I am facing a strange issue with tagging in self_service catalogue


#1

Hi Support Team,

I am facing a strange issue with tagging in regards to the self_service catalogue. I have created a catalogue item to create linux vm in vmware environment and tagged the catalogue item to the group. Now the user is able to login to self_service portal see the catalogue item and order the vm. The vm gets provisioned successfully but the user is not able to his service he has ordered nor the vm that is getting created.
If i login using admin i am able to see the vm got created successfully and owner is shown as the username and his group. Only after i add the policy tag to the vm and service from top policy accordion and after saving it the user is able to see the VM in his login page.

I am not sure if i am missing something but this looks like a puzzle to me. can someone please help me with this.
Ravi


#2

Tag filtering restrict access to all objects of cfme. in this way you should tagging provisioned object such as new service and new vm during or after provisioning.
I use post-provision stage of vm provisioning statemacine to assign tags to newly provisioned vm and to its direct service.


#3

Thanks a lot for the reply thats exactly what i am trying to achieve…Can you please point me towards a direction or document which i can use to set this post provision step.


#4

All providers type have its own post-provision method and you can use it to assign tags. For example there is openstack_postprovision method and I use it to assign tags to newly vms.

https://pemcg.gitbooks.io/mastering-automation-in-cloudforms-4-2-and-manage/content/customising_vm_provisioning/chapter.html

https://pemcg.gitbooks.io/mastering-automation-in-cloudforms-4-2-and-manage/content/vm_provision_state_machine/chapter.html


#5

Hi Igor,

thanks for the reply…Yeah i see a post provision method for vmware infrastructure. but the method is kind of empty… can you please share the code you used to assighn tags for openstack will try to modify that as per my requirement.

Regards,
Ravi


#6

I am on vacation now and I don’t have access to my computer. But after two days I will answer you.


#7

thanks a lot no issues can wait…njoy ur vacation


#8

Hi @Ravikanth_B
For your task you can use two ways to entering automate. First you can use the /Infrastructure/VM/Provisioning/StateMachines/Methods/vmware_PostProvision method or you can use the vm_provisioned message from /System/Event/MiqEvent/POLICY/vm_provisioned (I think can be used for any provider)

First you should wait before vm has direct_service association. I use just while loop but more intelligence way is to use StateMachine capability of check and retry. (https://access.redhat.com/documentation/en-us/reference_architectures/2017/html/deploying_cloudforms_at_scale/automate#reducing_execution_time)

# Try to wait before vm has service association
service_id = nil
count = 0
while service_id.nil? and count <= 60
  vm.refresh
  sleep(1)
  service_id = vm.service.id unless vm.service.nil?
  count += 1
end

And than you can just assign tags to vm and its service for users access:

category = 'yourcategory'.downcase
tag = 'yourtag'.downcase

vm  = $evm.root['vm']
tag = "#{category}/#{tag}"

unless vm.nil?
  $evm.log(:info, "Assign tag #{tagget} to provisioned VM #{vm.name}")
  vm.tag_assign(tag)
  $evm.log(:info, "Related tags for provisioned VM #{vm.name} -- #{vm.tags}")
end

unless vm.direct_service.nil?
  service = vm.direct_service
  $evm.log(:info, "Assign tag #{tag} to provisioned service #{service.name}")
  service.tag_assign(tag)
  $evm.log(:info, "Related tags for provisioned service #{service.name} -- #{service.tags}")
end

https://pemcg.gitbooks.io/mastering-automation-in-cloudforms-4-2-and-manage/content/using_tags_from_automate/chapter.html


#9

Hi Igor,

Thanks a lot for the response…With the below method it would be able to
assign the tag to a vm but for that i need to specifically mention the
category(yourcategory) and tag(yourtag) and if i hard code it then all the
new vm’s woud be tagged with same category which i don’t want to happen.
Whoever the user who is requesting the service his category and tag should
be automatically assigned to the vm.

Regards,
Ravi


#10

Hi,

Yes, but I use dynamic selection of this thing during provisioning. I create the ‘tenant’ category and for each users tenants I create a tag like ‘tenant/sag’:

During the VM provision I select the tag related to user tenant:

category = 'tenant'

vm     = $evm.root['vm']
tenant = vm.tenant

tag = tenant.name.to_s.downcase
tagget = (tenant.source_type == 'CloudTenant') ? "#{category}/#{tag}" : $evm.object['regexp'].to_s
vm.tag_assign(tagget)

These tags created automaticaly during ems refresh and I use these tags for vms and service filtering for users.


#11

Thanks A lot for the detailed info…I will try to get it work from my end…


#12

You can use user group as tag name and than use the “$evm.root[‘vm’].miq_group_id” attribute of vm to retrieve and set the tag related to this group.


#13

Hi Igor,

I am trying to add Azure cloud provider into manageiq and i am successfully
able to do it without any issues. but i am unable to see any existing
instances already present in AZURE within cloudforms. Any clue how can i
make them visible within cloudforms.


#14

Hi @Ravikanth_B

I use messages capability of ManageIQ and for such task I use ems_auth_valid event to trigger Automation workflow after External Management System (your provider) is refreshed:

As you can see the rel5 relationship have ServiceAssign instance. During its execution any vms that not related to any service and not spawned by ManageIQ are attached to generic service and tagged by particular tags.

There is method that run from instance:

First I get all vms after ems refresh and than I check if instance created by MIQ (have miq_provision association or direct_service association). If not I assign this instance to service created with owned group name or tenant name and add tag related to this group/tenant.


