centos / centos-infra-docs

Clone
Source Code
GIT

Files

  1.   1c0ded56e27e767617617f2d08655af018f9160d
  2.   docs
  3.   operations
  4.   ci
  5.   adding_cico_tenant
  6.   adding-duffy-tenant.md
Blob Blame History Raw 
# SOP to create/migrate Duffy tenant
This SOP covers the process of how to create a duffy tenant

## Create new tenant

### Creating dedicated ssh keypair

!!! note
    we'll start using the `pkistore` git-crypted git repo for this, so be sure to have that under git control

We'll just create the new ssh keypair directly into the CI pkistore repository :

```
project="samba"
ssh-keygen -f ocp/ssh/${project} -C ${project}@CI

```

!!! important
    Don't forget to add and git commit && git push new keys in pkistore/ocp/ssh repo


This will create both private and public ssh keys, and  you can now copy the public key to be inserted into Duffy DB (see below)



### Create new Duffy tenant
```shell
ssh duffy.ci.centos.org
```

### Change to duffy user
```shell
sudo su - duffy
```
### Create tenant with the command below and save api key somewhere safe, it outputs the key as `<tenant name>: <API key>`
```shell
duffy admin create-tenant <tenant name> "ssh-rsa <ssh pub-key_created_above>"
``` 


## Artifacts storage box

CI tenants are allowed to upload artifacts to one storage box, so we need to allow them to upload/rsync to it.
It's all controlled by the `artifacts_projects_list` list in ansible (host_vars) so don't forget to also add project and ssh public keys there too


## Duffy client configuration (external)

### Connect to the host that will have duffy client
```shell
ssh <host user>@<target host>
```

### Install duffy client using `pip`
```shell
pip3.8 install --user duffy[client]
```

### In the home path of the user, create `.config` directory if it doesn’t exist and create `.config/duffy` with the following content
```
client:
  url: https://duffy.ci.centos.org/api/v1
  auth:
    name: <tenant name>
    key: <API key>
```

### To create a session, the name of the pool is required. Check the pool available executing the command **_(Optional)_**
```shell
duffy client list-pools
```
### Request a session
```shell
duffy client request-session pool=<name of the pool>,quantity=<number of sessions wanted>
``` 

By default this command outputs a _json_, but it's possible to change the format to _yaml_ or _flat_ using `--format`. Under "node" key it's possible to find the hostname to be used. Log in to it as `root` user, using `ssh`.

```json
{
...output ommited...

"nodes": [
    {
        "hostname": "<hostname>.ci.centos.org",
        "ipaddr": "<ip address>",

...output ommited...
}
```

### When needed to retire the session, connect to your duffy client host and execute the command
```shell
duffy client retire-session <session id>
```

It's possible to check the session id either when the session is requested, in the output under "session" key, or using the following command:
```shell
duffy client list-sessions
```

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation