Text Blame History Raw

SOP to create/migrate Duffy tenant

This SOP covers the process of how to create a duffy tenant

Create new tenant

Creating dedicated ssh keypair

Note

we'll start using the pkistore git-crypted git repo for this, so be sure to have that under git control

We'll just create the new ssh keypair directly into the CI pkistore repository :

project="samba"
ssh-keygen -f ocp/ssh/${project} -C ${project}@CI

Important

Don't forget to add and git commit && git push new keys in pkistore/ocp/ssh repo

This will create both private and public ssh keys, and you can now copy the public key to be inserted into Duffy DB (see below)

Create new Duffy tenant

ssh duffy.ci.centos.org

Change to duffy user

sudo su - duffy

Create tenant with the command below and save api key somewhere safe, it outputs the key as <tenant name>: <API key>

duffy admin create-tenant <tenant name> "ssh-rsa <ssh pub-key_created_above>"

Artifacts storage box

CI tenants are allowed to upload artifacts to one storage box, so we need to allow them to upload/rsync to it. It's all controlled by the artifacts_projects_list list in ansible (host_vars) so don't forget to also add project and ssh public keys there too

Duffy client configuration (external)

Connect to the host that will have duffy client

ssh <host user>@<target host>

Install duffy client using pip

pip3.8 install --user duffy[client]

In the home path of the user, create .config directory if it doesn’t exist and create .config/duffy with the following content

client:
  url: https://duffy.ci.centos.org/api/v1
  auth:
    name: <tenant name>
    key: <API key>

To create a session, the name of the pool is required. Check the pool available executing the command (Optional)

duffy client list-pools

Request a session

duffy client request-session pool=<name of the pool>,quantity=<number of sessions wanted>

By default this command outputs a json, but it's possible to change the format to yaml or flat using --format. Under "node" key it's possible to find the hostname to be used. Log in to it as root user, using ssh.

{
...output ommited...

"nodes": [
    {
        "hostname": "<hostname>.ci.centos.org",
        "ipaddr": "<ip address>",

...output ommited...
}

When needed to retire the session, connect to your duffy client host and execute the command

duffy client retire-session <session id>

It's possible to check the session id either when the session is requested, in the output under "session" key, or using the following command:

duffy client list-sessions