|
 |
47c289 |
# SOP to Create a duffy API/SSH keys
|
|
|
47c289 |
This SOP covers the process of creating an API key for duffy, and adding it to the duffy database table
|
|
|
47c289 |
|
|
|
47c289 |
|
|
|
47c289 |
## Requirements
|
|
|
47c289 |
|
|
|
47c289 |
- project name
|
|
|
47c289 |
|
|
|
47c289 |
## Duffy Database Schemas
|
|
|
47c289 |
|
|
|
47c289 |
```
|
|
|
47c289 |
MariaDB [duffy]> show tables;
|
|
|
47c289 |
+-----------------+
|
|
|
47c289 |
| Tables_in_duffy |
|
|
|
47c289 |
+-----------------+
|
|
|
47c289 |
| alembic_version |
|
|
|
47c289 |
| session_archive |
|
|
|
47c289 |
| session_hosts |
|
|
|
47c289 |
| sessions |
|
|
|
47c289 |
| stock |
|
|
|
47c289 |
| userkeys |
|
|
|
47c289 |
| users |
|
|
|
47c289 |
+-----------------+
|
|
|
47c289 |
7 rows in set (0.00 sec)
|
|
|
47c289 |
|
|
|
47c289 |
MariaDB [duffy]> describe stock;
|
|
|
47c289 |
+--------------+--------------+------+-----+---------+-------+
|
|
|
47c289 |
| Field | Type | Null | Key | Default | Extra |
|
|
|
47c289 |
+--------------+--------------+------+-----+---------+-------+
|
|
|
47c289 |
| id | int(11) | NO | PRI | NULL | |
|
|
|
47c289 |
| hostname | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| ip | varchar(15) | YES | | NULL | |
|
|
|
47c289 |
| chassis | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| used_count | int(11) | YES | | NULL | |
|
|
|
47c289 |
| state | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| comment | varchar(255) | YES | | NULL | |
|
|
|
47c289 |
| distro | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| rel | varchar(10) | YES | | NULL | |
|
|
|
47c289 |
| ver | varchar(10) | YES | | NULL | |
|
|
|
47c289 |
| arch | varchar(10) | YES | | NULL | |
|
|
|
47c289 |
| pool | int(11) | YES | | NULL | |
|
|
|
47c289 |
| console_port | int(11) | YES | | NULL | |
|
|
|
47c289 |
| flavor | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| session_id | varchar(37) | YES | MUL | NULL | |
|
|
|
47c289 |
| next_state | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
+--------------+--------------+------+-----+---------+-------+
|
|
|
47c289 |
16 rows in set (0.01 sec)
|
|
|
47c289 |
|
|
|
47c289 |
MariaDB [duffy]> describe users;
|
|
|
47c289 |
+-------------+-------------+------+-----+---------+-------+
|
|
|
47c289 |
| Field | Type | Null | Key | Default | Extra |
|
|
|
47c289 |
+-------------+-------------+------+-----+---------+-------+
|
|
|
47c289 |
| apikey | varchar(37) | NO | PRI | | |
|
|
|
47c289 |
| projectname | varchar(50) | YES | | NULL | |
|
|
|
47c289 |
| jobname | varchar(50) | YES | | NULL | |
|
|
|
47c289 |
| createdat | date | YES | | NULL | |
|
|
|
47c289 |
| limitnodes | int(11) | YES | | NULL | |
|
|
|
47c289 |
+-------------+-------------+------+-----+---------+-------+
|
|
|
47c289 |
5 rows in set (0.00 sec)
|
|
|
47c289 |
|
|
|
47c289 |
MariaDB [duffy]> describe userkeys;
|
|
|
47c289 |
+------------+---------------+------+-----+---------+----------------+
|
|
|
47c289 |
| Field | Type | Null | Key | Default | Extra |
