diff --git a/docs/operations/ci/adding_cico_tenant/adding-duffy-api-key.md b/docs/operations/ci/adding_cico_tenant/adding-duffy-api-key.md index 432d144..a65edb0 100644 --- a/docs/operations/ci/adding_cico_tenant/adding-duffy-api-key.md +++ b/docs/operations/ci/adding_cico_tenant/adding-duffy-api-key.md @@ -68,12 +68,8 @@ MariaDB [duffy]> describe userkeys; +------------+---------------+------+-----+---------+----------------+ 3 rows in set (0.00 sec) -MariaDB [duffy]> - -``` - +MariaDB [duffy]> describe users; -``` +-----------+----------------------+----------------------+------------+-------------+ | apikey | projectname | jobname | createdat | limitnodes | +-----------+----------------------+----------------------+------------+-------------+ @@ -84,18 +80,29 @@ MariaDB [duffy]> ## Steps to create a new duffy SSH key 1. On the home directory of user duffy on the admin.ci.centos.org instance, we have a folder where we store the created ssh keys for duffy tenants. -2. `mkdir -p keys/project-name/` then `ssh-keygen -f ~duffy/keys/project-name/id_rsa -C project-name@CI` +2. `mkdir -p keys//` then `ssh-keygen -f ~duffy/keys//id_rsa -C @CI` 3. Copy the public key ## Steps to create a new duffy API key 1. The Duffy database runs on the admin.ci node: `ssh admin.ci.centos.org` and once in the admin node, login in mysql - duffy db -2. Create user in usertable `insert into users values(UUID(), 'projectname', 'projectname', NOW(), 5);` +2. Create user in usertable + +``` +insert into users values(UUID(), '', '', NOW(), 5);` +``` + 3. Retrieve the api key from the users table ` select * from users where projectname="projectname";` Copy the API key somewhere handy (we will need it) -4. Using that api-key/UUID as project_id, enter ssh key of a user from the project so that they can ssh into the machines. This process must be repeated for every user we wish to add access to via SSH. `insert into userkeys (project_id,key) values(, );` This ssh key is pushed to duffy nodes - authorized keys when a tenant requests the node through api key. +4. Using that api-key/UUID as project_id, enter ssh key of a user from the project so that they can ssh into the machines. This process must be repeated for every user we wish to add access to via SSH. + +``` +insert into userkeys (project_id,`key`) values(, );` +``` + +This ssh key is pushed to duffy nodes - authorized keys when a tenant requests the node through api key. NOTE: we need to copy private key (pair of key just added in db), and paste it in openshift jenkins template (so copy it to save the trouble later) diff --git a/docs/operations/ci/adding_cico_tenant/adding_cico_tenants.md b/docs/operations/ci/adding_cico_tenant/adding_cico_tenants.md index 203722c..716c138 100644 --- a/docs/operations/ci/adding_cico_tenant/adding_cico_tenants.md +++ b/docs/operations/ci/adding_cico_tenant/adding_cico_tenants.md @@ -47,7 +47,7 @@ Example: "ansible-playbook playbooks/adhoc-openshift-resources.yaml -e "host=ocp If you need to also modify members and/or email addresses, you can just follow the same process and replay the same playbook : that will reflect changes in openshift. If you need access to that private git repository (to be fixed and moved elsewhere in the official `centos` namespace, reach out to another infra team member -## Create an entry in duffy db (with ssh key) - [follow adding-duffy-api-key.md](https://docs.infra.centos.org/operations/ci/adding_cico_tenant/adding-duffy-api-key/) +## Create an entry in duffy db (with ssh key) - [follow adding-duffy-api-key.md](/operations/ci/adding_cico_tenant/adding-duffy-api-key/) ## Create a PV(Persistent Volume) for Jenkins instance