Page MenuHomePhabricator
Create Task
Maniphest T161553

Remove OpenStackManager from Wikitech
Open, MediumPublic
Actions

Description

  • Support VM management on Horizon
  • Support DNS management on Horizon
  • Support VM Puppet config on Horizon
  • Support sudo policy management on Horizon
  • Allow projectadmins to change project roles without OSM
  • Support project creation/deletion via Horizon
  • Support tool creation/management on Striker
  • Replace or discard 'service group' functionality on OSM
  • Replace LDAP shell account name account creation customization
  • Replace/remove Hiera namespace Puppet customization
  • Remove ext-openstackmanager from the "Extensions used by Wikimedia" list in the translatewiki configuration

Details

SubjectRepoBranchLines +/-
Move OpenStackManager from "Technical" to "Legacy"translatewikimaster+1 -1
wikitech: remove OSM settings related to OpenStackoperations/mediawiki-configmaster+0 -95
wikitech: remove OpenStackManager private settingsoperations/puppetproduction+0 -7
wikitech: Don't load OpenStackManageroperations/mediawiki-configmaster+0 -102
Remove all interaction with keystone and other openstack endpointsmediawiki/extensions/OpenStackManagermaster+4 -7 K
Remove echo integrationmediawiki/extensions/OpenStackManagermaster+0 -307
Remove all special pages related to OpenStackmediawiki/extensions/OpenStackManagermaster+2 -4 K
Remove two unused special pages.mediawiki/extensions/OpenStackManagermaster+0 -849
Remove Special:NovaInstance page.mediawiki/extensions/OpenStackManagermaster+0 -641
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT189531 All Wikimedia developer services should use single sign-on
 OpenNoneT161859 Make Wikitech an SUL wiki
 ResolvedPRODUCTION ERRORTgrT195253 Special:Notifications gives a consistent PHP exception on load ("The trash icon is not registered") for users with OpenStackManager notifications
 OpenNoneT106123 Extensions needing to be removed from Wikimedia wikis
 OpenNoneT161553 Remove OpenStackManager from Wikitech
 ResolvedAndrewT150091 Support project creation without OpenStackManager
 ResolvedAndrewT159021 Wikitech error when adding users to projects
 ResolvedAndrewT162097 Create a Horizon panel for managing per-project sudo policies
 ResolvedAndrewT194191 Allow projectadmins to change project roles in Horizon
 ResolvedMarcoAurelioT194670 Copy maintenance/attachLdapUser.php to another extension
 ResolvedAndrewT194794 Add new users to Bastion group whenever they join a project
 In ProgressNoneT196171 Developer account creation without OpenStackManager
 OpenNoneT179463 Create a single application to provision and manage developer (LDAP) accounts
 DuplicateNoneT189639 Separate LDAP account creation bits from Striker to create a new identity management platform
 OpenNoneT319405 Create an IDM for Wikimedia developer accounts
 ResolvedSLyngshede-WMFT319407 IDM milestone 1 "Initial development work"
 ResolvedNoneT319409 Pick a name for the IDM
 ResolvedSLyngshede-WMFT319410 Initial Django project setup
 ResolvedSLyngshede-WMFT319415 Evaluate Striker codebase
 ResolvedMarosteguiT320426 Figure out where/how to store IDM internal data
 ResolvedSLyngshede-WMFT320427 Design and implement async LDAP operations
 ResolvedSLyngshede-WMFT320428 Initial IDM puppetisation
 ResolvedSLyngshede-WMFT320430 Create an initial IDM/LDAP image for tests and CI
 ResolvedSLyngshede-WMFT320431 IDM: Central logging on all changes
 OpenNoneT320603 IDM milestone 2 "Initial limited deployment"
 ResolvedSLyngshede-WMFT320604 Decide on model for serving idm.wikimedia.org
 ResolvedNoneT320605 Figure out an HA setup for the IDM
 ResolvedSLyngshede-WMFT320794 Extend LDAP to allow storing all necessary attributes
 ResolvedSLyngshede-WMFT320795 Implement a staging setup for the IDM
 ResolvedSLyngshede-WMFT320797 Initial production deployment of the IDM
 ResolvedSLyngshede-WMFT320799 IDM integration into CAS SSO
 ResolvedSLyngshede-WMFT320807 Implement OAuth account validation for linking an account to a wiki account
 ResolvedSLyngshede-WMFT320808 Implement email address validation workflow
 In ProgressSLyngshede-WMFT148048 Store Wikimedia unified account name (SUL) in LDAP directory
 ResolvedSLyngshede-WMFT335091 Determine which sender address to use for email notification
 ResolvedSLyngshede-WMFT340721 Build Debian packages for Bookworm
 ResolvedSLyngshede-WMFT340722 Update IDM servers to Bookworm
 OpenSLyngshede-WMFT320801 Build-out for self service
 ResolvedSLyngshede-WMFT320802 Create a mockup and involve designers
 ResolvedBUG REPORTSLyngshede-WMFT338824 Bitu is not responsive
 OpenNoneT320805 Define the core attribute list managed in the IDM with all stakeholders
 ResolvedSLyngshede-WMFT320806 Consider reusing some wiki data sources for signup/restrictions
 ResolvedSLyngshede-WMFT320809 Figure out a captcha option for IDM
 OpenNoneT335478 Automatic detection of inactive LDAP account
 OpenNoneT335485 Automatically deploy documentation to docs.wikimedia.org
 ResolvedSLyngshede-WMFT340636 Implement "Forgot my username" feature
 ResolvedSLyngshede-WMFT340637 Implement "update email" functionality
 OpenSLyngshede-WMFT340717 Implement "source" field on user objects
 OpenSLyngshede-WMFT345168 Live validation of usernames
 ResolvedSLyngshede-WMFT345226 Switch developer account creation to Bitu
 OpenSLyngshede-WMFT347572 SSH Key type expiry
 OpenNoneT338477 `Nova Resource:` namespace should be declared in wmf-config, not in Extension:OpenStackManager

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
bd808 added subscribers: Volans, faidon.May 27 2017, 6:40 PM
In T161553#3296173, @zhuyifei1999 wrote:

Labsconsole sound so much better IMO.

Until we rename away from using the 'Labs' term across the suite of product offerings. :)

It's early, but there was some discussion at the Vienna hackathon between @faidon, @Volans, and I and then between @Aklapper and I about the idea of a developer.wikimedia.org application that would be the entry point for creating and managing LDAP accounts. It could also serve as the start of the documentation and discovery portal for people interested in contributing to the technical spaces in the Wikimedia movement as well as consuming the various services that the movement provides for distributing knowledge. This application probably would not include the Toolforge management functionality from Striker, but it would logically take over the basic LDAP account creation and management roles. This is all in a very early preliminary discussion state however, so don't freak out if it sounds like the worst idea you have ever heard and don't get your hopes up yet if it sounds like the greatest thing ever.

Volans added a subscriber: MoritzMuehlenhoff.May 28 2017, 2:22 PM

Adding @MoritzMuehlenhoff too.

gerritbot added a comment.May 30 2017, 3:44 AM

Change 355617 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove Special:NovaInstance page.

https://gerrit.wikimedia.org/r/355617

gerritbot added a comment.May 30 2017, 3:44 AM

Change 355618 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove two unused special pages.

https://gerrit.wikimedia.org/r/355618

ReleaseTaggerBot added a project: MW-1.30-release-notes (WMF-deploy-2017-05-30_(1.30.0-wmf.3)).May 30 2017, 4:00 AM
Andrew mentioned this in Blog Post: Project-wide sudo policies in Horizon.May 30 2017, 8:02 PM
Andrew updated the task description. (Show Details)
Andrew closed subtask T162097: Create a Horizon panel for managing per-project sudo policies as Resolved.
Jdforrester-WMF edited projects, added MW-1.30-release-notes (WMF-deploy-2017-06-06_(1.30.0-wmf.4)); removed MW-1.30-release-notes (WMF-deploy-2017-05-30_(1.30.0-wmf.3)).Jun 6 2017, 8:37 PM

Mass-moving all items tagged for MediaWiki 1.30.0-wmf.3, as that was never released; instead, we're using -wmf.4.

bd808 removed a parent task: T98813: Move wikitech (silver) to HHVM.Jun 20 2017, 10:13 PM
He7d3r added a subscriber: He7d3r.Aug 30 2017, 7:02 PM
MarcoAurelio added a subscriber: MarcoAurelio.Nov 18 2017, 10:18 PM
EddieGP added a subscriber: EddieGP.Jan 2 2018, 2:42 PM
Liuxinyu970226 removed a project: wikitech.wikimedia.org.Jan 7 2018, 3:17 AM
Liuxinyu970226 edited projects, added wikitech.wikimedia.org; removed Cloud-Services.
Andrew added a project: cloud-services-team.Jan 7 2018, 4:17 AM
Framawiki removed a project: Patch-For-Review.Jan 7 2018, 6:08 PM
TerraCodes added a subscriber: TerraCodes.Mar 12 2018, 4:34 AM
Andrew updated the task description. (Show Details)May 8 2018, 6:20 PM
Andrew closed subtask T194191: Allow projectadmins to change project roles in Horizon as Resolved.May 11 2018, 4:34 PM
Jdforrester-WMF updated the task description. (Show Details)May 11 2018, 4:54 PM
Andrew updated the task description. (Show Details)May 11 2018, 10:08 PM
Andrew updated the task description. (Show Details)
gerritbot added a comment.May 11 2018, 10:23 PM

Change 432702 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/mediawiki-config@master] wikitech: Don't load OpenStackManager

https://gerrit.wikimedia.org/r/432702

gerritbot added a project: Patch-For-Review.May 11 2018, 10:23 PM
gerritbot added a comment.May 11 2018, 10:27 PM

Change 432703 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] wikitech: remove OpenStackManager private settings

https://gerrit.wikimedia.org/r/432703

bd808 added a subtask: T194670: Copy maintenance/attachLdapUser.php to another extension.May 14 2018, 4:43 PM
MarcoAurelio closed subtask T194670: Copy maintenance/attachLdapUser.php to another extension as Resolved.May 14 2018, 8:27 PM
Reedy removed projects: Patch-For-Review, MW-1.30-release-notes (WMF-deploy-2017-06-06_(1.30.0-wmf.4)).May 16 2018, 1:34 PM
Jdforrester-WMF mentioned this in T195253: Special:Notifications gives a consistent PHP exception on load ("The trash icon is not registered") for users with OpenStackManager notifications.May 23 2018, 9:36 PM
Andrew added a comment.Jun 1 2018, 3:18 PM

I've removed all of Wikitech's sidebar links to OSM. If we avoid protest and surprise for a few weeks I'll rip out the code.

bd808 added a comment.Jun 1 2018, 3:24 PM
In T161553#4249022, @Andrew wrote:

I've removed all of Wikitech's sidebar links to OSM. If we avoid protest and surprise for a few weeks I'll rip out the code.

I'm still a bit concerned about what complete removal does to new account creation. We need to think through how we are going to handle the fact that without OSM the MediaWiki account creation form will make LDAP accounts, but those accounts will not have a shell name and associated LDAP attributes. I think we can setup a hook or similar that will preserve account creation, but I have not looked into exactly what that would entail. It may be that we actually need a PHP calss or two to properly integrate this with the AuthManager layer.

Andrew added a comment.EditedJun 1 2018, 3:29 PM

@bd808, does striker not already do all the necessary things to create an account? Or is that accomplished via a wikitech hook? (Not that that solves the problem you're talking about, but it would suggest that we at least have a second example of the needed steps)

jcrespo added a parent task: T195253: Special:Notifications gives a consistent PHP exception on load ("The trash icon is not registered") for users with OpenStackManager notifications.Jun 1 2018, 3:31 PM
Andrew closed subtask T194794: Add new users to Bastion group whenever they join a project as Resolved.Jun 1 2018, 3:36 PM
bd808 added a comment.Jun 1 2018, 5:33 PM
In T161553#4249033, @Andrew wrote:

@bd808, does striker not already do all the necessary things to create an account? Or is that accomplished via a wikitech hook? (Not that that solves the problem you're talking about, but it would suggest that we at least have a second example of the needed steps)

Striker does know how to create an LDAP record with the proper data to be used by OpenStack, MediaWiki, Gerrit, and Phabricator. That should make it easier for us to replicate the needed data collection and storage for sure.

The user interface there is currently full of talk about Toolforge which will probably be confusing to some people. It will also probably be confusing to have on-wiki account creation disabled if we decide to go that route instead. I think looking at how to either do it all in config with hooks or thinking about a slim extension that only adds the account creation parts would be easiest. I guess the 3rd option is to rip all the things out of OSM except account management. I can't imagine that OSM is really in use anywhere else since we have not heard from angry folks as we took out other functionality.

Liuxinyu970226 removed a subscriber: Liuxinyu970226.Jun 2 2018, 2:13 PM
Vvjjkkii reopened subtask T194794: Add new users to Bastion group whenever they join a project as Open.Jul 1 2018, 1:10 AM
Vvjjkkii reopened subtask T194670: Copy maintenance/attachLdapUser.php to another extension as Open.
Vvjjkkii reopened subtask T194191: Allow projectadmins to change project roles in Horizon as Open.
TerraCodes closed subtask T194794: Add new users to Bastion group whenever they join a project as Resolved.Jul 1 2018, 1:02 PM
TerraCodes closed subtask T194670: Copy maintenance/attachLdapUser.php to another extension as Resolved.
TerraCodes closed subtask T194191: Allow projectadmins to change project roles in Horizon as Resolved.Jul 1 2018, 1:06 PM
Jdforrester-WMF added a parent task: T106123: Extensions needing to be removed from Wikimedia wikis.Sep 25 2018, 3:23 PM
bd808 triaged this task as Medium priority.Oct 2 2018, 9:16 PM
bd808 updated the task description. (Show Details)
Liuxinyu970226 added a subscriber: Liuxinyu970226.Nov 6 2018, 12:33 PM
bd808 updated the task description. (Show Details)Nov 28 2018, 5:25 PM
bd808 mentioned this in T211029: Sort out only one ideal hiera mechanism for Cloud VPS.Dec 3 2018, 5:16 PM
bd808 mentioned this in T206706: Establish documentation review process for WMCS.Feb 11 2019, 4:19 AM
Liuxinyu970226 removed a subscriber: Liuxinyu970226.Feb 25 2019, 1:05 AM
Liuxinyu970226 added a subscriber: Liuxinyu970226.
GTirloni edited projects, added cloud-services-team (Kanban); removed cloud-services-team.Mar 21 2019, 6:45 PM
GTirloni mentioned this in T123162: OS-EXT-SRV-ATTR:instance_name not set for some instances.
Meno25 added a subscriber: Meno25.May 31 2019, 4:31 PM
Andrew updated the task description. (Show Details)Nov 5 2019, 8:00 PM
gerritbot added a comment.Nov 6 2019, 10:12 PM

Change 549212 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[mediawiki/extensions/OpenStackManager@master] Remove all special pages related to OpenStack

https://gerrit.wikimedia.org/r/549212

gerritbot added a project: Patch-For-Review.Nov 6 2019, 10:12 PM

Change 549213 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[mediawiki/extensions/OpenStackManager@master] Remove echo integration

https://gerrit.wikimedia.org/r/549213

gerritbot added a comment.Nov 6 2019, 10:12 PM

Change 549214 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[mediawiki/extensions/OpenStackManager@master] Remove all interaction with keystone and other openstack endpoints

https://gerrit.wikimedia.org/r/549214

gerritbot added a comment.Nov 8 2019, 9:37 PM

Change 549936 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/mediawiki-config@master] wikitech: remove OSM settings related to OpenStack

https://gerrit.wikimedia.org/r/549936

Andrew added a parent task: T237771: Make Wikitech a normal wiki.Nov 8 2019, 9:42 PM
gerritbot added a comment.Nov 8 2019, 10:38 PM

Change 549212 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove all special pages related to OpenStack

https://gerrit.wikimedia.org/r/549212

gerritbot added a comment.Nov 8 2019, 10:38 PM

Change 549213 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove echo integration

https://gerrit.wikimedia.org/r/549213

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.8; 2019-11-26).Nov 8 2019, 11:00 PM
gerritbot added a comment.Nov 10 2019, 4:08 AM

