This SOP covers the process of creating an API key for duffy, and adding it to the duffy database table
MariaDB [duffy]> show tables; +-----------------+ | Tables_in_duffy | +-----------------+ | alembic_version | | session_archive | | session_hosts | | sessions | | stock | | userkeys | | users | +-----------------+ 7 rows in set (0.00 sec) MariaDB [duffy]> describe stock; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | id | int(11) | NO | PRI | NULL | | | hostname | varchar(20) | YES | | NULL | | | ip | varchar(15) | YES | | NULL | | | chassis | varchar(20) | YES | | NULL | | | used_count | int(11) | YES | | NULL | | | state | varchar(20) | YES | | NULL | | | comment | varchar(255) | YES | | NULL | | | distro | varchar(20) | YES | | NULL | | | rel | varchar(10) | YES | | NULL | | | ver | varchar(10) | YES | | NULL | | | arch | varchar(10) | YES | | NULL | | | pool | int(11) | YES | | NULL | | | console_port | int(11) | YES | | NULL | | | flavor | varchar(20) | YES | | NULL | | | session_id | varchar(37) | YES | MUL | NULL | | | next_state | varchar(20) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ 16 rows in set (0.01 sec) MariaDB [duffy]> describe users; +-------------+-------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+-------------+------+-----+---------+-------+ | apikey | varchar(37) | NO | PRI | | | | projectname | varchar(50) | YES | | NULL | | | jobname | varchar(50) | YES | | NULL | | | createdat | date | YES | | NULL | | | limitnodes | int(11) | YES | | NULL | | +-------------+-------------+------+-----+---------+-------+ 5 rows in set (0.00 sec) MariaDB [duffy]> describe userkeys; +------------+---------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +------------+---------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | project_id | varchar(37) | YES | MUL | NULL | | | key | varchar(8192) | YES | | NULL | | +------------+---------------+------+-----+---------+----------------+ 3 rows in set (0.00 sec) MariaDB [duffy]>
+-----------+----------------------+----------------------+------------+-------------+ | apikey | projectname | jobname | createdat | limitnodes | +-----------+----------------------+----------------------+------------+-------------+ | xxxx-yyyy | nfs-ganesha | nfs-ganesha | 2016-02-24 | 10 | | zzzz-aaaa | CentOS | centos_arrfab | 2015-04-17 | 10 | +-----------+----------------------+----------------------+------------+-------------+
mkdir -p keys/project-name/ then ssh-keygen -f ~duffy/keys/project-name/id_rsa -C project-name@CIThe Duffy database runs on the admin.ci node: ssh admin.ci.centos.org.
We have a script which does this work.. how do we use it
Create user in usertable
insert into users values(UUID(), 'projectname', 'projectname', NOW(), 5);
Retrieve the api key from the users table
select * from users where projectname="projectname";
Using that api-key/UUID as project_id, enter ssh key of a user from the project so that they can ssh into the machines. This process must be repeated for every user we wish to add access to via SSH.
insert into userkeys (project_id,key) values('<project-UUID>', '<ssh-key>');
This ssh key is pushed to duffy nodes - authorized keys when a tenant requests the node through api key.