Remove octavia user from admin project

It is unnecessary to add octavia user into admin project. Octavia project does not require this action. Like other projects, octavia user in service project with admin role is enough. [1] https://docs.openstack.org/octavia/latest/install/install-ubuntu.html [2] https://docs.openstack.org/octavia/latest/contributor/guides/dev-quick-start.html#production-deployment-walkthrough [3] https://github.com/openstack/octavia/blob/master/devstack/plugin.sh Closes-Bug: #1873176 Change-Id: I35d35177aaabfc6f0abc533a1f756b363bd02308 (cherry picked from commit bb7e1e8660)
2020-04-16 00:48:09 +08:00 · 2020-04-16 00:48:09 +08:00 · 07c89ac47f
parent 3fe1102e0c
commit 07c89ac47f
3 changed files with 24 additions and 13 deletions
--- a/ansible/roles/octavia/tasks/register.yml
+++ b/ansible/roles/octavia/tasks/register.yml
@ -7,19 +7,6 @@
    service_ks_register_users: "{{ octavia_ks_users }}"
  tags: always

- name: Adding octavia user into admin project
-  become: true
-  kolla_toolbox:
-    module_name: "os_user_role"
-    module_args:
-      user: "{{ octavia_keystone_user }}"
-      role: admin
-      project: "{{ keystone_admin_project }}"
-      auth: "{{ openstack_octavia_auth }}"
-      endpoint_type: "{{ openstack_interface }}"
-      cacert: "{{ openstack_cacert }}"
-  run_once: True
-
 - name: Adding octavia related roles
  become: true
  kolla_toolbox:
--- a/ansible/roles/octavia/tasks/upgrade.yml
+++ b/ansible/roles/octavia/tasks/upgrade.yml
@ -5,3 +5,18 @@

 - name: Flush handlers
  meta: flush_handlers
+
+# TODO(mgoddard): Remove this task in Victoria.
+- name: Removing octavia user from admin project
+  become: true
+  kolla_toolbox:
+    module_name: "os_user_role"
+    module_args:
+      user: "{{ octavia_keystone_user }}"
+      role: admin
+      state: absent
+      project: "{{ keystone_admin_project }}"
+      auth: "{{ openstack_octavia_auth }}"
+      endpoint_type: "{{ openstack_interface }}"
+      cacert: "{{ openstack_cacert }}"
+  run_once: True
--- a/releasenotes/notes/remove-octavia-user-in-admin-project-action-95c87ca45a1188d6.yaml
+++ b/releasenotes/notes/remove-octavia-user-in-admin-project-action-95c87ca45a1188d6.yaml
@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    The octavia user is no longer given the admin role in the admin
+    project. Octavia does not require this role and instead uses octavia
+    user with admin role in service project. During an upgrade the octavia
+    user is removed from the admin project. See
+    `bug 1873176 <https://bugs.launchpad.net/kolla-ansible/+bug/1873176>`__
+    for details.