centos / centos-infra-docs

Clone
Source Code
GIT

#2 add tenant onboarding doc
Merged 2 years ago by arrfab. Opened 2 years ago by siddharthvipul1.
centos/ siddharthvipul1/centos-infra-docs master  into  master

file modified
+6 -2 
@@ -68,7 +68,7 @@ 
 

  +------------+---------------+------+-----+---------+----------------+
 

  3 rows in set (0.00 sec)
 

  

- MariaDB [duffy]> 

+ MariaDB [duffy]>
 

  

  ```
 

  
@@ -91,7 +91,7 @@ 
 

  

  1. How do we connect to instances
 

  

- The Duffy database runs on the admin.ci node: `ssh admin.ci.centos.org`. 

+ The Duffy database runs on the admin.ci node: `ssh admin.ci.centos.org`.
 

  

  2. We have a script which does this work.. how do we use it
 

  
@@ -100,7 +100,11 @@ 
 

  

  4. Retrieve the api key from the users table
 

  ` select * from users where projectname="projectname";`
 

+ Copy the API key somewhere handy (we will need it)
 

  

  5. Using that api-key/UUID as project_id, enter ssh key of a user from the project so that they can ssh into the machines. This process must be repeated for every user we wish to add access to via SSH.
 

  `insert into userkeys (`project_id`,`key`) values('<project-UUID>', '<ssh-key>');`
 

  This ssh key is pushed to duffy nodes - authorized keys when a tenant requests the node through api key.
 

+ 

+ NOTE: we need to copy private key (pair of key just added in db), and paste it
 

+ in openshift jenkins template (so copy it to save the trouble later)

docs/operations/ci/adding_cico_tenant/adding-jumphost.md docs/operations/ci/adding-jumphost.md
file renamed
file was moved with no change to the file
file added
+61 
@@ -0,0 +1,61 @@ 
 

+ # CentOS CI - On-boarding
 

+ 

+ Note to users:
 

+ 

+ Please note that Infra space is for Fedora and CentOS related projects to
 

+ consume. Decision may take some time (often up to 2 weeks) as these are decided
 

+ by the whole team.
 

+ Once decided as go, we will create you a namespace in a openshift cluster where
 

+ you can configure your CI. We do provide a Jenkins template in case you want to be
 

+ able to consume vms/baremetal nodes to perform your CI.
 

+ 

+ Please answer the following questions so that we understand your requirement.
 

+ 

+ * How does your project relates to Fedora/CentOS?
 

+ * Describe your work flow and if you need any special permissions (other than
 

+   admin access to namespace), please tell us and provide a reason for them.
 

+ * Do you need bare-metal/vms checkout capability? (we prefer your workflow
 

+   containerized)
 

+ * Resources required
 

+   * PVs:
 

+ 

+ ```
 

+ Project_name:
 

+ Project_members:
 

+  - user1@ACO_registered_email_address
 

+  - user2@ACO_registered_email_address
 

+ ```
 

+ 

+ ## Steps
 

+ 1. Create an OpenShift namespace
 

+ 2. Create an entry in duffy db (with ssh key) - follow adding-duffy-api-key.md
 

+ 3. Instantiate a template to provision Jenkins
 

+ 

+ 

+ ### Create an OpenShift namespace
 

+ 

+ Using the data provided by tenant (i.e. Project name and its admins), create an yaml file to be passed to ansible-playbook (example above).
 

+ 

+ Store it in project directory to and push it to git
 

+ 

+ Use playbook (adhoc-openshift-resources.yaml)[https://github.com/CentOS/ansible-infra-playbooks/blob/staging/adhoc-openshift-resources.yaml] with variables `host=openshift-ci-management` and `the file containing project name and admins`
 

+ 

+ Example: "ansible-playbook playbooks/adhoc-openshift-resources.yaml -e "host=ocp-ci-management" -e "@important_project.yaml""
 

+ 

+ 

+ ## Create an entry in duffy db (with ssh key) - [follow adding-duffy-api-key.md](https://docs.infra.centos.org/operations/ci/adding_cico_tenant/adding-duffy-api-key/)
 

+ 

+ ## Instantiate a template to provision Jenkins
 

+ * Login to openshift
 

+ * Go to project cico-templates to select the cico-workspace Jenkins template
 

+   from workloads -> From Catalog -> {search cico-workspace}
 

+   you would see a template called "cico-workspace: provided by The CentOS
 

+   Project"
 

+ * Click the template to start instantiation process.
 

+   * Select the namespace we want to run Jenkins in (In Namespace variable)
 

+   * Enter appropriate Memory limit and volume capacity (for Jenkins, we prefer 3Gi and 10Gi respectively)
 

+   * Enter duffy API key for the project and SSH private key whose public pair is in duffy db.
 

+ 

+ Click create to instantiate the project.
 

+ 

+ Admin's hack: Increase timeout in deployment config to counter our slow storage timeout issue.

file modified
+1 -1 
@@ -65,7 +65,7 @@ 
 

  ### Resources
 

  

  - Working with CentOS Infra https://docs.fedoraproject.org/en-US/cpe/day_to_day_centos/
 

- - Ticket Tracker: pagure.io/centos-infra [Use template ci-migration for migration or 

+ - Ticket Tracker: pagure.io/centos-infra [Use template ci-migration for migration or
 

  

  - Fedora Nest 2020 talk: https://docs.google.com/presentation/d/1Efwz73t4NdxuzmyV8kvi3SewCIzDpidpePXGLfuweso/edit?ts=5f2ea19e#slide=id.g8fead7ec8b_0_44

file modified
+2 -1 
@@ -26,8 +26,9 @@ 
 

             - operations/ci/localstorage/binding_pvc.md
 

             - operations/ci/localstorage/installation.md
 

           - Onboard Tenants:
 

+            - operations/ci/adding_cico_tenant/adding_cico_tenants.md
 

             - operations/ci/adding_cico_tenant/adding-duffy-api-key.md
 

-            - operations/ci/adding-jumphost.md
 

+            - operations/ci/adding_cico_tenant/adding-jumphost.md
 

           - Add an OpenID identity provider to the cluster: operations/ci/adding_oidc_authentication.md
 

           - Adding Admin Users: operations/ci/adding_admin_users.md
 

           - Adding Nodes: operations/ci/adding_nodes.md

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation