
+  kpasswd_server = cerndc.cern.ch
+  admin_server = cerndc.cern.ch
+  kdc = cerndc.cern.ch
+
+  v4_name_convert = {
+     host = {
+         rcmd = host
+     }
+  }
+ }
+; the external institutes info is completely static for now and comes
+; straight from the NCM template
+ FNAL.GOV = {
+  default_domain = fnal.gov
+  admin_server = krb-fnal-admin.fnal.gov
+  kdc = krb-fnal-1.fnal.gov:88 
+  kdc = krb-fnal-2.fnal.gov:88 
+  kdc = krb-fnal-3.fnal.gov:88 
+ }
+ KFKI.HU = {
+  kdc = kerberos.kfki.hu
+  admin_server = kerberos.kfki.hu
+ } 
+ HEP.MAN.AC.UK = {
+  kdc = afs4.hep.man.ac.uk
+  kdc = afs1.hep.man.ac.uk
+  kdc = afs2.hep.man.ac.uk
+  kdc = afs3.hep.man.ac.uk
+  admin_server = afs4.hep.man.ac.uk
+  kpasswd_server = afs4.hep.man.ac.uk
+  default_domain = hep.man.ac.uk
+ }
+[domain_realm]
+ .cern.ch = CERN.CH
+ .fnal.gov = FNAL.GOV
+ .kfki.hu = KFKI.HU
+ .hep.man.ac.uk = HEP.MAN.AC.UK
+[appdefaults]
+   pkinit_pool =  DIR:/etc/pki/tls/certs/
+   pkinit_anchors = DIR:/etc/pki/tls/certs/
+; options for Red Hat pam_krb5-2
+ pam = {
+   external = true
+   krb4_convert =  false 
+   krb4_convert_524 =  false 
+   krb4_use_as_req =  false 
+   ticket_lifetime = 25h
+ }