#15

I am seeing below error in logs,

[----] E, [2017-08-01T10:16:08.660940 #2734:11bb6f0] ERROR – : The following error occurred during method evaluation:
[----] E, [2017-08-01T10:16:08.667985 #2734:11bb6f0] ERROR – : NoMethodError: undefined method name' for nil:NilClass [----] E, [2017-08-01T10:16:08.678059 #2734:11bb6f0] ERROR -- : <AEMethod serviceassign> (druby://localhost:40778) -:112:inblock in ‘
[----] E, [2017-08-01T10:16:08.697940 #2734:11bb6f0] ERROR – : Method
STDERR: (druby://localhost:40778) -:112:in block in <main>': undefined methodname’ for nil:NilClass (NoMethodError)
[----] E, [2017-08-01T10:16:08.699114 #2734:11bb6f0] ERROR – : Method
STDERR: from (druby://localhost:40778)
/opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/drb.rb:1624:in
perform_without_block' [----] E, [2017-08-01T10:16:08.700639 #2734:11bb6f0] ERROR -- : Method STDERR: from (druby://localhost:40778) /opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/drb.rb:1584:inperform’
[----] E, [2017-08-01T10:16:08.701840 #2734:11bb6f0] ERROR – : Method
STDERR: from (druby://localhost:40778)
/opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/drb.rb:1657:in block (2 levels) in main_loop' [----] E, [2017-08-01T10:16:08.703031 #2734:11bb6f0] ERROR -- : Method STDERR: from (druby://localhost:40778) /opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/drb.rb:1653:inloop’
[----] E, [2017-08-01T10:16:08.704752 #2734:11bb6f0] ERROR – : Method
STDERR: from (druby://localhost:40778)
/opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/drb.rb:1653:in block in main_loop' [----] E, [2017-08-01T10:16:08.705984 #2734:11bb6f0] ERROR -- : Method STDERR: from (druby://127.0.0.1:35168) /opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/invokemethod.rb:11:inblock_yield’
[----] E, [2017-08-01T10:16:08.707148 #2734:11bb6f0] ERROR – : Method
STDERR: from (druby://127.0.0.1:35168)
/opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/invokemethod.rb:18:in block in perform_with_block' [----] E, [2017-08-01T10:16:08.708558 #2734:11bb6f0] ERROR -- : Method STDERR: from (druby://127.0.0.1:35168) /opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/invokemethod.rb:15:ineach’
[----] E, [2017-08-01T10:16:08.709965 #2734:11bb6f0] ERROR – : Method
STDERR: from (druby://127.0.0.1:35168)
/opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/invokemethod.rb:15:in
perform_with_block' [----] E, [2017-08-01T10:16:08.711565 #2734:11bb6f0] ERROR -- : Method STDERR: from (druby://127.0.0.1:35168) /opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/drb.rb:1582:inperform’
[----] E, [2017-08-01T10:16:08.713121 #2734:11bb6f0] ERROR – : Method
STDERR: from (druby://127.0.0.1:35168)
/opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/drb.rb:1657:in block (2 levels) in main_loop' [----] E, [2017-08-01T10:16:08.714419 #2734:11bb6f0] ERROR -- : Method STDERR: from (druby://127.0.0.1:35168) /opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/drb.rb:1653:inloop’
[----] E, [2017-08-01T10:16:08.716031 #2734:11bb6f0] ERROR – : Method
STDERR: from (druby://127.0.0.1:35168)
/opt/rubies/ruby-2.3.1/lib/ruby/2.3.0/drb/drb.rb:1653:in block in main_loop' [----] E, [2017-08-01T10:16:08.717371 #2734:11bb6f0] ERROR -- : Method STDERR: from <code: vms.each do |vm|>:7:in'
[----] I, [2017-08-01T10:16:08.767124 #2734:705134] INFO – : <AEMethod
[/ACME/System/event_handlers/ServiceAssign]> Ending
[----] E, [2017-08-01T10:16:08.777371 #2734:705134] ERROR – : Aborting
instantiation (unknown method return code) because [Method exited with
rc=Unknown RC: [1]]
[----] E, [2017-08-01T10:16:08.778192 #2734:705134] ERROR – : Aborting
instantiation (unknown method return code) because [Method exited with
rc=Unknown RC: [1]]
[----] E, [2017-08-01T10:16:08.778547 #2734:705134] ERROR – : Aborting
instantiation (unknown method return code) because [Method exited with
rc=Unknown RC: [1]]
[----] E, [2017-08-01T10:16:09.679307 #2742:117b000] ERROR – : The following error occurred during method evaluation:
[----] E, [2017-08-01T10:16:09.681019 #2742:117b000] ERROR – : NoMethodError: undefined method name' for nil:NilClass [----] E, [2017-08-01T10:16:09.684102 #2742:117b000] ERROR -- : <AEMethod serviceassign> (druby://localhost:43237) -:112:inblock in ’


#16

@Ravikanth_B you shoud change my method for you environment. I use cloud_tenants for user access but I think you should change it to your groups instead (if you use groups for users workloads separation)

For example I use VM’s cloud_tenant (cloud_tenant_id = vm.cloud_tenant_id) to assign VM to group that have access to MIQ tenant related to this cloud_tenant.

I think you does not have cloud_tenants and does not use them for user access. In this way you should change the logic of how assign VM to particular group from cloud provider and how assign related tag to this vm.