Page MenuHomePhabricator

Support project creation without OpenStackManager
Closed, ResolvedPublic

Description

I want to move all of the project-creation things that OSM does into keystone hooks so that proper projects can be created from horizon or the commandline.

  • Add novaadmin to new project
  • Add novaobserver to new project
  • Make projectid == projectname
  • Add default security group rules
  • ldap: Create project for sudoers
  • ldap: Create default initial sudo policies
  • ldap: Create project group for UIDs
  • Create wikitech nova_resource page describing new project

While we're at it, here are some other nice things we might do:

  • create default <project>.wmflabs.org domain

Event Timeline

Andrew created this task.Nov 5 2016, 4:05 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 5 2016, 4:05 PM
Paladox added a subscriber: Paladox.Nov 5 2016, 4:07 PM
Andrew updated the task description. (Show Details)Nov 10 2016, 7:25 PM
Andrew updated the task description. (Show Details)Nov 10 2016, 7:31 PM

Change 323117 had a related patch set uploaded (by Andrew Bogott):
wmfkeystonehooks: Maintain project page on wikitech

https://gerrit.wikimedia.org/r/323117

Change 324928 had a related patch set uploaded (by Andrew Bogott):
Keystone hook: Change project id to == project name

https://gerrit.wikimedia.org/r/324928

Change 327664 had a related patch set uploaded (by Andrew Bogott):
Keystone hooks: monkeypatch keystone to change project id to project name

https://gerrit.wikimedia.org/r/327664

Change 324928 abandoned by Andrew Bogott:
Keystone hook: Change project id to == project name

Reason:
Abandoning in favor of https://gerrit.wikimedia.org/r/#/c/327664/

https://gerrit.wikimedia.org/r/324928

Change 327664 merged by Andrew Bogott:
Keystone hooks: monkeypatch keystone to change project id to project name

https://gerrit.wikimedia.org/r/327664

Andrew updated the task description. (Show Details)Dec 16 2016, 4:39 PM
Andrew triaged this task as Medium priority.Dec 20 2016, 3:29 PM
Andrew updated the task description. (Show Details)Feb 20 2017, 5:39 PM

Note that none of the group-management stuff will work properly without the upstream patch https://review.openstack.org/#/c/401332/2

Change 338918 had a related patch set uploaded (by Andrew Bogott):
Keystonehooks: Sync ldap project groups with keystone project membership

https://gerrit.wikimedia.org/r/338918

Change 338918 merged by Andrew Bogott:
Keystonehooks: Sync ldap project groups with keystone project membership

https://gerrit.wikimedia.org/r/338918

Andrew updated the task description. (Show Details)Feb 25 2017, 12:53 AM

Change 343056 had a related patch set uploaded (by Andrew Bogott):
[mediawiki/extensions/OpenStackManager] Remove code to manage posix project groups.

https://gerrit.wikimedia.org/r/343056

Change 343056 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager] Remove code to manage posix project groups.

https://gerrit.wikimedia.org/r/343056

Change 346489 had a related patch set uploaded (by Andrew Bogott):
[operations/puppet@production] Keystonehooks: Create and delete sudoer rules in ldap

https://gerrit.wikimedia.org/r/346489

Change 346489 merged by Andrew Bogott:
[operations/puppet@production] Keystonehooks: Create and delete sudoer rules in ldap

https://gerrit.wikimedia.org/r/346489

Andrew updated the task description. (Show Details)Apr 5 2017, 5:51 PM

Change 323117 merged by Andrew Bogott:
[operations/puppet@production] wmfkeystonehooks: Create project page on wikitech on project creation

https://gerrit.wikimedia.org/r/323117

Andrew updated the task description. (Show Details)Apr 12 2017, 9:10 PM
Andrew updated the task description. (Show Details)Apr 12 2017, 9:19 PM
Andrew updated the task description. (Show Details)
Andrew updated the task description. (Show Details)Apr 14 2017, 2:08 AM

removed todo about service groups because it turns out to not be needed.

Andrew closed this task as Resolved.Apr 14 2017, 2:11 AM

I moved the item about domain creation into T162977; the rest of this is done.