Remove octavia user from admin project

It is unnecessary to add octavia user into admin project. Octavia project does not require this action. Like other projects, octavia user in service project with admin role is enough. [1] https://docs.openstack.org/octavia/latest/install/install-ubuntu.html [2] https://docs.openstack.org/octavia/latest/contributor/guides/dev-quick-start.html#production-deployment-walkthrough [3] https://github.com/openstack/octavia/blob/master/devstack/plugin.sh Closes-Bug: #1873176 Change-Id: I35d35177aaabfc6f0abc533a1f756b363bd02308
2020-04-16 00:48:09 +08:00 · 2020-04-16 00:48:09 +08:00 · bb7e1e8660
parent 7a193d1f06
commit bb7e1e8660
3 changed files with 24 additions and 13 deletions
--- a/ansible/roles/octavia/tasks/register.yml
+++ b/ansible/roles/octavia/tasks/register.yml
@ -7,19 +7,6 @@
    service_ks_register_users: "{{ octavia_ks_users }}"
  tags: always

- name: Adding octavia user into admin project
-  become: true
-  kolla_toolbox:
-    module_name: "os_user_role"
-    module_args:
-      user: "{{ octavia_keystone_user }}"
-      role: admin
-      project: "{{ keystone_admin_project }}"
-      auth: "{{ openstack_octavia_auth }}"
-      endpoint_type: "{{ openstack_interface }}"
-      cacert: "{{ openstack_cacert }}"
-  run_once: True
-
 - name: Adding octavia related roles
  become: true
  kolla_toolbox:
--- a/ansible/roles/octavia/tasks/upgrade.yml
+++ b/ansible/roles/octavia/tasks/upgrade.yml
@ -5,3 +5,18 @@

 - name: Flush handlers
  meta: flush_handlers
+
+# TODO(mgoddard): Remove this task in Victoria.
+- name: Removing octavia user from admin project
+  become: true
+  kolla_toolbox:
+    module_name: "os_user_role"
+    module_args:
+      user: "{{ octavia_keystone_user }}"
+      role: admin
+      state: absent
+      project: "{{ keystone_admin_project }}"
+      auth: "{{ openstack_octavia_auth }}"
+      endpoint_type: "{{ openstack_interface }}"
+      cacert: "{{ openstack_cacert }}"
+  run_once: True
--- a/releasenotes/notes/remove-octavia-user-in-admin-project-action-95c87ca45a1188d6.yaml
+++ b/releasenotes/notes/remove-octavia-user-in-admin-project-action-95c87ca45a1188d6.yaml
@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    The octavia user is no longer given the admin role in the admin
+    project. Octavia does not require this role and instead uses octavia
+    user with admin role in service project. During an upgrade the octavia
+    user is removed from the admin project. See
+    `bug 1873176 <https://bugs.launchpad.net/kolla-ansible/+bug/1873176>`__
+    for details.