# SOP to create/migrate Duffy tenant

This SOP covers the process of how to create a duffy tenant

## Create new tenant

### Creating dedicated ssh keypair

!!! note

    we'll start using the `pkistore` git-crypted git repo for this, so be sure to have that under git control

We'll just create the new ssh keypair directly into the CI pkistore repository :

```

project="samba"

ssh-keygen -f ocp/ssh/${project} -C ${project}@CI

```

!!! important

    Don't forget to add and git commit && git push new keys in pkistore/ocp/ssh repo

This will create both private and public ssh keys, and  you can now copy the public key to be inserted into Duffy DB (see below)

### Create new Duffy tenant

```shell

ssh duffy.ci.centos.org

```

### Change to duffy user

```shell

sudo su - duffy

```

### Create tenant with the command below and save api key somewhere safe, it outputs the key as `<tenant name>: <API key>`

```shell

duffy admin create-tenant <tenant name> "ssh-rsa <ssh pub-key_created_above>"

``` 

## Artifacts storage box

CI tenants are allowed to upload artifacts to one storage box, so we need to allow them to upload/rsync to it.

It's all controlled by the `artifacts_projects_list` list in ansible (host_vars) so don't forget to also add project and ssh public keys there too

## Duffy client configuration (external)

### Connect to the host that will have duffy client

```shell

ssh <host user>@<target host>

```

### Install duffy client using `pip`

```shell

pip3.8 install --user duffy[client]

```

### In the home path of the user, create `.config` directory if it doesn’t exist and create `.config/duffy` with the following content

```

client:

  url: https://duffy.ci.centos.org/api/v1

  auth:

    name: <tenant name>

    key: <API key>

```

### To create a session, the name of the pool is required. Check the pool available executing the command **_(Optional)_**

```shell

duffy client list-pools

```

### Request a session

```shell

duffy client request-session pool=<name of the pool>,quantity=<number of sessions wanted>

``` 

By default this command outputs a _json_, but it's possible to change the format to _yaml_ or _flat_ using `--format`. Under "node" key it's possible to find the hostname to be used. Log in to it as `root` user, using `ssh`.

```json

{

...output ommited...

"nodes": [

    {

        "hostname": "<hostname>.ci.centos.org",

        "ipaddr": "<ip address>",

...output ommited...

}

```

### When needed to retire the session, connect to your duffy client host and execute the command

```shell

duffy client retire-session <session id>

```

It's possible to check the session id either when the session is requested, in the output under "session" key, or using the following command:

```shell

duffy client list-sessions

```