#2 add tenant onboarding doc
Merged 3 months ago by arrfab. Opened 3 months ago by siddharthvipul1.
centos/ siddharthvipul1/centos-infra-docs master  into  master

@@ -68,7 +68,7 @@ 

  +------------+---------------+------+-----+---------+----------------+

  3 rows in set (0.00 sec)

  

- MariaDB [duffy]> 

+ MariaDB [duffy]>

  

  ```

  

@@ -91,7 +91,7 @@ 

  

  1. How do we connect to instances

  

- The Duffy database runs on the admin.ci node: `ssh admin.ci.centos.org`. 

+ The Duffy database runs on the admin.ci node: `ssh admin.ci.centos.org`.

  

  2. We have a script which does this work.. how do we use it

  

@@ -100,7 +100,11 @@ 

  

  4. Retrieve the api key from the users table

  ` select * from users where projectname="projectname";`

+ Copy the API key somewhere handy (we will need it)

  

  5. Using that api-key/UUID as project_id, enter ssh key of a user from the project so that they can ssh into the machines. This process must be repeated for every user we wish to add access to via SSH.

  `insert into userkeys (`project_id`,`key`) values('<project-UUID>', '<ssh-key>');`

  This ssh key is pushed to duffy nodes - authorized keys when a tenant requests the node through api key.

+ 

+ NOTE: we need to copy private key (pair of key just added in db), and paste it

+ in openshift jenkins template (so copy it to save the trouble later)

docs/operations/ci/adding_cico_tenant/adding-jumphost.md docs/operations/ci/adding-jumphost.md
file renamed
file was moved with no change to the file

@@ -0,0 +1,61 @@ 

+ # CentOS CI - On-boarding

+ 

+ Note to users:

+ 

+ Please note that Infra space is for Fedora and CentOS related projects to

+ consume. Decision may take some time (often up to 2 weeks) as these are decided

+ by the whole team.

+ Once decided as go, we will create you a namespace in a openshift cluster where

+ you can configure your CI. We do provide a Jenkins template in case you want to be

+ able to consume vms/baremetal nodes to perform your CI.

+ 

+ Please answer the following questions so that we understand your requirement.

+ 

+ * How does your project relates to Fedora/CentOS?

+ * Describe your work flow and if you need any special permissions (other than

+   admin access to namespace), please tell us and provide a reason for them.

+ * Do you need bare-metal/vms checkout capability? (we prefer your workflow

+   containerized)

+ * Resources required

+   * PVs:

+ 

+ ```

+ Project_name:

+ Project_members:

+  - user1@ACO_registered_email_address

+  - user2@ACO_registered_email_address

+ ```

+ 

+ ## Steps

+ 1. Create an OpenShift namespace

+ 2. Create an entry in duffy db (with ssh key) - follow adding-duffy-api-key.md

+ 3. Instantiate a template to provision Jenkins

+ 

+ 

+ ### Create an OpenShift namespace

+ 

+ Using the data provided by tenant (i.e. Project name and its admins), create an yaml file to be passed to ansible-playbook (example above).

+ 

+ Store it in project directory to and push it to git

+ 

+ Use playbook (adhoc-openshift-resources.yaml)[https://github.com/CentOS/ansible-infra-playbooks/blob/staging/adhoc-openshift-resources.yaml] with variables `host=openshift-ci-management` and `the file containing project name and admins`

+ 

+ Example: "ansible-playbook playbooks/adhoc-openshift-resources.yaml -e "host=ocp-ci-management" -e "@important_project.yaml""

+ 

+ 

+ ## Create an entry in duffy db (with ssh key) - [follow adding-duffy-api-key.md](https://docs.infra.centos.org/operations/ci/adding_cico_tenant/adding-duffy-api-key/)

+ 

+ ## Instantiate a template to provision Jenkins

+ * Login to openshift

+ * Go to project cico-templates to select the cico-workspace Jenkins template

+   from workloads -> From Catalog -> {search cico-workspace}

+   you would see a template called "cico-workspace: provided by The CentOS

+   Project"

+ * Click the template to start instantiation process.

+   * Select the namespace we want to run Jenkins in (In Namespace variable)

+   * Enter appropriate Memory limit and volume capacity (for Jenkins, we prefer 3Gi and 10Gi respectively)

+   * Enter duffy API key for the project and SSH private key whose public pair is in duffy db.

+ 

+ Click create to instantiate the project.

+ 

+ Admin's hack: Increase timeout in deployment config to counter our slow storage timeout issue.

@@ -65,7 +65,7 @@ 

  ### Resources

  

  - Working with CentOS Infra https://docs.fedoraproject.org/en-US/cpe/day_to_day_centos/

- - Ticket Tracker: pagure.io/centos-infra [Use template ci-migration for migration or 

+ - Ticket Tracker: pagure.io/centos-infra [Use template ci-migration for migration or

  

  - Fedora Nest 2020 talk: https://docs.google.com/presentation/d/1Efwz73t4NdxuzmyV8kvi3SewCIzDpidpePXGLfuweso/edit?ts=5f2ea19e#slide=id.g8fead7ec8b_0_44

  

file modified
+2 -1

@@ -26,8 +26,9 @@ 

             - operations/ci/localstorage/binding_pvc.md

             - operations/ci/localstorage/installation.md

           - Onboard Tenants:

+            - operations/ci/adding_cico_tenant/adding_cico_tenants.md

             - operations/ci/adding_cico_tenant/adding-duffy-api-key.md

-            - operations/ci/adding-jumphost.md

+            - operations/ci/adding_cico_tenant/adding-jumphost.md

           - Add an OpenID identity provider to the cluster: operations/ci/adding_oidc_authentication.md

           - Adding Admin Users: operations/ci/adding_admin_users.md

           - Adding Nodes: operations/ci/adding_nodes.md