Change 549214 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove all interaction with keystone and other openstack endpoints

https://gerrit.wikimedia.org/r/549214

bd808 removed a parent task: T237771: Make Wikitech a normal wiki.Nov 10 2019, 11:04 PM
bd808 removed a subtask: T196200: Provide a way for OpenStack admins to manage projects they don't belong to in Horizon.Nov 10 2019, 11:12 PM
brennen added a subscriber: brennen.Dec 4 2019, 10:02 PM
gerritbot added a comment.Dec 5 2019, 8:28 AM

Change 432702 abandoned by Andrew Bogott:
wikitech: Don't load OpenStackManager

Reason:
unclear if/when this can happen

https://gerrit.wikimedia.org/r/432702

gerritbot added a comment.Dec 5 2019, 8:30 AM

Change 432703 abandoned by Andrew Bogott:
wikitech: remove OpenStackManager private settings

Reason:
the OSM removal is going to happen more gradually

https://gerrit.wikimedia.org/r/432703

Dzahn removed a subscriber: Dzahn.Dec 6 2019, 3:26 AM
gerritbot added a comment.Dec 10 2019, 2:52 PM

Change 549936 merged by jenkins-bot:
[operations/mediawiki-config@master] wikitech: remove OSM settings related to OpenStack

https://gerrit.wikimedia.org/r/549936

Stashbot added a comment.Dec 10 2019, 2:55 PM

Mentioned in SAL (#wikimedia-operations) [2019-12-10T14:55:46Z] <reedy@deploy1001> Synchronized wmf-config/wikitech.php: T161553 Bye OSM config! (duration: 00m 55s)

Bstorm changed the status of subtask T196171: Developer account creation without OpenStackManager from Open to Stalled.Feb 11 2020, 5:17 PM
Krinkle mentioned this in T269028: WikimediaDebug should avoid confusion on unsupported domains.Nov 30 2020, 7:22 PM
Bstorm changed the status of subtask T196171: Developer account creation without OpenStackManager from Stalled to Open.Jan 6 2021, 4:05 PM
Krinkle mentioned this in T304006: Undeploy DynamicSidebar extension from Wikimedia wikis (only Wikitech).Mar 16 2022, 7:50 PM
Stang added a subscriber: Stang.May 27 2022, 12:03 AM
TheresNoTime added a subscriber: TheresNoTime.Sep 28 2022, 12:06 PM
Izno added a subscriber: Izno.Oct 14 2022, 10:55 PM
taavi mentioned this in T326910: Update Wikimedia Cloud Services-owned products that may be affected by IP Masking.Jan 18 2023, 10:12 AM
fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 9:46 PM
fnegri moved this task from Kanban to Inbox on the cloud-services-team board.
Pppery removed a project: Patch-For-Review.Apr 2 2023, 12:55 AM
Aklapper added a subtask: T319405: Create an IDM for Wikimedia developer accounts.Jul 12 2023, 2:13 PM

Added T319405 as a subtask per T237773#9007687

gerritbot added a comment.Jul 25 2023, 11:39 AM

Change 941386 had a related patch set uploaded (by Amire80; author: Amire80):

[translatewiki@master] Move OpenStackManager from "Technical" to "Legacy"

https://gerrit.wikimedia.org/r/941386

gerritbot added a project: Patch-For-Review.Jul 25 2023, 11:39 AM
Amire80 updated the task description. (Show Details)Jul 25 2023, 11:40 AM
gerritbot added a comment.Jul 25 2023, 12:18 PM

Change 941386 merged by jenkins-bot:

[translatewiki@master] Move OpenStackManager from "Technical" to "Legacy"

https://gerrit.wikimedia.org/r/941386

SLyngshede-WMF changed the status of subtask T196171: Developer account creation without OpenStackManager from Open to In Progress.Sep 21 2023, 9:42 AM
Pppery removed a project: Patch-For-Review.Oct 9 2023, 6:13 PM
Pppery added a subscriber: Pppery.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL