This SOP covers the process of creating an API key for duffy, and adding it to the duffy database table
MariaDB [duffy]> show tables; +-----------------+ | Tables_in_duffy | +-----------------+ | alembic_version | | session_archive | | session_hosts | | sessions | | stock | | userkeys | | users | +-----------------+ 7 rows in set (0.00 sec) MariaDB [duffy]> describe stock; +--------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+-------+ | id | int(11) | NO | PRI | NULL | | | hostname | varchar(20) | YES | | NULL | | | ip | varchar(15) | YES | | NULL | | | chassis | varchar(20) | YES | | NULL | | | used_count | int(11) | YES | | NULL | | | state | varchar(20) | YES | | NULL | | | comment | varchar(255) | YES | | NULL | | | distro | varchar(20) | YES | | NULL | | | rel | varchar(10) | YES | | NULL | | | ver | varchar(10) | YES | | NULL | | | arch | varchar(10) | YES | | NULL | | | pool | int(11) | YES | | NULL | | | console_port | int(11) | YES | | NULL | | | flavor | varchar(20) | YES | | NULL | | | session_id | varchar(37) | YES | MUL | NULL | | | next_state | varchar(20) | YES | | NULL | | +--------------+--------------+------+-----+---------+-------+ 16 rows in set (0.01 sec) MariaDB [duffy]> describe users; +-------------+-------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+-------------+------+-----+---------+-------+ | apikey | varchar(37) | NO | PRI | | | | projectname | varchar(50) | YES | | NULL | | | jobname | varchar(50) | YES | | NULL | | | createdat | date | YES | | NULL | | | limitnodes | int(11) | YES | | NULL | | +-------------+-------------+------+-----+---------+-------+ 5 rows in set (0.00 sec) MariaDB [duffy]> describe userkeys; +------------+---------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +------------+---------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | project_id | varchar(37) | YES | MUL | NULL | | | key | varchar(8192) | YES | | NULL | | +------------+---------------+------+-----+---------+----------------+ 3 rows in set (0.00 sec) MariaDB [duffy]>
+-----------+----------------------+----------------------+------------+-------------+ | apikey | projectname | jobname | createdat | limitnodes | +-----------+----------------------+----------------------+------------+-------------+ | xxxx-yyyy | nfs-ganesha | nfs-ganesha | 2016-02-24 | 10 | | zzzz-aaaa | CentOS | centos_arrfab | 2015-04-17 | 10 | +-----------+----------------------+----------------------+------------+-------------+
mkdir -p keys/project-name/ then ssh-keygen -f ~duffy/keys/project-name/id_rsa -C project-name@CIThe Duffy database runs on the admin.ci node: ssh admin.ci.centos.org and once in the admin node, login in mysql - duffy db
Create user in usertable insert into users values(UUID(), 'projectname', 'projectname', NOW(), 5);
Retrieve the api key from the users table select * from users where projectname="projectname"; Copy the API key somewhere handy (we will need it)
Using that api-key/UUID as project_id, enter ssh key of a user from the project so that they can ssh into the machines. This process must be repeated for every user we wish to add access to via SSH. insert into userkeys (project_id,key) values(<project-UUID-var>, <ssh-key-var>); This ssh key is pushed to duffy nodes - authorized keys when a tenant requests the node through api key.
NOTE: we need to copy private key (pair of key just added in db), and paste it in openshift jenkins template (so copy it to save the trouble later)