|
|
|
47c289 |
+------------+---------------+------+-----+---------+----------------+
|
|
|
47c289 |
| id | int(11) | NO | PRI | NULL | auto_increment |
|
|
|
47c289 |
| project_id | varchar(37) | YES | MUL | NULL | |
|
|
|
47c289 |
| key | varchar(8192) | YES | | NULL | |
|
|
|
47c289 |
+------------+---------------+------+-----+---------+----------------+
|
|
|
47c289 |
3 rows in set (0.00 sec)
|
|
|
47c289 |
|
|
 |
0c8a7f |
MariaDB [duffy]> describe users;
|
|
|
47c289 |
|
|
|
47c289 |
+-----------+----------------------+----------------------+------------+-------------+
|
|
|
47c289 |
| apikey | projectname | jobname | createdat | limitnodes |
|
|
|
47c289 |
+-----------+----------------------+----------------------+------------+-------------+
|
|
|
47c289 |
| xxxx-yyyy | nfs-ganesha | nfs-ganesha | 2016-02-24 | 10 |
|
|
|
47c289 |
| zzzz-aaaa | CentOS | centos_arrfab | 2015-04-17 | 10 |
|
|
|
47c289 |
+-----------+----------------------+----------------------+------------+-------------+
|
|
|
47c289 |
```
|
|
|
47c289 |
|
|
|
47c289 |
## Steps to create a new duffy SSH key
|
|
|
97a9dc |
|
|
|
97a9dc |
!!! note
|
|
|
97a9dc |
we'll start using the `pkistore` git-crypted git repo for this, so be sure to have that under git control
|
|
|
97a9dc |
|
|
|
97a9dc |
We'll just create the new ssh keypair directly into the pkistore repository :
|
|
|
97a9dc |
|
|
|
97a9dc |
```
|
|
|
97a9dc |
project="samba"
|
|
|
97a9dc |
ssh-keygen -f ocp/ssh/${project} -C ${project}@CI
|
|
|
97a9dc |
|
|
|
97a9dc |
```
|
|
|
97a9dc |
|
|
|
97a9dc |
!!! important
|
|
|
97a9dc |
Don't forget to add and git commit && git push new keys in pkistore/ocp/ssh repo
|
|
|
97a9dc |
|
|
|
97a9dc |
|
|
|
97a9dc |
This will create both private and public ssh keys, and you can now copy the public key to be inserted into Duffy DB
|
|
|
97a9dc |
|
|
|
47c289 |
|
|
|
47c289 |
## Steps to create a new duffy API key
|
|
|
47c289 |
|
|
|
a3bac9 |
1. The Duffy database runs on the admin.ci node: `ssh admin.ci.centos.org` and once in the admin node, login in mysql - duffy db
|
|
|
47c289 |
|
|
|
0c8a7f |
2. Create user in usertable
|
|
|
0c8a7f |
|
|
|
0c8a7f |
```
|
|
|
0c8a7f |
insert into users values(UUID(), '<projectname>', '<projectname>', NOW(), 5);`
|
|
|
0c8a7f |
```
|
|
|
0c8a7f |
|
|
|
47c289 |
|
|
|
a3bac9 |
3. Retrieve the api key from the users table ` select * from users where projectname="projectname";` Copy the API key somewhere handy (we will need it)
|
|
|
47c289 |
|
|
|
0c8a7f |
4. Using that api-key/UUID as project_id, enter ssh key of a user from the project so that they can ssh into the machines. This process must be repeated for every user we wish to add access to via SSH.
|
|
|
0c8a7f |
|
|
|
0c8a7f |
```
|
|
|
0c8a7f |
insert into userkeys (project_id,`key`) values(<project-UUID-var>, <ssh-key-var>);`
|
|
|
0c8a7f |
```
|
|
|
0c8a7f |
|
|
|
0c8a7f |
This ssh key is pushed to duffy nodes - authorized keys when a tenant requests the node through api key.
|
|
|
792b29 |
|