SOP to create/migrate Duffy tenant

SOP to create/migrate Duffy tenant¶

This SOP covers the process of how to create a duffy tenant

Create new tenant¶

Creating dedicated ssh keypair¶

Note

we'll start using the pkistore git-crypted git repo for this, so be sure to have that under git control

We'll just create the new ssh keypair directly into the CI pkistore repository :

project="samba"
ssh-keygen -f ocp/ssh/${project} -C ${project}@CI

Important

Don't forget to add and git commit && git push new keys in pkistore/ocp/ssh repo

This will create both private and public ssh keys, and you can now copy the public key to be inserted into Duffy DB (see below)

Create new Duffy tenant¶

ssh duffy.ci.centos.org

Change to duffy user¶

sudo su - duffy

Create tenant with the command below and save api key somewhere safe, it outputs the key as `<tenant name>: <API key>`¶

duffy admin create-tenant <tenant name> "ssh-rsa <ssh pub-key_created_above>"

Artifacts storage box¶

CI tenants are allowed to upload artifacts to one storage box, so we need to allow them to upload/rsync to it. It's all controlled by the artifacts_projects_list list in ansible (host_vars) so don't forget to also add project and ssh public keys there too

Duffy client configuration (external)¶

Connect to the host that will have duffy client¶

ssh <host user>@<target host>

Install duffy client using `pip`¶

pip3.8 install --user duffy[client]

In the home path of the user, create `.config` directory if it doesn’t exist and create `.config/duffy` with the following content¶

client:
  url: https://duffy.ci.centos.org/api/v1
  auth:
    name: <tenant name>
    key: <API key>

To create a session, the name of the pool is required. Check the pool available executing the command (Optional)¶

duffy client list-pools

Request a session¶

duffy client request-session pool=<name of the pool>,quantity=<number of sessions wanted>

By default this command outputs a json, but it's possible to change the format to yaml or flat using --format. Under "node" key it's possible to find the hostname to be used. Log in to it as root user, using ssh.

{
...output ommited...

"nodes": [
    {
        "hostname": "<hostname>.ci.centos.org",
        "ipaddr": "<ip address>",

...output ommited...
}

When needed to retire the session, connect to your duffy client host and execute the command¶

duffy client retire-session <session id>

It's possible to check the session id either when the session is requested, in the output under "session" key, or using the following command:

duffy client list-sessions