Page MenuHomePhabricator
Create Task
Maniphest T321349

Support multi-domain OpenStack
Open, Needs TriagePublic
Actions

Description

Magnum and Heat each use a service domain (conveniently named 'Magnum' and 'Heat') to store dynamically-created users and other resources.

This mostly works, and is well within the set of things that OpenStack is meant to support. Our custom code, however, generally expects there to be only one domain (id 'default' name 'Default') and has that hardcoded in quite a few places.

This change shouldn't break very much, but it is breaking situations where we try to enumerate projects and acquire auth in each one. Any keystone requests for project-specific tokens require a project domain to be specified. So, in places where we're creating keystone sessions with a specific project, we need to first dig up the proper project domain.

Note that I don't expect users to ever act outside of the default domain, only heat and magnum services.

Details

SubjectRepoBranchLines +/-
add domain param to openstack backendoperations/software/cuminmaster+93 -33
Keystone: open up more domain querying endpointsoperations/puppetproduction+4 -0
Keystone: allow anyone to list domainsoperations/puppetproduction+1 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedrookT280792 Investigate Openstack Magnum
 OpenNoneT321349 Support multi-domain OpenStack

Event Timeline

Andrew created this task.Oct 20 2022, 8:02 PM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptOct 20 2022, 8:02 PM
rook added a comment.Oct 21 2022, 3:49 PM

Is this ticket meant to update our custom code in puppet?

Andrew added a comment.Oct 21 2022, 7:37 PM
In T321349#8335821, @rook wrote:

Is this ticket meant to update our custom code in puppet?

Correct, this bug is to track changes like https://gerrit.wikimedia.org/r/c/operations/puppet/+/844525

gerritbot added a comment.Dec 18 2022, 1:13 AM

Change 868811 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] Keystone: allow anyone to list domains

https://gerrit.wikimedia.org/r/868811

gerritbot added a project: Patch-For-Review.Dec 18 2022, 1:13 AM

Change 868811 merged by Andrew Bogott:

[operations/puppet@production] Keystone: allow anyone to list domains

https://gerrit.wikimedia.org/r/868811

gerritbot added a comment.Dec 18 2022, 1:20 AM

Change 868812 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] Keystone: open up more domain querying endpoints

https://gerrit.wikimedia.org/r/868812

gerritbot added a comment.Dec 18 2022, 1:21 AM

Change 868812 merged by Andrew Bogott:

[operations/puppet@production] Keystone: open up more domain querying endpoints

https://gerrit.wikimedia.org/r/868812

gerritbot added a comment.Dec 18 2022, 2:30 AM

Change 868814 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/software/cumin@master] add domain param to openstack backend

https://gerrit.wikimedia.org/r/868814

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:29 PM
fnegri moved this task from Kanban to Inbox on the cloud-services-team board.
rook removed rook as the assignee of this task.Jan 19 2023, 2:06 PM
rook subscribed.
rook unsubscribed.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL