You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Difference between revisions of "Portal:Cloud VPS/Admin/Projects lifecycle"

From Wikitech-static
Jump to navigation Jump to search
imported>Nskaggs
imported>Nskaggs
(Add link for trove quotas)
 
Line 176: Line 176:
</syntaxhighlight>
</syntaxhighlight>


== History ==
 
===Database / Trove===
See [[Portal:Cloud VPS/Admin/Trove|Trove_quotas]]
 
==History==


In previous versions of Cloud VPS all the projects lifecyle was handled via Wikitech itself, with some custom MediaWiki plugins to hook the Openstack API.
In previous versions of Cloud VPS all the projects lifecyle was handled via Wikitech itself, with some custom MediaWiki plugins to hook the Openstack API.
This was eventually replaced by Horizon, which can handle all the operations by itself.
This was eventually replaced by Horizon, which can handle all the operations by itself.


= See also =
=See also=


* [[Portal:Cloud VPS/Admin/Procedures and operations]]
*[[Portal:Cloud VPS/Admin/Procedures and operations]]

Latest revision as of 19:43, 27 July 2021

This page describes how Cloud VPS projects are supposed to be created and deleted, i.e, the lifecycle. In the OpenStack world, project is known as tenant.

Project Requests

New project requests are made by the users in Phabricator. These requests are reviewed and fulfilled by the current member on clinic duty.

Approval requires at least 2 members of the team.

Processing requests

  1. SSH to the corresponding control box (e.g. cloudcontrol1003.wikimedia.org, see deployments).
  2. Process the change per below and update the phabricator ticket
  3. Log the event in the project SAL (#wikimedia-cloud> !log PROJECTNAME Brief description of what you did (phabricator ticket#), e.g. #wikimedia-cloud> !log videocuttool bump quota to 26 core, 36G of RAM, 320GB Storage (T278605))
  4. Resolve the Phabricator task, letting requestors know

Requests

Creating a new project

Prerequisites:

  • Project names should be all lower case, if not some errors will happen when requesting the puppet certificate
  • Users have valid Developer accounts
  • You have added the project to the list in Portal:Cloud VPS/Admin/Projects with the relevant contacts, tags, and link to the creation task.
  1. Make sure the users requesting the project exists in LDAP
    $ sudo wmcs-openstack user list | grep -i user
    | user                                   | User name                                                                                |
    
  2. create the project (in this example, we are creating a project called newp)
    $ sudo wmcs-openstack project create --enable --description "a dockerised wikibase infrastructure" newp
    +-------------+--------------------------------------+
    | Field       | Value                                |
    +-------------+--------------------------------------+
    | description | a dockerised wikibase infrastructure |
    | domain_id   | default                              |
    | enabled     | True                                 |
    | id          | newp                                 |
    | is_domain   | False                                |
    | name        | newp                                 |
    | parent_id   | default                              |
    +-------------+--------------------------------------+
    
  3. Modify initial quotas if required (see section below)
  4. Add initial users to roles:
    $ sudo wmcs-openstack role add --project newp --user aborrero  projectadmin
    $ sudo wmcs-openstack role add --project newp --user aborrero  user
    $ sudo wmcs-openstack role add --project newp --user tarrow  user
    $ sudo wmcs-openstack role add --project newp --user tarrow  projectadmin
    $ sudo wmcs-openstack role assignment list --names --project newp
    +--------------+---------------------------------+-------+--------------+--------+-----------+
    | Role         | User                            | Group | Project      | Domain | Inherited |
    +--------------+---------------------------------+-------+--------------+--------+-----------+
    | projectadmin | Arturo Borrero Gonzalez@Default |       | newp@Default |        | False     |
    | user         | Arturo Borrero Gonzalez@Default |       | newp@Default |        | False     |
    | projectadmin | novaadmin@Default               |       | newp@Default |        | False     |
    | user         | novaadmin@Default               |       | newp@Default |        | False     |
    | observer     | Novaobserver@Default            |       | newp@Default |        | False     |
    | projectadmin | Tarrow@Default                  |       | newp@Default |        | False     |
    | user         | Tarrow@Default                  |       | newp@Default |        | False     |
    +--------------+---------------------------------+-------+--------------+--------+-----------+
    
  5. Please make sure to instruct the user to join the cloud-announce mailing list.

Deleting a project

Project deletion tends to leave orphaned resources lying about. Eventually this should all be handled by Designate or Keystone hooks, but until then:

  1. Make sure there are no instances in the project. This can be done in Horizon or via the commandline:
    $ sudo wmcs-openstack server list --project <project>
    $ sudo wmcs-openstack server delete <instance id>
    
  2. Note if a custom flavor is present (these should be standardized after September 2020), and remove if no longer used outside of project:
    $ sudo wmcs-openstack flavor list
    $ sudo wmcs-openstack flavor delete <flavor name>
    
  3. Make sure the project is not configured for NFS modules/labstore/templates/nfs-mounts.yaml.erb.
  4. Make sure there are no dns zones allocated to the project. This can be done in Horizon Here (Be sure to select the right project using the dropdown) or via the commandline:
    $ sudo wmcs-openstack zone list --sudo-project-id <project>
    $ sudo wmcs-openstack zone delete --sudo-project-id <project> <zone id>
    
  5. Delete any proxies the project may have via Horizon. Be sure to select the right project using the dropdown
  6. Delete any prefix- or project-wide puppet configurations via Horizon Here and Here. Be sure to select the right project using the dropdown
  7. Utilizing horizon, confirm no project specific config, rules, or resources remain.
  8. Finally, delete the project using Horizon or the commandline. If using Horizon, set your current project to 'Admin' and then delete the project using the Identity->Projects panel:
    $ sudo wmcs-openstack project delete <project>
    
  9. Remove the project from the list at Portal:Cloud VPS/Admin/Projects

If you need to drop some user involvement with a project:

$ sudo wmcs-openstack role remove --user someuser --project someproject projectadmin
$ sudo wmcs-openstack role remove --user someuser --project someproject user

Modifying project quotas

CPU, Memory, Storage

  1. CPU, Memory, and Storage can all be set as shown below.
    $ sudo wmcs-openstack quota set --cores 26 --ram 36864 --gigabytes 320 videocuttool
    $ sudo wmcs-openstack quota show videocuttool
    +----------------------+-------------+
    | Field                | Value       |
    +----------------------+-------------+
    | backup-gigabytes     | 1000        |
    | backups              | 0           |
    | cores                | 26          |
    | fixed-ips            | -1          |
    | floating-ips         | 0           |
    | gigabytes            | 320         |
    | gigabytes_standard   | -1          |
    | groups               | 4           |
    | health_monitors      | None        |
    | injected-file-size   | 10240       |
    | injected-files       | 5           |
    | injected-path-size   | 255         |
    | instances            | 8           |
    | key-pairs            | 100         |
    | l7_policies          | None        |
    | listeners            | None        |
    | load_balancers       | None        |
    | name                 | None        |
    | networks             | 100         |
    | per-volume-gigabytes | -1          |
    | pools                | None        |
    | ports                | 500         |
    | project              | videocuttool|
    | project_name         | videocuttool|
    | properties           | 128         |
    | ram                  | 36864       |
    | rbac_policies        | 10          |
    | routers              | 10          |
    | secgroup-rules       | 100         |
    | secgroups            | 40          |
    | server-group-members | 10          |
    | server-groups        | 10          |
    | snapshots            | 4           |
    | snapshots_standard   | -1          |
    | subnet_pools         | -1          |
    | subnets              | 100         |
    | volumes              | 8           |
    | volumes_standard     | -1          |
    +----------------------+-------------+
    

Floating ip

  1. Set the number of floating ips
    $ sudo wmcs-openstack quota set --floating-ips 1 devtools
    $ sudo wmcs-openstack quota show devtools
    +----------------------+----------+
    | Field                | Value    |
    +----------------------+----------+
    | cores                | 16       |
    | fixed-ips            | -1       |
    | floating-ips         | 1        |
    | health_monitors      | None     |
    | injected-file-size   | 10240    |
    | injected-files       | 5        |
    | injected-path-size   | 255      |
    | instances            | 8        |
    | key-pairs            | 100      |
    | l7_policies          | None     |
    | listeners            | None     |
    | load_balancers       | None     |
    | location             | None     |
    | name                 | None     |
    | networks             | 100      |
    | pools                | None     |
    | ports                | 500      |
    | project              | devtools |
    | project_name         | devtools |
    | properties           | 128      |
    | ram                  | 32768    |
    | rbac_policies        | 10       |
    | routers              | 10       |
    | secgroup-rules       | 100      |
    | secgroups            | 40       |
    | server-group-members | 10       |
    | server-groups        | 10       |
    | subnet_pools         | -1       |
    | subnets              | 100      |
    +----------------------+----------+
    


Database / Trove

See Trove_quotas

History

In previous versions of Cloud VPS all the projects lifecyle was handled via Wikitech itself, with some custom MediaWiki plugins to hook the Openstack API. This was eventually replaced by Horizon, which can handle all the operations by itself.

See also