Page MenuHomePhabricator
Create Task
Maniphest T161553

Remove OpenStackManager from Wikitech
Open, MediumPublic
Actions

Description

  • Support VM management on Horizon
  • Support DNS management on Horizon
  • Support VM Puppet config on Horizon
  • Support sudo policy management on Horizon
  • Allow projectadmins to change project roles without OSM
  • Support project creation/deletion via Horizon
  • Support tool creation/management on Striker
  • Replace or discard 'service group' functionality on OSM
  • Replace LDAP shell account name account creation customization
  • Replace/remove Hiera namespace Puppet customization

Details

ProjectBranchLines +/-Subject
operations/mediawiki-configmaster+0 -95wikitech: remove OSM settings related to OpenStack
operations/puppetproduction+0 -7wikitech: remove OpenStackManager private settings
operations/mediawiki-configmaster+0 -102wikitech: Don't load OpenStackManager
mediawiki/extensions/OpenStackManagermaster+4 -7 KRemove all interaction with keystone and other openstack endpoints
mediawiki/extensions/OpenStackManagermaster+0 -307Remove echo integration
mediawiki/extensions/OpenStackManagermaster+2 -4 KRemove all special pages related to OpenStack
mediawiki/extensions/OpenStackManagermaster+0 -849Remove two unused special pages.
mediawiki/extensions/OpenStackManagermaster+0 -641Remove Special:NovaInstance page.
Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
bd808 added a comment.Apr 14 2017, 4:15 AM
In T161553#3141039, @Jdforrester-WMF wrote:

I thought there were some quite horrible issues with the shell/account naming stuff? There's also the problem of merging accounts (which isn't sanely possible) or having most of the existing users of the wiki be forcibly renamed.

In T161553#3141052, @Dzahn wrote:

The wikitech user name won't match the SUL username. So that would mean all wikitech users start to use their SUL user and now have 2 separate edit histories?

Shell accounts and wikitech accounts are only related by accident of implementation. The LDAP accounts could have been just as easily associated with SUL accounts from the beginning. The account creation workflow that has been implemented in https://toolsadmin.wikimedia.org/ starts with an OAuth association to an existing SUL account. LDAP accounts that existed prior to the new workflow can be associated with with a SUL account using that tool as well.

The final step of converting wikitech to a SUL wiki will require another SUL unification as was done for the main wiki farm. There is some fiddling to do at the code/configuration level, but I'm confident that we will be able to change things so that we can rename the wikitech users to match the associated SUL users without causing problems with gerrit and other systems that are currently using the LDAP cn and sn attributes which currently correspond to the on-wiki username for wikitech.

When it comes time to do the unification, we can connect many wiktech accounts to the proper SUL account using email addresses and git/svn commit histories if they have not already been linked using toolsadmin. There will be some currently unknown number of accounts where we have no SUL user to connect to and we will have to come up with a plan for how to deal with them. There is time for that. The elimination of OSM and SMW (T53642) are the first steps that we need to focus on.

Dzahn added a comment.Apr 14 2017, 5:48 AM

@bd808 Thank you for the detailed explanation! (PS. Maybe if i can get T113792 solved on the side of this, i'd be happy, hehe :))

Paladox added a comment.Apr 14 2017, 10:55 AM
In T161553#3182344, @bd808 wrote:
In T161553#3182308, @Paladox wrote:

@Andrew How would we import the ssh keys as this is also currently handled by the extension?

As we import ssh keys in Special:Preference - OpenStack

I see no where in horizon for doing that.

Using https://toolsadmin.wikimedia.org/profile/settings/ssh-keys

But that sounds like tool related and not labs.

tom29739 added a subscriber: tom29739.Apr 14 2017, 2:33 PM
bd808 added a comment.Apr 14 2017, 8:44 PM
In T161553#3182596, @Paladox wrote:

But that sounds like tool related and not labs.

A rose by any other name would smell as sweet. We can rename the apache virtual host trivially. This will probably happen at some point as we add additional functionality to Striker (the application currently hosted at the https://toolsadmin.wikimedia.org/ vhost). Note that the functionality you are worried about is currently hosted on a vhost named wikitech.wikimedia.org which honestly sounds like neither Labs nor Tool Labs to me.

If the name of the vhost is the only thing that bothers you I'm pretty sure that the application and plan are on the right track. Please try to think more in the mode of of "What Would You Do If You Weren't Afraid?" and less "Who Moved My Cheese?" when interacting with the development community who are trying to make things better for everyone. (Honestly a horrible book, but a good sentiment.)

Paladox added a comment.Apr 14 2017, 8:46 PM

Oh nope the host name doesn't bother me, just was confusing on weather that was for tools only. but thanks for explaining.

bd808 mentioned this in T153821: wikitech.wikimedia.org missing from pageviews API.May 8 2017, 3:19 PM
Reedy mentioned this in T53642: Get rid of SemanticMediaWiki/SRF/SF from wikitech.wikimedia.org.May 10 2017, 9:34 AM
bd808 mentioned this in T161859: Make Wikitech an SUL wiki.May 11 2017, 9:28 PM
gerritbot added a subscriber: gerritbot.May 25 2017, 2:26 PM

Change 355617 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[mediawiki/extensions/OpenStackManager@master] Remove Special:NovaInstance page.

https://gerrit.wikimedia.org/r/355617

gerritbot added a project: Patch-For-Review.May 25 2017, 2:26 PM

Change 355618 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[mediawiki/extensions/OpenStackManager@master] Remove two unused special pages.

https://gerrit.wikimedia.org/r/355618

zhuyifei1999 added a comment.May 27 2017, 2:15 PM
In T161553#3183886, @bd808 wrote:

a vhost named wikitech.wikimedia.org which honestly sounds like neither Labs nor Tool Labs to me.

Labsconsole sound so much better IMO.

bd808 added subscribers: Volans, faidon.May 27 2017, 6:40 PM
In T161553#3296173, @zhuyifei1999 wrote:

Labsconsole sound so much better IMO.

Until we rename away from using the 'Labs' term across the suite of product offerings. :)

It's early, but there was some discussion at the Vienna hackathon between @faidon, @Volans, and I and then between @Aklapper and I about the idea of a developer.wikimedia.org application that would be the entry point for creating and managing LDAP accounts. It could also serve as the start of the documentation and discovery portal for people interested in contributing to the technical spaces in the Wikimedia movement as well as consuming the various services that the movement provides for distributing knowledge. This application probably would not include the Toolforge management functionality from Striker, but it would logically take over the basic LDAP account creation and management roles. This is all in a very early preliminary discussion state however, so don't freak out if it sounds like the worst idea you have ever heard and don't get your hopes up yet if it sounds like the greatest thing ever.

Volans added a subscriber: MoritzMuehlenhoff.May 28 2017, 2:22 PM

Adding @MoritzMuehlenhoff too.

gerritbot added a comment.May 30 2017, 3:44 AM

Change 355617 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove Special:NovaInstance page.

https://gerrit.wikimedia.org/r/355617

gerritbot added a comment.May 30 2017, 3:44 AM

Change 355618 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove two unused special pages.

https://gerrit.wikimedia.org/r/355618

ReleaseTaggerBot added a project: MW-1.30-release-notes (WMF-deploy-2017-05-30_(1.30.0-wmf.3)).May 30 2017, 4:00 AM
Andrew mentioned this in Blog Post: Project-wide sudo policies in Horizon.May 30 2017, 8:02 PM
Andrew updated the task description. (Show Details)
Andrew closed subtask T162097: Create a Horizon panel for managing per-project sudo policies as Resolved.
Jdforrester-WMF edited projects, added MW-1.30-release-notes (WMF-deploy-2017-06-06_(1.30.0-wmf.4)); removed MW-1.30-release-notes (WMF-deploy-2017-05-30_(1.30.0-wmf.3)).Jun 6 2017, 8:37 PM

Mass-moving all items tagged for MediaWiki 1.30.0-wmf.3, as that was never released; instead, we're using -wmf.4.

bd808 removed a parent task: T98813: Move wikitech (silver) to HHVM.Jun 20 2017, 10:13 PM
He7d3r added a subscriber: He7d3r.Aug 30 2017, 7:02 PM
MarcoAurelio added a subscriber: MarcoAurelio.Nov 18 2017, 10:18 PM
EddieGP added a subscriber: EddieGP.Jan 2 2018, 2:42 PM
Liuxinyu970226 removed a project: wikitech.wikimedia.org.Jan 7 2018, 3:17 AM
Liuxinyu970226 edited projects, added wikitech.wikimedia.org; removed Cloud-Services.
Andrew added a project: cloud-services-team.Jan 7 2018, 4:17 AM
Framawiki removed a project: Patch-For-Review.Jan 7 2018, 6:08 PM
TerraCodes added a subscriber: TerraCodes.Mar 12 2018, 4:34 AM
Andrew updated the task description. (Show Details)May 8 2018, 6:20 PM
Andrew closed subtask T194191: Allow projectadmins to change project roles in Horizon as Resolved.May 11 2018, 4:34 PM
Jdforrester-WMF updated the task description. (Show Details)May 11 2018, 4:54 PM
Andrew updated the task description. (Show Details)May 11 2018, 10:08 PM
Andrew updated the task description. (Show Details)
gerritbot added a comment.May 11 2018, 10:23 PM

Change 432702 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/mediawiki-config@master] wikitech: Don't load OpenStackManager

https://gerrit.wikimedia.org/r/432702

gerritbot added a project: Patch-For-Review.May 11 2018, 10:23 PM
gerritbot added a comment.May 11 2018, 10:27 PM

Change 432703 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] wikitech: remove OpenStackManager private settings

https://gerrit.wikimedia.org/r/432703

bd808 added a subtask: T194670: Copy maintenance/attachLdapUser.php to another extension.May 14 2018, 4:43 PM
MarcoAurelio closed subtask T194670: Copy maintenance/attachLdapUser.php to another extension as Resolved.May 14 2018, 8:27 PM
Reedy removed projects: Patch-For-Review, MW-1.30-release-notes (WMF-deploy-2017-06-06_(1.30.0-wmf.4)).May 16 2018, 1:34 PM
Jdforrester-WMF mentioned this in T195253: Special:Notifications gives a consistent PHP exception on load ("The trash icon is not registered") for users with OpenStackManager notifications.May 23 2018, 9:36 PM
Andrew added a comment.Jun 1 2018, 3:18 PM

I've removed all of Wikitech's sidebar links to OSM. If we avoid protest and surprise for a few weeks I'll rip out the code.

bd808 added a comment.Jun 1 2018, 3:24 PM
In T161553#4249022, @Andrew wrote:

I've removed all of Wikitech's sidebar links to OSM. If we avoid protest and surprise for a few weeks I'll rip out the code.

I'm still a bit concerned about what complete removal does to new account creation. We need to think through how we are going to handle the fact that without OSM the MediaWiki account creation form will make LDAP accounts, but those accounts will not have a shell name and associated LDAP attributes. I think we can setup a hook or similar that will preserve account creation, but I have not looked into exactly what that would entail. It may be that we actually need a PHP calss or two to properly integrate this with the AuthManager layer.

Andrew added a comment.EditedJun 1 2018, 3:29 PM

@bd808, does striker not already do all the necessary things to create an account? Or is that accomplished via a wikitech hook? (Not that that solves the problem you're talking about, but it would suggest that we at least have a second example of the needed steps)

jcrespo added a parent task: T195253: Special:Notifications gives a consistent PHP exception on load ("The trash icon is not registered") for users with OpenStackManager notifications.Jun 1 2018, 3:31 PM
Andrew closed subtask T194794: Add new users to Bastion group whenever they join a project as Resolved.Jun 1 2018, 3:36 PM
bd808 added a comment.Jun 1 2018, 5:33 PM
In T161553#4249033, @Andrew wrote:

@bd808, does striker not already do all the necessary things to create an account? Or is that accomplished via a wikitech hook? (Not that that solves the problem you're talking about, but it would suggest that we at least have a second example of the needed steps)

Striker does know how to create an LDAP record with the proper data to be used by OpenStack, MediaWiki, Gerrit, and Phabricator. That should make it easier for us to replicate the needed data collection and storage for sure.

The user interface there is currently full of talk about Toolforge which will probably be confusing to some people. It will also probably be confusing to have on-wiki account creation disabled if we decide to go that route instead. I think looking at how to either do it all in config with hooks or thinking about a slim extension that only adds the account creation parts would be easiest. I guess the 3rd option is to rip all the things out of OSM except account management. I can't imagine that OSM is really in use anywhere else since we have not heard from angry folks as we took out other functionality.

Liuxinyu970226 removed a subscriber: Liuxinyu970226.Jun 2 2018, 2:13 PM
Vvjjkkii reopened subtask T194794: Add new users to Bastion group whenever they join a project as Open.Jul 1 2018, 1:10 AM
Vvjjkkii reopened subtask T194670: Copy maintenance/attachLdapUser.php to another extension as Open.
Vvjjkkii reopened subtask T194191: Allow projectadmins to change project roles in Horizon as Open.
TerraCodes closed subtask T194794: Add new users to Bastion group whenever they join a project as Resolved.Jul 1 2018, 1:02 PM
TerraCodes closed subtask T194670: Copy maintenance/attachLdapUser.php to another extension as Resolved.
TerraCodes closed subtask T194191: Allow projectadmins to change project roles in Horizon as Resolved.Jul 1 2018, 1:06 PM
Jdforrester-WMF added a parent task: T106123: Extensions needing to be removed from Wikimedia wikis.Sep 25 2018, 3:23 PM
bd808 triaged this task as Medium priority.Oct 2 2018, 9:16 PM
bd808 updated the task description. (Show Details)
Liuxinyu970226 added a subscriber: Liuxinyu970226.Nov 6 2018, 12:33 PM
bd808 updated the task description. (Show Details)Nov 28 2018, 5:25 PM
bd808 mentioned this in T211029: Sort out only one ideal hiera mechanism for Cloud VPS.Dec 3 2018, 5:16 PM
bd808 mentioned this in T206706: Establish documentation review process for WMCS.Feb 11 2019, 4:19 AM
Liuxinyu970226 removed a subscriber: Liuxinyu970226.Feb 25 2019, 1:05 AM
Liuxinyu970226 added a subscriber: Liuxinyu970226.
GTirloni edited projects, added cloud-services-team (Kanban); removed cloud-services-team.Mar 21 2019, 6:45 PM
GTirloni mentioned this in T123162: OS-EXT-SRV-ATTR:instance_name not set for some instances.
Meno25 added a subscriber: Meno25.May 31 2019, 4:31 PM
Andrew updated the task description. (Show Details)Nov 5 2019, 8:00 PM
gerritbot added a comment.Nov 6 2019, 10:12 PM

Change 549212 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[mediawiki/extensions/OpenStackManager@master] Remove all special pages related to OpenStack

https://gerrit.wikimedia.org/r/549212

gerritbot added a project: Patch-For-Review.Nov 6 2019, 10:12 PM

Change 549213 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[mediawiki/extensions/OpenStackManager@master] Remove echo integration

https://gerrit.wikimedia.org/r/549213

gerritbot added a comment.Nov 6 2019, 10:12 PM

Change 549214 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[mediawiki/extensions/OpenStackManager@master] Remove all interaction with keystone and other openstack endpoints

https://gerrit.wikimedia.org/r/549214

gerritbot added a comment.Nov 8 2019, 9:37 PM

Change 549936 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/mediawiki-config@master] wikitech: remove OSM settings related to OpenStack

https://gerrit.wikimedia.org/r/549936

Andrew added a parent task: T237771: Make Wikitech a normal wiki.Nov 8 2019, 9:42 PM
gerritbot added a comment.Nov 8 2019, 10:38 PM

Change 549212 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove all special pages related to OpenStack

https://gerrit.wikimedia.org/r/549212

gerritbot added a comment.Nov 8 2019, 10:38 PM

Change 549213 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove echo integration

https://gerrit.wikimedia.org/r/549213

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.8; 2019-11-26).Nov 8 2019, 11:00 PM
gerritbot added a comment.Nov 10 2019, 4:08 AM

Change 549214 merged by jenkins-bot:
[mediawiki/extensions/OpenStackManager@master] Remove all interaction with keystone and other openstack endpoints

https://gerrit.wikimedia.org/r/549214

bd808 removed a parent task: T237771: Make Wikitech a normal wiki.Nov 10 2019, 11:04 PM
bd808 removed a subtask: T196200: Provide a way for OpenStack admins to manage projects they don't belong to in Horizon.Nov 10 2019, 11:12 PM
brennen added a subscriber: brennen.Dec 4 2019, 10:02 PM
gerritbot added a comment.Dec 5 2019, 8:28 AM

Change 432702 abandoned by Andrew Bogott:
wikitech: Don't load OpenStackManager

Reason:
unclear if/when this can happen

https://gerrit.wikimedia.org/r/432702

gerritbot added a comment.Dec 5 2019, 8:30 AM

Change 432703 abandoned by Andrew Bogott:
wikitech: remove OpenStackManager private settings

Reason:
the OSM removal is going to happen more gradually

https://gerrit.wikimedia.org/r/432703

Dzahn removed a subscriber: Dzahn.Dec 6 2019, 3:26 AM
gerritbot added a comment.Dec 10 2019, 2:52 PM

Change 549936 merged by jenkins-bot:
[operations/mediawiki-config@master] wikitech: remove OSM settings related to OpenStack

https://gerrit.wikimedia.org/r/549936

Stashbot added a comment.Dec 10 2019, 2:55 PM

Mentioned in SAL (#wikimedia-operations) [2019-12-10T14:55:46Z] <reedy@deploy1001> Synchronized wmf-config/wikitech.php: T161553 Bye OSM config! (duration: 00m 55s)

Bstorm changed the status of subtask T196171: Developer account creation without OpenStackManager from Open to Stalled.Feb 11 2020, 5:17 PM
Krinkle mentioned this in T269028: WikimediaDebug should avoid confusion on unsupported domains.Nov 30 2020, 7:22 PM
Bstorm changed the status of subtask T196171: Developer account creation without OpenStackManager from Stalled to Open.Jan 6 2021, 4:05 PM
Krinkle mentioned this in T304006: Undeploy DynamicSidebar extension from Wikimedia wikis (only Wikitech).Mar 16 2022, 7:50 PM
Stang added a subscriber: Stang.May 27 2022, 12:03 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL