siddharthvipul1 / centos / centos-infra-docs

Forked from centos/centos-infra-docs 2 years ago
Clone
Source Code
GIT

Files

master
  1.   master
  2.   docs
  3.   operations
  4.   ci
  5.   adding_cico_tenant
  6.   adding-duffy-api-key.md
Blob Blame History Raw 
# SOP to Create a duffy API/SSH keys
This SOP covers the process of creating an API key for duffy, and adding it to the duffy database table


## Requirements

- project name

## Duffy Database Schemas

```
MariaDB [duffy]> show tables;
+-----------------+
| Tables_in_duffy |
+-----------------+
| alembic_version |
| session_archive |
| session_hosts   |
| sessions        |
| stock           |
| userkeys        |
| users           |
+-----------------+
7 rows in set (0.00 sec)

MariaDB [duffy]> describe stock;
+--------------+--------------+------+-----+---------+-------+
| Field        | Type         | Null | Key | Default | Extra |
+--------------+--------------+------+-----+---------+-------+
| id           | int(11)      | NO   | PRI | NULL    |       |
| hostname     | varchar(20)  | YES  |     | NULL    |       |
| ip           | varchar(15)  | YES  |     | NULL    |       |
| chassis      | varchar(20)  | YES  |     | NULL    |       |
| used_count   | int(11)      | YES  |     | NULL    |       |
| state        | varchar(20)  | YES  |     | NULL    |       |
| comment      | varchar(255) | YES  |     | NULL    |       |
| distro       | varchar(20)  | YES  |     | NULL    |       |
| rel          | varchar(10)  | YES  |     | NULL    |       |
| ver          | varchar(10)  | YES  |     | NULL    |       |
| arch         | varchar(10)  | YES  |     | NULL    |       |
| pool         | int(11)      | YES  |     | NULL    |       |
| console_port | int(11)      | YES  |     | NULL    |       |
| flavor       | varchar(20)  | YES  |     | NULL    |       |
| session_id   | varchar(37)  | YES  | MUL | NULL    |       |
| next_state   | varchar(20)  | YES  |     | NULL    |       |
+--------------+--------------+------+-----+---------+-------+
16 rows in set (0.01 sec)

MariaDB [duffy]> describe users;
+-------------+-------------+------+-----+---------+-------+
| Field       | Type        | Null | Key | Default | Extra |
+-------------+-------------+------+-----+---------+-------+
| apikey      | varchar(37) | NO   | PRI |         |       |
| projectname | varchar(50) | YES  |     | NULL    |       |
| jobname     | varchar(50) | YES  |     | NULL    |       |
| createdat   | date        | YES  |     | NULL    |       |
| limitnodes  | int(11)     | YES  |     | NULL    |       |
+-------------+-------------+------+-----+---------+-------+
5 rows in set (0.00 sec)

MariaDB [duffy]> describe userkeys;
+------------+---------------+------+-----+---------+----------------+
| Field      | Type          | Null | Key | Default | Extra          |
+------------+---------------+------+-----+---------+----------------+
| id         | int(11)       | NO   | PRI | NULL    | auto_increment |
| project_id | varchar(37)   | YES  | MUL | NULL    |                |
| key        | varchar(8192) | YES  |     | NULL    |                |
+------------+---------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)

MariaDB [duffy]> describe users;

+-----------+----------------------+----------------------+------------+-------------+
| apikey    | projectname          | jobname              | createdat  | limitnodes |
+-----------+----------------------+----------------------+------------+-------------+
| xxxx-yyyy | nfs-ganesha          | nfs-ganesha          | 2016-02-24 |         10 |
| zzzz-aaaa | CentOS               | centos_arrfab        | 2015-04-17 |         10 |
+-----------+----------------------+----------------------+------------+-------------+
```

## Steps to create a new duffy SSH key

!!! note
    we'll start using the `pkistore` git-crypted git repo for this, so be sure to have that under git control

We'll just create the new ssh keypair directly into the pkistore repository :

```
project="samba"
ssh-keygen -f ocp/ssh/${project} -C ${project}@CI

```

!!! important
    Don't forget to add and git commit && git push new keys in pkistore/ocp/ssh repo


This will create both private and public ssh keys, and  you can now copy the public key to be inserted into Duffy DB


## Steps to create a new duffy API key

1. The Duffy database runs on the admin.ci node: `ssh admin.ci.centos.org` and once in the admin node, login in mysql - duffy db

2. Create user in usertable

``` 
insert into users values(UUID(), '<projectname>', '<projectname>', NOW(), 5);`
```


3. Retrieve the api key from the users table ` select * from users where projectname="projectname";` Copy the API key somewhere handy (we will need it)

4. Using that api-key/UUID as project_id, enter ssh key of a user from the project so that they can ssh into the machines. This process must be repeated for every user we wish to add access to via SSH.  

```
insert into userkeys (project_id,`key`) values(<project-UUID-var>, <ssh-key-var>);` 
```

This ssh key is pushed to duffy nodes - authorized keys when a tenant requests the node through api key.

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation