Andrew Bogott has uploaded a new change for review. https://gerrit.wikimedia.org/r/323117
Change subject: wmfkeystonehooks: Maintain project page on wikitech ...................................................................... wmfkeystonehooks: Maintain project page on wikitech WIP Bug: T150091 Change-Id: I3a42e3eb117da789a9f960d5b495cdd75fdc00fe --- M modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py M modules/openstack/files/liberty/nova/wikistatus/pageeditor.py M modules/openstack/manifests/keystone/hooks.pp M modules/openstack/manifests/keystone/service.pp M modules/openstack/templates/liberty/keystone/keystone.conf.erb M modules/openstack/templates/mitaka/keystone/keystone.conf.erb M modules/role/manifests/labs/openstack/keystone.pp 7 files changed, 238 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/17/323117/1 diff --git a/modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py b/modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py index 2faef51..f1975df 100644 --- a/modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py +++ b/modules/openstack/files/liberty/keystone/wmfkeystonehooks/wmfkeystonehooks.py @@ -16,6 +16,8 @@ from keystone.common import dependency from keystone import exception +from wikistatus import pageeditor + from oslo_log import log as logging from oslo_config import cfg from oslo_messaging.notify import notifier @@ -39,7 +41,10 @@ default='projectadmin', help='Name of project-local admin role'), cfg.MultiStrOpt('wmf_keystone_eventtype_whitelist', - default=['identity.project.deleted', 'identity.project.created'], + default=['identity.project.deleted', + 'identity.project.created', + 'identity.role_assignment.created', + 'identity.role_assignment.deleted'], help='Event types to always handle.'), cfg.MultiStrOpt('wmf_keystone_eventtype_blacklist', default=[], @@ -58,13 +63,19 @@ """Notifier class which handles extra project creation/deletion bits """ def __init__(self, conf, topics, transport, version=1.0): - pass + self.page_editor = pageeditor.PageEditor() def _on_project_delete(self, project_id): LOG.warning("Beginning wmf hooks for project deletion: %s" % project_id) - def _on_project_create(self, project_id): + resource_name = project_id + self.page_editor.edit_page("", resource_name, True) + def _on_role_updated(self, project_id): + LOG.warning("Beginning wmf hooks for project update: %s" % project_id) + self._update_project_page(project_id) + + def _on_project_create(self, project_id): LOG.warning("Beginning wmf hooks for project creation: %s" % project_id) rolelist = self.role_api.list_roles() @@ -92,6 +103,26 @@ project_id, roledict[CONF.observer_role_name]) + self._update_project_page(project_id) + + def _update_project_page(self, project_id): + # Create wikitech project page + resource_name = project_id + template_param_dict = {} + template_param_dict['Resource Type'] = 'project' + template_param_dict['Project Name'] = project_id + admins = self.assignment_api.list_role_assignments_for_role(CONF.admin_role_name) + members = self.assignment_api.list_role_assignments_for_role(CONF.user_role_name) + template_param_dict['Admins'] = ",".join(["User:%s" % user for user in admins]) + template_param_dict['Members'] = ",".join(["User:%s" % user for user in members]) + + fields_string = "" + for key in template_param_dict: + fields_string += "\n|%s=%s" % (key, template_param_dict[key]) + + self.page_editor.edit_page(fields_string, resource_name, False, + template='Nova Resource') + def notify(self, context, message, priority, retry=False): event_type = message.get('event_type') @@ -101,6 +132,10 @@ if event_type == 'identity.project.created': self._on_project_create(message['payload']['resource_info']) + if (event_type == 'identity.role_assignment.created' or + event_type == 'identity.role_assignment.deleted'): + self._on_role_updated(message['payload']['project']) + # Eventually this will be used to update project resource pages: if event_type in CONF.wmf_keystone_eventtype_blacklist: return diff --git a/modules/openstack/files/liberty/nova/wikistatus/pageeditor.py b/modules/openstack/files/liberty/nova/wikistatus/pageeditor.py index c45775a..aa6c850 100644 --- a/modules/openstack/files/liberty/nova/wikistatus/pageeditor.py +++ b/modules/openstack/files/liberty/nova/wikistatus/pageeditor.py @@ -95,7 +95,7 @@ return self._site def edit_page(self, text, resource_name, delete_page, - second_try=False): + template='InstanceStatus', second_try=False): site = self._get_site() pagename = "%s%s" % (CONF.wiki_page_prefix, resource_name) LOG.debug("Writing wiki page http://%s/wiki/%s" % @@ -108,9 +108,10 @@ page.delete(reason='Resource deleted') else: - page_string = "%s\n{{InstanceStatus%s}}\n%s" % (begin_comment, - text, - end_comment) + page_string = "%s\n{{%s%s}}\n%s" % (begin_comment, + template, + text, + end_comment) pText = page.edit() start_replace_index = pText.find(begin_comment) diff --git a/modules/openstack/manifests/keystone/hooks.pp b/modules/openstack/manifests/keystone/hooks.pp index c47a0c7..9efd352 100644 --- a/modules/openstack/manifests/keystone/hooks.pp +++ b/modules/openstack/manifests/keystone/hooks.pp @@ -3,6 +3,9 @@ class openstack::keystone::hooks( $openstack_version = $::openstack::version) { + # This installs a python class that keystone also uses: + include openstack::nova::hooks + file { '/usr/lib/python2.7/dist-packages/wmfkeystonehooks': source => "puppet:///modules/openstack/${openstack_version}/keystone/wmfkeystonehooks", owner => 'root', diff --git a/modules/openstack/manifests/keystone/service.pp b/modules/openstack/manifests/keystone/service.pp index b7ed76c..198b174 100644 --- a/modules/openstack/manifests/keystone/service.pp +++ b/modules/openstack/manifests/keystone/service.pp @@ -1,6 +1,8 @@ # keystone is the identity service of openstack # http://docs.openstack.org/developer/keystone/ -class openstack::keystone::service($keystoneconfig, $openstack_version=$::openstack::version) { +class openstack::keystone::service($keystoneconfig, + $wikitechstatusconfig, + $openstack_version=$::openstack::version) { include openstack::repo include keystone::hooks diff --git a/modules/openstack/templates/liberty/keystone/keystone.conf.erb b/modules/openstack/templates/liberty/keystone/keystone.conf.erb index 71e79be..36e9628 100644 --- a/modules/openstack/templates/liberty/keystone/keystone.conf.erb +++ b/modules/openstack/templates/liberty/keystone/keystone.conf.erb @@ -228,7 +228,17 @@ # The Drivers(s) to handle sending notifications. Possible values are # messaging, messagingv2, routing, log, test, noop (multi valued) notification_driver = wmfkeystonehooks + +# Login info for wikitech, for project page updates +wiki_host=<%= @wikitechstatusconfig["host"] %> +wiki_domain=<%= @wikitechstatusconfig["domain"] %> +wiki_page_prefix=<%= @wikitechstatusconfig["page_prefix"] %> +wiki_instance_region=<%= @wikitechstatusconfig["region"] %> +wiki_login=<%= @wikitechstatusconfig["user"] %> +wiki_password=<%= @wikitechstatusconfig["pass"] %> +wiki_instance_dns_domain=<%= @wikitechstatusconfig["dns_domain"] %> + # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics #notification_topics = notifications @@ -428,3 +438,169 @@ dbpass = <%= @keystoneconfig["oath_dbpass"] %> dbname = <%= @keystoneconfig["oath_dbname"] %> dbhost = <%= @keystoneconfig["oath_dbhost"] %> + + + +[DEFAULT] + +verbose=True +auth_strategy=keystone +compute_driver=nova.virt.libvirt.LibvirtDriver +notification_topics=notifications,ceilometer_notifications +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +instance_name_template=i-%08x +daemonize=1 +scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler +wmf_scheduler_hosts_pool=<%= @novaconfig["scheduler_pool"].join(",") %> +scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateInstanceExtraSpecsFilter,AvailabilityZoneFilter,SchedulerPoolFilter,DiskFilter + +# Don't allow duplicate instance names +osapi_compute_unique_server_name_scope='global' + +# Security groups for big projects (e.g. tools) are too hard to +# organize and cause a timeout between conductor and compute. +# This is /maybe/ fixed in mitaka, so we can investigate reverting +# this to 60 (the proper default) in future versions. +rpc_response_timeout=180 + +my_ip=<%= @novaconfig["my_ip"] %> +log_dir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lock/nova +sql_connection=mysql://<%= @novaconfig["db_user"] %>:<%= @novaconfig["db_pass"] %>@<%= @novaconfig["db_host"] %>/<%= @novaconfig["db_name"] %> +image_service=nova.image.glance.GlanceImageService +remove_unused_base_images=True +s3_host=<%= @novaconfig["glance_host"] %> +glance_api_servers=<%= @novaconfig["glance_host"] %>:9292 +cc_host=<%= @novaconfig["cc_host"] %> +ec2_url=http://<%= @novaconfig["api_host"] %>:8773/services/Cloud +ec2_dmz_host=<%= @novaconfig["api_ip"] %> +dmz_cidr=<%= @novaconfig["dmz_cidr"] %> +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +dhcp_domain=<%= @novaconfig["dhcp_domain"] %> + +# Default quotas for new projects: 1 xlarge instance +# (or 4 medium, or 8 small) +quota_cores = 8 +quota_instances = 8 +quota_ram = 16384 +quota_floating_ips=<%= @novaconfig["quota_floating_ips"] %> +quota_fixed_ips=200 + +# Quota drift is a common problem +max_age = 30 + + +api_paste_config=/etc/nova/api-paste.ini +#use_ipv6=True +allow_same_net_traffic=False +force_dhcp_release=True +# set the lease time to 24 hours +dhcp_lease_time=86400 +# timeout expired leases after 48 hours +fixed_ip_disassociate_timeout=172800 +iscsi_helper=tgtadm + +network_api_class=nova.network.api.API +flat_network_dhcp_start=<%= @novaconfig["dhcp_start"] %> +network_manager=nova.network.manager.FlatDHCPManager +flat_interface=<%= @novaconfig["network_flat_interface"] %> +flat_injected=False +flat_network_bridge=<%= @novaconfig["flat_network_bridge"] %> +fixed_range=<%= @novaconfig["fixed_range"] %> +public_interface=<%= @novaconfig["network_public_interface"] %> +routing_source_ip=<%= @novaconfig["network_public_ip"] %> +multi_host=False + +# novnc stuff +vnc_enabled=False + +dnsmasq_config_file=/etc/dnsmasq-nova.conf + +# Settings for wikistatus, the plugin that updates OSM with instance status: +notification_driver=wikistatus +notify_on_state_change=vm_state + +wiki_host=<%= @instance_status_wiki_host %> +wiki_domain=<%= @instance_status_wiki_domain %> +wiki_page_prefix=<%= @instance_status_wiki_page_prefix %> +wiki_instance_region=<%= @instance_status_wiki_region %> +wiki_login=<%= @instance_status_wiki_user %> +wiki_password=<%= @instance_status_wiki_pass %> +wiki_instance_dns_domain=<%= @instance_status_dns_domain %> + +# Designate things: +notification_driver = messagingv2 + +# Ceilometer things: +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state + +# Overprovision settings + +# Running OOM on a compute host produces weird spontaneous shutdowns. +# avoid overcommitting as long as we can afford it. +ram_allocation_ratio=1.0 + +# Since our images are copy-on-write we can support some overcommitting here. +disk_allocation_ratio=1.5 + + +# Deprecated, remove in Kilo: +node_availability_zone=<%= @novaconfig["zone"] %> +zone_name=<%= @novaconfig["zone"] %> +# Should be: +#default_availability_zone = <%= @novaconfig["zone"] %> + +[database] +# http://docs.sqlalchemy.org/en/latest/core/pooling.html +max_overflow = 25 +max_pool_size = 10 +pool_timeout = 60 + +[glance] +host=<%= @novaconfig["glance_host"] %> + +[libvirt] +virt_type=<%= @novaconfig["libvirt_type"] %> +use_virtio_for_bridges=True +# live_migration_bandwidth is documented in the code, and nowhere else. +# 'Maximum bandwidth to be used during migration, in Mbps' +# Limit this to around a third of available 1Gbps connection so we don't +# throttle running instances when migrating. +live_migration_bandwidth=300 +live_migration_uri=<%= @novaconfig["live_migration_uri"] %> + +[oslo_messaging_rabbit] +rabbit_host=<%= @novaconfig["rabbit_host"] %> +rabbit_port = 5672 +rabbit_use_ssl = False +rabbit_userid = <%= @novaconfig["rabbit_user"] %> +rabbit_password = <%= @novaconfig["rabbit_pass"] %> + +[spice] +html5proxy_host=<%= @novaconfig['controller_hostname'] %> +html5proxy_port=6082 +html5proxy_base_url=https://<%= @novaconfig['spice_hostname'] %>/spice_sec_auto.html + +# These two only matter on the compute hosts: +server_listen=0.0.0.0 +server_proxyclient_address=<%= @novaconfig["my_ip"] %> + +# Enable spice related features (boolean value) +enabled=True + +# Enable spice guest agent support (boolean value) +agent_enabled=True + +# Keymap for spice (string value) +keymap=en-us + +[workarounds] +# This is the safest option until evacuation is fixed in Libery +destroy_after_evacuate=False + + diff --git a/modules/openstack/templates/mitaka/keystone/keystone.conf.erb b/modules/openstack/templates/mitaka/keystone/keystone.conf.erb index 59956e0..f3478c5 100644 --- a/modules/openstack/templates/mitaka/keystone/keystone.conf.erb +++ b/modules/openstack/templates/mitaka/keystone/keystone.conf.erb @@ -228,7 +228,17 @@ # The Drivers(s) to handle sending notifications. Possible values are # messaging, messagingv2, routing, log, test, noop (multi valued) notification_driver = wmfkeystonehooks + +# Login info for wikitech, for project page updates +wiki_host=<%= @wikitechstatusconfig["host"] %> +wiki_domain=<%= @wikitechstatusconfig["domain"] %> +wiki_page_prefix=<%= @wikitechstatusconfig["page_prefix"] %> +wiki_instance_region=<%= @wikitechstatusconfig["region"] %> +wiki_login=<%= @wikitechstatusconfig["user"] %> +wiki_password=<%= @wikitechstatusconfig["pass"] %> +wiki_instance_dns_domain=<%= @wikitechstatusconfig["dns_domain"] %> + # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics #notification_topics = notifications diff --git a/modules/role/manifests/labs/openstack/keystone.pp b/modules/role/manifests/labs/openstack/keystone.pp index 9d6c638..827da4b 100644 --- a/modules/role/manifests/labs/openstack/keystone.pp +++ b/modules/role/manifests/labs/openstack/keystone.pp @@ -4,8 +4,10 @@ $nova_controller = hiera('labs_nova_controller') $keystoneconfig = hiera_hash('keystoneconfig', {}) + $wikitechstatusconfig = hiera_hash('wikitechstatusconfig', {}) class { 'openstack::keystone::service': - keystoneconfig => $keystoneconfig, + keystoneconfig => $keystoneconfig, + wikitechstatusconfig => $wikitechstatusconfig, } } -- To view, visit https://gerrit.wikimedia.org/r/323117 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3a42e3eb117da789a9f960d5b495cdd75fdc00fe Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits