diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 13582bb..351675a 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -5,6 +5,20 @@ msvsphere.ci Release Notes
 .. contents:: Topics
 
 
+v0.1.7
+======
+
+Minor Changes
+-------------
+
+- koji_cli - add Kerberos keytab path and principal configuration support trough ``koji_cli_keytab`` and ``koji_cli_principal`` variables.
+- koji_server - add Koji sidetags configuration support through ``koji_hub_sidetags_max`` and ``koji_hub_sidetags_parents`` variables.
+
+Bugfixes
+--------
+
+- koji_builder - enabled by default mock use_bootstrap_image option broke Koji builds. Fix disables this option globally in the /etc/mock/site-defaults.cfg file.
+
 v0.1.6
 ======
 
diff --git a/changelogs/.plugin-cache.yaml b/changelogs/.plugin-cache.yaml
index 4eab716..6a010c0 100644
--- a/changelogs/.plugin-cache.yaml
+++ b/changelogs/.plugin-cache.yaml
@@ -60,4 +60,4 @@ plugins:
   strategy: {}
   test: {}
   vars: {}
-version: 0.1.6
+version: 0.1.7
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
index c068e0f..c457d63 100644
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -75,3 +75,19 @@ releases:
         name: koji_builder
         namespace: null
     release_date: '2023-12-22'
+  0.1.7:
+    changes:
+      bugfixes:
+      - koji_builder - enabled by default mock use_bootstrap_image option broke Koji
+        builds. Fix disables this option globally in the /etc/mock/site-defaults.cfg
+        file.
+      minor_changes:
+      - koji_cli - add Kerberos keytab path and principal configuration support trough
+        ``koji_cli_keytab`` and ``koji_cli_principal`` variables.
+      - koji_server - add Koji sidetags configuration support through ``koji_hub_sidetags_max``
+        and ``koji_hub_sidetags_parents`` variables.
+    fragments:
+    - 3-disable-mock-bootstrap-image.yml
+    - 4-koji_cli_kerberos-support.yml
+    - 5-koji_server-sidetags-support.yml
+    release_date: '2023-12-28'
diff --git a/changelogs/fragments-archive/3-disable-mock-bootstrap-image.yml b/changelogs/fragments-archive/3-disable-mock-bootstrap-image.yml
new file mode 100644
index 0000000..aa35268
--- /dev/null
+++ b/changelogs/fragments-archive/3-disable-mock-bootstrap-image.yml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - koji_builder - enabled by default mock use_bootstrap_image option broke Koji builds. Fix disables this option globally in the /etc/mock/site-defaults.cfg file.
diff --git a/changelogs/fragments-archive/4-koji_cli_kerberos-support.yml b/changelogs/fragments-archive/4-koji_cli_kerberos-support.yml
new file mode 100644
index 0000000..feeb2ba
--- /dev/null
+++ b/changelogs/fragments-archive/4-koji_cli_kerberos-support.yml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - koji_cli - add Kerberos keytab path and principal configuration support trough ``koji_cli_keytab`` and ``koji_cli_principal`` variables.
diff --git a/changelogs/fragments-archive/5-koji_server-sidetags-support.yml b/changelogs/fragments-archive/5-koji_server-sidetags-support.yml
new file mode 100644
index 0000000..ecb5f83
--- /dev/null
+++ b/changelogs/fragments-archive/5-koji_server-sidetags-support.yml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - koji_server - add Koji sidetags configuration support through ``koji_hub_sidetags_max`` and ``koji_hub_sidetags_parents`` variables.
diff --git a/galaxy.yml b/galaxy.yml
index 364c7d3..35acf80 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: msvsphere
 name: ci
-version: 0.1.6
+version: 0.1.7
 readme: README.md
 authors:
   - Eugene Zamriy <ezamriy@msvsphere-os.ru>
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 9f69c99..096b5a4 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -90,6 +90,9 @@
   notify:
     - restart kojid
 
+- name: Configure mock
+  import_tasks: mock.yml
+
 - name: Enable and start kojid service
   ansible.builtin.service:
     name: kojid
diff --git a/roles/koji_builder/tasks/mock.yml b/roles/koji_builder/tasks/mock.yml
new file mode 100644
index 0000000..57a4e8a
--- /dev/null
+++ b/roles/koji_builder/tasks/mock.yml
@@ -0,0 +1,6 @@
+---
+- name: Disable use of bootstrap image in mock
+  ansible.builtin.lineinfile:
+    path: /etc/mock/site-defaults.cfg
+    line: 'config_opts["use_bootstrap_image"] = False'
+    regexp: ^\s*config_opts.*?use_bootstrap_image
diff --git a/roles/koji_cli/README.md b/roles/koji_cli/README.md
index 87bae2a..7685ae0 100644
--- a/roles/koji_cli/README.md
+++ b/roles/koji_cli/README.md
@@ -8,6 +8,8 @@ An Ansible role that installs and configures Koji CLI tools.
 | ----------------- | ------------- | ---- | ------------------------- | -------- |
 | koji_domain_name  |               | str  | Koji server domain name.  | yes      |
 | koji_cli_user     |               | str  | Koji CLI tools user name. | no       |
+| koji_cli_keytab   |               | str  | Kerberos keytab file for automatic authentication. | no |
+| koji_cli_principal |              | str  | Kerberos principal for automatic authentication. | no |
 | koji_profile      | "koji"        | str  | Koji profile name.        | no       |
 | koji_ca_cert_path |               | str  | Koji CA certificate path. | no       |
 | koji_topdir       | "/mnt/koji"   | str  | Koji top directory path.  | no       |
diff --git a/roles/koji_cli/defaults/main.yml b/roles/koji_cli/defaults/main.yml
index 092efec..5ae61b0 100644
--- a/roles/koji_cli/defaults/main.yml
+++ b/roles/koji_cli/defaults/main.yml
@@ -4,3 +4,5 @@ koji_cli_user:
 koji_profile: 'koji'
 koji_ca_cert_path:
 koji_topdir: '/mnt/koji'
+koji_cli_keytab:
+koji_cli_principal:
diff --git a/roles/koji_cli/meta/argument_specs.yml b/roles/koji_cli/meta/argument_specs.yml
index 487aa8a..029f3ae 100644
--- a/roles/koji_cli/meta/argument_specs.yml
+++ b/roles/koji_cli/meta/argument_specs.yml
@@ -33,3 +33,15 @@ argument_specs:
         default: '/mnt/koji'
         type: 'str'
         required: false
+
+      koji_cli_keytab:
+        description: Kerberos keytab file for automatic authentication.
+        type: str
+        required: false
+        version_added: '0.1.7'
+
+      koji_cli_principal:
+        description: Kerberos principal for automatic authentication.
+        type: str
+        required: false
+        version_added: '0.1.7'
diff --git a/roles/koji_cli/tasks/main.yml b/roles/koji_cli/tasks/main.yml
index 236529f..5ccbe90 100644
--- a/roles/koji_cli/tasks/main.yml
+++ b/roles/koji_cli/tasks/main.yml
@@ -65,4 +65,5 @@
       - { key: 'topurl', value: "https://{{ koji_domain_name }}/kojifiles" }
       - { key: 'topdir', value: "{{ koji_topdir }}" }
       - { key: 'serverca', value: "{{ koji_ca_cert_path}}" }
- 
\ No newline at end of file
+      - { key: 'keytab', value: "{{ koji_cli_keytab }}" }
+      - { key: 'principal', value: "{{ koji_cli_principal }}" }
diff --git a/roles/koji_server/README.md b/roles/koji_server/README.md
index e6a1361..0912889 100644
--- a/roles/koji_server/README.md
+++ b/roles/koji_server/README.md
@@ -16,6 +16,8 @@ An Ansible role that configures a Koji server.
 | koji_admin_user       | "kojiroot"                                                | str | Koji administrator user name.               | no  |
 | koji_admin_principal  | "{{ koji_admin_user }}@{{ koji_kerberos_realm }}"         | str | Koji administrator Kerberos principal name. | no  |
 | koji_admin_password   |                                                           | str | Koji administrator password.                | yes |
+| koji_hub_sidetags_max | 10                                                        | int | Maximum number of sidetags for a parent tag. | no |
+| koji_hub_sidetags_parents | []                                                    | list | List of sidetags parent tags.              | no  |
 | koji_hub_principal    | "HTTP/{{ koji_domain_name }}@{{ koji_kerberos_realm }}"   | str | Koji Hub Kerberos principal name.           | no  |
 | koji_hub_keytab       | "/etc/koji-hub/http.{{ koji_domain_name }}.keytab"        | str | Koji Hub Kerberos keytab file path.         | no  |
 | koji_web_principal    | "koji/{{ koji_domain_name }}@{{ koji_kerberos_realm }}"   | str | Koji Web Kerberos principal name.           | no  |
diff --git a/roles/koji_server/defaults/main.yml b/roles/koji_server/defaults/main.yml
index c059649..1158b8a 100644
--- a/roles/koji_server/defaults/main.yml
+++ b/roles/koji_server/defaults/main.yml
@@ -16,3 +16,5 @@ koji_kojira_keytab: "/etc/kojira/kojira.{{ koji_domain_name }}.keytab"
 koji_web_principal: "koji/{{ koji_domain_name }}@{{ koji_kerberos_realm }}"
 koji_web_keytab: "/etc/kojiweb/koji.{{ koji_domain_name }}.keytab"
 koji_web_secret:
+koji_hub_sidetags_max: 10
+koji_hub_sidetags_parents: []
diff --git a/roles/koji_server/meta/argument_specs.yml b/roles/koji_server/meta/argument_specs.yml
index b4116ed..1fd5d22 100644
--- a/roles/koji_server/meta/argument_specs.yml
+++ b/roles/koji_server/meta/argument_specs.yml
@@ -101,3 +101,17 @@ argument_specs:
         default: '/etc/kojira/kojira.{{ koji_domain_name }}.keytab'
         type: str
         required: false
+
+      koji_hub_sidetags_max:
+        description: Maximum number of sidetags for a parent tag.
+        default: 10
+        type: int
+        required: false
+        version_added: '0.1.7'
+
+      koji_hub_sidetags_parents:
+        description: List of sidetags parent tags.
+        default: []
+        type: list
+        elements: str
+        version_added: '0.1.7'
diff --git a/roles/koji_server/templates/etc/koji-hub/hub.conf.j2 b/roles/koji_server/templates/etc/koji-hub/hub.conf.j2
index ec8c1a1..ce391d3 100644
--- a/roles/koji_server/templates/etc/koji-hub/hub.conf.j2
+++ b/roles/koji_server/templates/etc/koji-hub/hub.conf.j2
@@ -27,6 +27,9 @@ Plugins = sidetag_hub
 
 [policy]
 sidetag =
+    {% for sidetag_parent in koji_hub_sidetags_parents %}
+    tag {{ sidetag_parent }} && compare number_of_tags <= {{ koji_hub_sidetags_max }} :: allow
+    {% endfor %}
     all :: deny
 
 package_list =