switching from admin1 user to ctaadmin1

and generating all the required krb5 keytabs

continuousintegration/docker/ctafrontend/cc7/config/ctaeos/etc/xrd.cf.mgm

@@ -19,7 +19,7 @@ sec.protocol sss -c /etc/eos.keytab -s /etc/eos.keytab
 # KRB  authentication
 #sec.protocol krb5 -exptkn:/var/eos/auth/krb5#<uid> host/<host>@CERN.CH
 #sec.protocol krb5 host/<host>@CERN.CH
-sec.protocol krb5 /etc/eos.krb5.keytab eos/eos-server@TEST.CTA
+sec.protocol krb5 /etc/eos-server.krb5.keytab eos/eos-server@TEST.CTA
 
 #sec.protbind localhost.localdomain unix sss
 #sec.protbind localhost unix sss

continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctafrontend.sh

@@ -38,14 +38,14 @@ sed -i 's|.*sec.protocol sss.*|sec.protocol sss -s /etc/ctafrontend_SSS_s.keytab
 sed -i 's|.*sec.protocol unix.*|#sec.protocol unix|' /etc/xrootd/xrootd-cta.cfg
 
 # Hack the default xrootd-cta.cfg provided by the sources
-sed -i 's|.*sec.protocol krb5.*|sec.protocol krb5 /etc/cta-frontend.keytab cta/cta-frontend@TEST.CTA|' /etc/xrootd/xrootd-cta.cfg
+sed -i 's|.*sec.protocol krb5.*|sec.protocol krb5 /etc/cta-frontend.krb5.keytab cta/cta-frontend@TEST.CTA|' /etc/xrootd/xrootd-cta.cfg
 
 # Allow only SSS and krb5 for frontend
 sed -i 's|^sec.protbind .*|sec.protbind * only sss krb5|' /etc/xrootd/xrootd-cta.cfg
 
 # Wait for the keytab file to be pushed in by the creation script.
-echo -n "Waiting for /etc/cta-frontend.keytab"
-for ((;;)); do test -e /etc/cta-frontend.keytab && break; sleep 1; echo -n .; done
+echo -n "Waiting for /etc/cta-frontend.krb5.keytab"
+for ((;;)); do test -e /etc/cta-frontend.krb5.keytab && break; sleep 1; echo -n .; done
 echo OK
 
 touch /cta-frontend.log

continuousintegration/docker/ctafrontend/cc7/opt/run/bin/kdc.sh

@@ -10,6 +10,8 @@ echo -n "Initing kdc... "
 /usr/lib/heimdal/bin/kadmin -l -r TEST.CTA init --realm-max-ticket-life=unlimited --realm-max-renewable-life=unlimited TEST.CTA || (echo Failed. ; exit 1)
 echo Done.
 
+KEYTABS="user1 user2 poweruser1 poweruser2 ctaadmin1 ctaadmin2 eosadmin1 eosadmin2 cta/cta-frontend eos/eos-server"
+
 # Start kdc
 echo -n "Starting kdc... "
 /usr/libexec/kdc &
@@ -28,15 +30,14 @@ EOF_krb5
 echo Done.
 
 # Populate KDC and generate keytab files
-echo -n "Populating kdc... "
-/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA add --random-password --use-defaults admin1 admin2 user1 user2 cta/cta-frontend eos/eos-server
-
-/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/admin1.keytab admin1
-/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/admin2.keytab admin2
-/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/user1.keytab user1
-/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/user2.keytab user2
-/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/cta-frontend.keytab cta/cta-frontend
-/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/eos.keytab eos/eos-server
+echo "Populating kdc... "
+/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA add --random-password --use-defaults ${KEYTABS}
+
+for NAME in ${KEYTABS}; do
+   echo -n "  Generating /root/$(basename ${NAME}).keytab for ${NAME}"
+  /usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/$(basename ${NAME}).keytab ${NAME} && echo OK || echo FAILED 
+done
+
 echo Done.
 
 echo "### KDC ready ###"

continuousintegration/orchestration/create_instance.sh

@@ -233,11 +233,11 @@ kubectl --namespace=${instance} exec kdc cat /etc/krb5.conf | kubectl --namespac
 kubectl --namespace=${instance} exec kdc cat /etc/krb5.conf | kubectl --namespace=${instance} exec -i ctacli --  bash -c "cat > /etc/krb5.conf" 
 kubectl --namespace=${instance} exec kdc cat /etc/krb5.conf | kubectl --namespace=${instance} exec -i ctafrontend --  bash -c "cat > /etc/krb5.conf"
 kubectl --namespace=${instance} exec kdc cat /etc/krb5.conf | kubectl --namespace=${instance} exec -i ctaeos --  bash -c "cat > /etc/krb5.conf"
-kubectl --namespace=${instance} exec kdc cat /root/admin1.keytab | kubectl --namespace=${instance} exec -i ctacli --  bash -c "cat > /root/admin1.keytab"
+kubectl --namespace=${instance} exec kdc cat /root/ctaadmin1.keytab | kubectl --namespace=${instance} exec -i ctacli --  bash -c "cat > /root/ctaadmin1.keytab"
 kubectl --namespace=${instance} exec kdc cat /root/user1.keytab | kubectl --namespace=${instance} exec -i client --  bash -c "cat > /root/user1.keytab"
-kubectl --namespace=${instance} exec kdc cat /root/cta-frontend.keytab | kubectl --namespace=${instance} exec -i ctafrontend --  bash -c "cat > /etc/cta-frontend.keytab"
-kubectl --namespace=${instance} exec kdc cat /root/eos.keytab | kubectl --namespace=${instance} exec -i ctaeos --  bash -c "cat > /etc/eos.krb5.keytab"
-kubectl --namespace=${instance} exec ctacli -- kinit -kt /root/admin1.keytab admin1@TEST.CTA
+kubectl --namespace=${instance} exec kdc cat /root/cta-frontend.keytab | kubectl --namespace=${instance} exec -i ctafrontend --  bash -c "cat > /etc/cta-frontend.krb5.keytab"
+kubectl --namespace=${instance} exec kdc cat /root/eos-server.keytab | kubectl --namespace=${instance} exec -i ctaeos --  bash -c "cat > /etc/eos-server.krb5.keytab"
+kubectl --namespace=${instance} exec ctacli -- kinit -kt /root/ctaadmin1.keytab ctaadmin1@TEST.CTA
 kubectl --namespace=${instance} exec client -- kinit -kt /root/user1.keytab user1@TEST.CTA
 
 # create users on the mgm

continuousintegration/orchestration/tests/client_ar.sh

@@ -2,11 +2,10 @@
 
 
 EOSINSTANCE=ctaeos
+TEST_FILE_NAME=`uuidgen`
 
 
-
-TEST_FILE_NAME=`uuidgen`
-echo "xrdcp /etc/group root://localhost//eos/ctaeos/cta/${TEST_FILE_NAME}"
+echo "xrdcp /etc/group root://${EOSINSTANCE}//eos/ctaeos/cta/${TEST_FILE_NAME}"
 xrdcp /etc/group root://${EOSINSTANCE}//eos/ctaeos/cta/${TEST_FILE_NAME}
 
 SECONDS_PASSED=0

continuousintegration/orchestration/tests/prepare_tests.sh

@@ -59,7 +59,7 @@ ctacliIP=`kubectl --namespace ${NAMESPACE} describe pod ctacli | grep IP | sed -
 
 echo "Preparing CTA configuration for tests"
   kubectl --namespace ${NAMESPACE} exec ctafrontend -- cta-catalogue-admin-host-create /etc/cta/cta_catalogue_db.conf --hostname ${ctacliIP} -c "docker cli"
-  kubectl --namespace ${NAMESPACE} exec ctafrontend -- cta-catalogue-admin-user-create /etc/cta/cta_catalogue_db.conf --username admin1 -c "docker cli"
+  kubectl --namespace ${NAMESPACE} exec ctafrontend -- cta-catalogue-admin-user-create /etc/cta/cta_catalogue_db.conf --username ctaadmin1 -c "docker cli"
   kubectl --namespace ${NAMESPACE} exec ctacli -- cta logicallibrary add \
      --name ${LIBRARYNAME}                                            \
      --comment "ctasystest"