From 6f5fe1ca7f7810fb721e502d8357f1a81de1dae7 Mon Sep 17 00:00:00 2001
From: Martin Malina <mmalina@redhat.com>
Date: Tue, 1 Oct 2024 08:52:28 +0200
Subject: [PATCH] fix: enable more logging for kinit

Recently, we had issues when doing kinit, it would say:

kinit: Generic error (see e-text) while
getting initial credentials

It was suggested to us to enable
kerberos trace logging so that next time
we have more details to report.

Signed-off-by: Martin Malina <mmalina@redhat.com>
---
 internal-services/catalog/check-embargoed-cves-task.yaml       | 3 ++-
 internal-services/catalog/create-advisory-task.yaml            | 3 ++-
 .../catalog/iib-add-fbc-fragment-to-index-image-task.yaml      | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/internal-services/catalog/check-embargoed-cves-task.yaml b/internal-services/catalog/check-embargoed-cves-task.yaml
index b2c2602..bc7ad72 100644
--- a/internal-services/catalog/check-embargoed-cves-task.yaml
+++ b/internal-services/catalog/check-embargoed-cves-task.yaml
@@ -4,7 +4,7 @@ kind: Task
 metadata:
   name: check-embargoed-cves-task
   labels:
-    app.kubernetes.io/version: "0.1"
+    app.kubernetes.io/version: "0.1.1"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -69,6 +69,7 @@ spec:
           # workaround kinit: Invalid UID in persistent keyring name while getting default ccache
           export KRB5CCNAME=`mktemp`
           export KRB5_CONFIG=`mktemp`
+          export KRB5_TRACE=/dev/stderr
           sed '/\[libdefaults\]/a\    dns_canonicalize_hostname = false' /etc/krb5.conf > "${KRB5_CONFIG}"
           kinit ${SERVICE_ACCOUNT_NAME} -k -t /tmp/keytab
 
diff --git a/internal-services/catalog/create-advisory-task.yaml b/internal-services/catalog/create-advisory-task.yaml
index 8886bfe..aa165eb 100644
--- a/internal-services/catalog/create-advisory-task.yaml
+++ b/internal-services/catalog/create-advisory-task.yaml
@@ -4,7 +4,7 @@ kind: Task
 metadata:
   name: create-advisory-task
   labels:
-    app.kubernetes.io/version: "0.9"
+    app.kubernetes.io/version: "0.9.1"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -133,6 +133,7 @@ spec:
           export KRB5CCNAME=`mktemp`
           # see https://stackoverflow.com/a/12308187
           export KRB5_CONFIG=`mktemp`
+          export KRB5_TRACE=/dev/stderr
           sed '/\[libdefaults\]/a\    dns_canonicalize_hostname = false' /etc/krb5.conf > "${KRB5_CONFIG}"
           kinit ${SERVICE_ACCOUNT_NAME} -k -t /tmp/keytab
           ID=$(curl --retry 3 --negotiate -u : ${ERRATA_API}/advisory/reserve_live_id -XPOST | jq -r '.live_id')
diff --git a/internal-services/catalog/iib-add-fbc-fragment-to-index-image-task.yaml b/internal-services/catalog/iib-add-fbc-fragment-to-index-image-task.yaml
index 238291f..d47509d 100644
--- a/internal-services/catalog/iib-add-fbc-fragment-to-index-image-task.yaml
+++ b/internal-services/catalog/iib-add-fbc-fragment-to-index-image-task.yaml
@@ -4,7 +4,7 @@ kind: Task
 metadata:
   name: t-add-fbc-fragment-to-index-image
   labels:
-    app.kubernetes.io/version: "0.3.0"
+    app.kubernetes.io/version: "0.3.1"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -112,6 +112,7 @@ spec:
         KRB5_TEMP_CONF=$(mktemp)
         echo "${KRB5_CONF_CONTENT}" > "${KRB5_TEMP_CONF}"
         export KRB5_CONFIG="${KRB5_TEMP_CONF}"
+        export KRB5_TRACE=/dev/stderr
 
         /usr/bin/kinit -V $(cat /mnt/service-account-secret/principal) -k -t /tmp/keytab