Andrew Bogott has uploaded a new change for review.
https://gerrit.wikimedia.org/r/323117
Change subject: wmfkeystonehooks: Maintain project page on wikitech
......................................................................
wmfkeystonehooks: Maintain project page on wikitech
WIP
Bug: T150091
Change-Id: I3a42e3eb117da789a9f960d5b495cdd75fdc00fe
---
M modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py
M modules/openstack/files/liberty/nova/wikistatus/pageeditor.py
M modules/openstack/manifests/keystone/hooks.pp
M modules/openstack/manifests/keystone/service.pp
M modules/openstack/templates/liberty/keystone/keystone.conf.erb
M modules/openstack/templates/mitaka/keystone/keystone.conf.erb
M modules/role/manifests/labs/openstack/keystone.pp
7 files changed, 238 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/17/323117/1
diff --git
a/modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py
b/modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py
index 2faef51..f1975df 100644
---
a/modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py
+++
b/modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py
@@ -16,6 +16,8 @@
from keystone.common import dependency
from keystone import exception
+from wikistatus import pageeditor
+
from oslo_log import log as logging
from oslo_config import cfg
from oslo_messaging.notify import notifier
@@ -39,7 +41,10 @@
default='projectadmin',
help='Name of project-local admin role'),
cfg.MultiStrOpt('wmf_keystone_eventtype_whitelist',
- default=['identity.project.deleted',
'identity.project.created'],
+ default=['identity.project.deleted',
+ 'identity.project.created',
+ 'identity.role_assignment.created',
+ 'identity.role_assignment.deleted'],
help='Event types to always handle.'),
cfg.MultiStrOpt('wmf_keystone_eventtype_blacklist',
default=[],
@@ -58,13 +63,19 @@
"""Notifier class which handles extra project creation/deletion bits
"""
def __init__(self, conf, topics, transport, version=1.0):
- pass
+ self.page_editor = pageeditor.PageEditor()
def _on_project_delete(self, project_id):
LOG.warning("Beginning wmf hooks for project deletion: %s" %
project_id)
- def _on_project_create(self, project_id):
+ resource_name = project_id
+ self.page_editor.edit_page("", resource_name, True)
+ def _on_role_updated(self, project_id):
+ LOG.warning("Beginning wmf hooks for project update: %s" % project_id)
+ self._update_project_page(project_id)
+
+ def _on_project_create(self, project_id):
LOG.warning("Beginning wmf hooks for project creation: %s" %
project_id)
rolelist = self.role_api.list_roles()
@@ -92,6 +103,26 @@
project_id,
roledict[CONF.observer_role_name])
+ self._update_project_page(project_id)
+
+ def _update_project_page(self, project_id):
+ # Create wikitech project page
+ resource_name = project_id
+ template_param_dict = {}
+ template_param_dict['Resource Type'] = 'project'
+ template_param_dict['Project Name'] = project_id
+ admins =
self.assignment_api.list_role_assignments_for_role(CONF.admin_role_name)
+ members =
self.assignment_api.list_role_assignments_for_role(CONF.user_role_name)
+ template_param_dict['Admins'] = ",".join(["User:%s" % user for user in
admins])
+ template_param_dict['Members'] = ",".join(["User:%s" % user for user
in members])
+
+ fields_string = ""
+ for key in template_param_dict:
+ fields_string += "\n|%s=%s" % (key, template_param_dict[key])
+
+ self.page_editor.edit_page(fields_string, resource_name, False,
+ template='Nova Resource')
+
def notify(self, context, message, priority, retry=False):
event_type = message.get('event_type')
@@ -101,6 +132,10 @@
if event_type == 'identity.project.created':
self._on_project_create(message['payload']['resource_info'])
+ if (event_type == 'identity.role_assignment.created' or
+ event_type == 'identity.role_assignment.deleted'):
+ self._on_role_updated(message['payload']['project'])
+
# Eventually this will be used to update project resource pages:
if event_type in CONF.wmf_keystone_eventtype_blacklist:
return
diff --git a/modules/openstack/files/liberty/nova/wikistatus/pageeditor.py
b/modules/openstack/files/liberty/nova/wikistatus/pageeditor.py
index c45775a..aa6c850 100644
--- a/modules/openstack/files/liberty/nova/wikistatus/pageeditor.py
+++ b/modules/openstack/files/liberty/nova/wikistatus/pageeditor.py
@@ -95,7 +95,7 @@
return self._site
def edit_page(self, text, resource_name, delete_page,
- second_try=False):
+ template='InstanceStatus', second_try=False):
site = self._get_site()
pagename = "%s%s" % (CONF.wiki_page_prefix, resource_name)
LOG.debug("Writing wiki page http://%s/wiki/%s"; %
@@ -108,9 +108,10 @@
page.delete(reason='Resource deleted')
else:
- page_string = "%s\n{{InstanceStatus%s}}\n%s" % (begin_comment,
- text,
- end_comment)
+ page_string = "%s\n{{%s%s}}\n%s" % (begin_comment,
+ template,
+ text,
+ end_comment)
pText = page.edit()
start_replace_index = pText.find(begin_comment)
diff --git a/modules/openstack/manifests/keystone/hooks.pp
b/modules/openstack/manifests/keystone/hooks.pp
index c47a0c7..9efd352 100644
--- a/modules/openstack/manifests/keystone/hooks.pp
+++ b/modules/openstack/manifests/keystone/hooks.pp
@@ -3,6 +3,9 @@
class openstack::keystone::hooks(
$openstack_version = $::openstack::version)
{
+ # This installs a python class that keystone also uses:
+ include openstack::nova::hooks
+
file { '/usr/lib/python2.7/dist-packages/wmfkeystonehooks':
source =>
"puppet:///modules/openstack/${openstack_version}/keystone/wmfkeystonehooks",
owner => 'root',
diff --git a/modules/openstack/manifests/keystone/service.pp
b/modules/openstack/manifests/keystone/service.pp
index b7ed76c..198b174 100644
--- a/modules/openstack/manifests/keystone/service.pp
+++ b/modules/openstack/manifests/keystone/service.pp
@@ -1,6 +1,8 @@
# keystone is the identity service of openstack
# http://docs.openstack.org/developer/keystone/
-class openstack::keystone::service($keystoneconfig,
$openstack_version=$::openstack::version) {
+class openstack::keystone::service($keystoneconfig,
+ $wikitechstatusconfig,
+ $openstack_version=$::openstack::version) {
include openstack::repo
include keystone::hooks
diff --git a/modules/openstack/templates/liberty/keystone/keystone.conf.erb
b/modules/openstack/templates/liberty/keystone/keystone.conf.erb
index 71e79be..36e9628 100644
--- a/modules/openstack/templates/liberty/keystone/keystone.conf.erb
+++ b/modules/openstack/templates/liberty/keystone/keystone.conf.erb
@@ -228,7 +228,17 @@
# The Drivers(s) to handle sending notifications. Possible values are
# messaging, messagingv2, routing, log, test, noop (multi valued)
notification_driver = wmfkeystonehooks
+
+# Login info for wikitech, for project page updates
+wiki_host=<%= @wikitechstatusconfig["host"] %>
+wiki_domain=<%= @wikitechstatusconfig["domain"] %>
+wiki_page_prefix=<%= @wikitechstatusconfig["page_prefix"] %>
+wiki_instance_region=<%= @wikitechstatusconfig["region"] %>
+wiki_login=<%= @wikitechstatusconfig["user"] %>
+wiki_password=<%= @wikitechstatusconfig["pass"] %>
+wiki_instance_dns_domain=<%= @wikitechstatusconfig["dns_domain"] %>
+
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
#notification_topics = notifications
@@ -428,3 +438,169 @@
dbpass = <%= @keystoneconfig["oath_dbpass"] %>
dbname = <%= @keystoneconfig["oath_dbname"] %>
dbhost = <%= @keystoneconfig["oath_dbhost"] %>
+
+
+
+[DEFAULT]
+
+verbose=True
+auth_strategy=keystone
+compute_driver=nova.virt.libvirt.LibvirtDriver
+notification_topics=notifications,ceilometer_notifications
+connection_type=libvirt
+root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
+instance_name_template=i-%08x
+daemonize=1
+scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
+wmf_scheduler_hosts_pool=<%= @novaconfig["scheduler_pool"].join(",") %>
+scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AvailabilityZoneFilter,SchedulerPoolFilter,DiskFilter
+
+# Don't allow duplicate instance names
+osapi_compute_unique_server_name_scope='global'
+
+# Security groups for big projects (e.g. tools) are too hard to
+# organize and cause a timeout between conductor and compute.
+# This is /maybe/ fixed in mitaka, so we can investigate reverting
+# this to 60 (the proper default) in future versions.
+rpc_response_timeout=180
+
+my_ip=<%= @novaconfig["my_ip"] %>
+log_dir=/var/log/nova
+state_path=/var/lib/nova
+lock_path=/var/lock/nova
+sql_connection=mysql://<%= @novaconfig["db_user"] %>:<%=
@novaconfig["db_pass"] %>@<%= @novaconfig["db_host"] %>/<%=
@novaconfig["db_name"] %>
+image_service=nova.image.glance.GlanceImageService
+remove_unused_base_images=True
+s3_host=<%= @novaconfig["glance_host"] %>
+glance_api_servers=<%= @novaconfig["glance_host"] %>:9292
+cc_host=<%= @novaconfig["cc_host"] %>
+ec2_url=http://<%= @novaconfig["api_host"] %>:8773/services/Cloud
+ec2_dmz_host=<%= @novaconfig["api_ip"] %>
+dmz_cidr=<%= @novaconfig["dmz_cidr"] %>
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+dhcp_domain=<%= @novaconfig["dhcp_domain"] %>
+
+# Default quotas for new projects: 1 xlarge instance
+# (or 4 medium, or 8 small)
+quota_cores = 8
+quota_instances = 8
+quota_ram = 16384
+quota_floating_ips=<%= @novaconfig["quota_floating_ips"] %>
+quota_fixed_ips=200
+
+# Quota drift is a common problem
+max_age = 30
+
+
+api_paste_config=/etc/nova/api-paste.ini
+#use_ipv6=True
+allow_same_net_traffic=False
+force_dhcp_release=True
+# set the lease time to 24 hours
+dhcp_lease_time=86400
+# timeout expired leases after 48 hours
+fixed_ip_disassociate_timeout=172800
+iscsi_helper=tgtadm
+
+network_api_class=nova.network.api.API
+flat_network_dhcp_start=<%= @novaconfig["dhcp_start"] %>
+network_manager=nova.network.manager.FlatDHCPManager
+flat_interface=<%= @novaconfig["network_flat_interface"] %>
+flat_injected=False
+flat_network_bridge=<%= @novaconfig["flat_network_bridge"] %>
+fixed_range=<%= @novaconfig["fixed_range"] %>
+public_interface=<%= @novaconfig["network_public_interface"] %>
+routing_source_ip=<%= @novaconfig["network_public_ip"] %>
+multi_host=False
+
+# novnc stuff
+vnc_enabled=False
+
+dnsmasq_config_file=/etc/dnsmasq-nova.conf
+
+# Settings for wikistatus, the plugin that updates OSM with instance status:
+notification_driver=wikistatus
+notify_on_state_change=vm_state
+
+wiki_host=<%= @instance_status_wiki_host %>
+wiki_domain=<%= @instance_status_wiki_domain %>
+wiki_page_prefix=<%= @instance_status_wiki_page_prefix %>
+wiki_instance_region=<%= @instance_status_wiki_region %>
+wiki_login=<%= @instance_status_wiki_user %>
+wiki_password=<%= @instance_status_wiki_pass %>
+wiki_instance_dns_domain=<%= @instance_status_dns_domain %>
+
+# Designate things:
+notification_driver = messagingv2
+
+# Ceilometer things:
+instance_usage_audit = True
+instance_usage_audit_period = hour
+notify_on_state_change = vm_and_task_state
+
+# Overprovision settings
+
+# Running OOM on a compute host produces weird spontaneous shutdowns.
+# avoid overcommitting as long as we can afford it.
+ram_allocation_ratio=1.0
+
+# Since our images are copy-on-write we can support some overcommitting here.
+disk_allocation_ratio=1.5
+
+
+# Deprecated, remove in Kilo:
+node_availability_zone=<%= @novaconfig["zone"] %>
+zone_name=<%= @novaconfig["zone"] %>
+# Should be:
+#default_availability_zone = <%= @novaconfig["zone"] %>
+
+[database]
+# http://docs.sqlalchemy.org/en/latest/core/pooling.html
+max_overflow = 25
+max_pool_size = 10
+pool_timeout = 60
+
+[glance]
+host=<%= @novaconfig["glance_host"] %>
+
+[libvirt]
+virt_type=<%= @novaconfig["libvirt_type"] %>
+use_virtio_for_bridges=True
+# live_migration_bandwidth is documented in the code, and nowhere else.
+# 'Maximum bandwidth to be used during migration, in Mbps'
+# Limit this to around a third of available 1Gbps connection so we don't
+# throttle running instances when migrating.
+live_migration_bandwidth=300
+live_migration_uri=<%= @novaconfig["live_migration_uri"] %>
+
+[oslo_messaging_rabbit]
+rabbit_host=<%= @novaconfig["rabbit_host"] %>
+rabbit_port = 5672
+rabbit_use_ssl = False
+rabbit_userid = <%= @novaconfig["rabbit_user"] %>
+rabbit_password = <%= @novaconfig["rabbit_pass"] %>
+
+[spice]
+html5proxy_host=<%= @novaconfig['controller_hostname'] %>
+html5proxy_port=6082
+html5proxy_base_url=https://<%= @novaconfig['spice_hostname']
%>/spice_sec_auto.html
+
+# These two only matter on the compute hosts:
+server_listen=0.0.0.0
+server_proxyclient_address=<%= @novaconfig["my_ip"] %>
+
+# Enable spice related features (boolean value)
+enabled=True
+
+# Enable spice guest agent support (boolean value)
+agent_enabled=True
+
+# Keymap for spice (string value)
+keymap=en-us
+
+[workarounds]
+# This is the safest option until evacuation is fixed in Libery
+destroy_after_evacuate=False
+
+
diff --git a/modules/openstack/templates/mitaka/keystone/keystone.conf.erb
b/modules/openstack/templates/mitaka/keystone/keystone.conf.erb
index 59956e0..f3478c5 100644
--- a/modules/openstack/templates/mitaka/keystone/keystone.conf.erb
+++ b/modules/openstack/templates/mitaka/keystone/keystone.conf.erb
@@ -228,7 +228,17 @@
# The Drivers(s) to handle sending notifications. Possible values are
# messaging, messagingv2, routing, log, test, noop (multi valued)
notification_driver = wmfkeystonehooks
+
+# Login info for wikitech, for project page updates
+wiki_host=<%= @wikitechstatusconfig["host"] %>
+wiki_domain=<%= @wikitechstatusconfig["domain"] %>
+wiki_page_prefix=<%= @wikitechstatusconfig["page_prefix"] %>
+wiki_instance_region=<%= @wikitechstatusconfig["region"] %>
+wiki_login=<%= @wikitechstatusconfig["user"] %>
+wiki_password=<%= @wikitechstatusconfig["pass"] %>
+wiki_instance_dns_domain=<%= @wikitechstatusconfig["dns_domain"] %>
+
# AMQP topic used for OpenStack notifications. (list value)
# Deprecated group/name - [rpc_notifier2]/topics
#notification_topics = notifications
diff --git a/modules/role/manifests/labs/openstack/keystone.pp
b/modules/role/manifests/labs/openstack/keystone.pp
index 9d6c638..827da4b 100644
--- a/modules/role/manifests/labs/openstack/keystone.pp
+++ b/modules/role/manifests/labs/openstack/keystone.pp
@@ -4,8 +4,10 @@
$nova_controller = hiera('labs_nova_controller')
$keystoneconfig = hiera_hash('keystoneconfig', {})
+ $wikitechstatusconfig = hiera_hash('wikitechstatusconfig', {})
class { 'openstack::keystone::service':
- keystoneconfig => $keystoneconfig,
+ keystoneconfig => $keystoneconfig,
+ wikitechstatusconfig => $wikitechstatusconfig,
}
}
--
To view, visit https://gerrit.wikimedia.org/r/323117
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3a42e3eb117da789a9f960d5b495cdd75fdc00fe
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
