|
 |
47c289 |
# SOP to Create a duffy API/SSH keys
|
|
|
47c289 |
This SOP covers the process of creating an API key for duffy, and adding it to the duffy database table
|
|
|
47c289 |
|
|
|
47c289 |
|
|
|
47c289 |
## Requirements
|
|
|
47c289 |
|
|
|
47c289 |
- project name
|
|
|
47c289 |
|
|
|
47c289 |
## Duffy Database Schemas
|
|
|
47c289 |
|
|
|
47c289 |
```
|
|
|
47c289 |
MariaDB [duffy]> show tables;
|
|
|
47c289 |
+-----------------+
|
|
|
47c289 |
| Tables_in_duffy |
|
|
|
47c289 |
+-----------------+
|
|
|
47c289 |
| alembic_version |
|
|
|
47c289 |
| session_archive |
|
|
|
47c289 |
| session_hosts |
|
|
|
47c289 |
| sessions |
|
|
|
47c289 |
| stock |
|
|
|
47c289 |
| userkeys |
|
|
|
47c289 |
| users |
|
|
|
47c289 |
+-----------------+
|
|
|
47c289 |
7 rows in set (0.00 sec)
|
|
|
47c289 |
|
|
|
47c289 |
MariaDB [duffy]> describe stock;
|
|
|
47c289 |
+--------------+--------------+------+-----+---------+-------+
|
|
|
47c289 |
| Field | Type | Null | Key | Default | Extra |
|
|
|
47c289 |
+--------------+--------------+------+-----+---------+-------+
|
|
|
47c289 |
| id | int(11) | NO | PRI | NULL | |
|
|
|
47c289 |
| hostname | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| ip | varchar(15) | YES | | NULL | |
|
|
|
47c289 |
| chassis | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| used_count | int(11) | YES | | NULL | |
|
|
|
47c289 |
| state | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| comment | varchar(255) | YES | | NULL | |
|
|
|
47c289 |
| distro | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| rel | varchar(10) | YES | | NULL | |
|
|
|
47c289 |
| ver | varchar(10) | YES | | NULL | |
|
|
|
47c289 |
| arch | varchar(10) | YES | | NULL | |
|
|
|
47c289 |
| pool | int(11) | YES | | NULL | |
|
|
|
47c289 |
| console_port | int(11) | YES | | NULL | |
|
|
|
47c289 |
| flavor | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
| session_id | varchar(37) | YES | MUL | NULL | |
|
|
|
47c289 |
| next_state | varchar(20) | YES | | NULL | |
|
|
|
47c289 |
+--------------+--------------+------+-----+---------+-------+
|
|
|
47c289 |
16 rows in set (0.01 sec)
|
|
|
47c289 |
|
|
|
47c289 |
MariaDB [duffy]> describe users;
|
|
|
47c289 |
+-------------+-------------+------+-----+---------+-------+
|
|
|
47c289 |
| Field | Type | Null | Key | Default | Extra |
|
|
|
47c289 |
+-------------+-------------+------+-----+---------+-------+
|
|
|
47c289 |
| apikey | varchar(37) | NO | PRI | | |
|
|
|
47c289 |
| projectname | varchar(50) | YES | | NULL | |
|
|
|
47c289 |
| jobname | varchar(50) | YES | | NULL | |
|
|
|
47c289 |
| createdat | date | YES | | NULL | |
|
|
|
47c289 |
| limitnodes | int(11) | YES | | NULL | |
|
|
|
47c289 |
+-------------+-------------+------+-----+---------+-------+
|
|
|
47c289 |
5 rows in set (0.00 sec)
|
|
|
47c289 |
|
|
|
47c289 |
MariaDB [duffy]> describe userkeys;
|
|
|
47c289 |
+------------+---------------+------+-----+---------+----------------+
|
|
|
47c289 |
| Field | Type | Null | Key | Default | Extra |
|
|
|
47c289 |
+------------+---------------+------+-----+---------+----------------+
|
|
|
47c289 |
| id | int(11) | NO | PRI | NULL | auto_increment |
|
|
|
47c289 |
| project_id | varchar(37) | YES | MUL | NULL | |
|
|
|
47c289 |
| key | varchar(8192) | YES | | NULL | |
|
|
|
47c289 |
+------------+---------------+------+-----+---------+----------------+
|
|
|
47c289 |
3 rows in set (0.00 sec)
|
|
|
47c289 |
|
|
|
792b29 |
MariaDB [duffy]>
|
|
|
47c289 |
|
|
|
47c289 |
```
|
|
|
47c289 |
|
|
|
47c289 |
|
|
|
47c289 |
```
|
|
|
47c289 |
+-----------+----------------------+----------------------+------------+-------------+
|
|
|
47c289 |
| apikey | projectname | jobname | createdat | limitnodes |
|
|
|
47c289 |
+-----------+----------------------+----------------------+------------+-------------+
|
|
|
47c289 |
| xxxx-yyyy | nfs-ganesha | nfs-ganesha | 2016-02-24 | 10 |
|
|
|
47c289 |
| zzzz-aaaa | CentOS | centos_arrfab | 2015-04-17 | 10 |
|
|
|
47c289 |
+-----------+----------------------+----------------------+------------+-------------+
|
|
|
47c289 |
```
|
|
|
47c289 |
|
|
|
47c289 |
## Steps to create a new duffy SSH key
|
|
|
47c289 |
1. On the home directory of user duffy on the admin.ci.centos.org instance, we have a folder where we store the created ssh keys for duffy tenants.
|
|
|
47c289 |
2. `mkdir -p keys/project-name/` then `ssh-keygen -f ~duffy/keys/project-name/id_rsa -C project-name@CI`
|
|
|
47c289 |
3. Copy the public key
|
|
|
47c289 |
|
|
|
47c289 |
## Steps to create a new duffy API key
|
|
|
47c289 |
|
|
|
47c289 |
1. How do we connect to instances
|
|
|
47c289 |
|
|
|
792b29 |
The Duffy database runs on the admin.ci node: `ssh admin.ci.centos.org`.
|
|
|
47c289 |
|
|
|
47c289 |
2. We have a script which does this work.. how do we use it
|
|
|
47c289 |
|
|
|
47c289 |
3. Create user in usertable
|
|
|
47c289 |
`insert into users values(UUID(), 'projectname', 'projectname', NOW(), 5);`
|
|
|
47c289 |
|
|
|
47c289 |
4. Retrieve the api key from the users table
|
|
|
47c289 |
` select * from users where projectname="projectname";`
|
|
|
792b29 |
Copy the API key somewhere handy (we will need it)
|
|
|
47c289 |
|
|
|
47c289 |
5. Using that api-key/UUID as project_id, enter ssh key of a user from the project so that they can ssh into the machines. This process must be repeated for every user we wish to add access to via SSH.
|
|
|
47c289 |
`insert into userkeys (`project_id`,`key`) values('<project-UUID>', '<ssh-key>');`
|
|
|
47c289 |
This ssh key is pushed to duffy nodes - authorized keys when a tenant requests the node through api key.
|
|
|
792b29 |
|
|
|
792b29 |
NOTE: we need to copy private key (pair of key just added in db), and paste it
|
|
|
792b29 |
in openshift jenkins template (so copy it to save the trouble later)
|