Remove keystone service user
The keystone service user is never used by the keystone service. Remove the tasks creating it and related variables. Change-Id: Iede26cba97ab43cdd0abc3887883e61d40007b34
This commit is contained in:
Jimmy McCrory
parent
08af3c29a4
commit
d638110970
|
|
@ -168,7 +168,6 @@ keystone_service_name: keystone
|
|||
keystone_service_port: 5000
|
||||
keystone_service_type: identity
|
||||
keystone_service_description: "Keystone Identity Service"
|
||||
keystone_service_user_name: keystone
|
||||
keystone_service_tenant_name: service
|
||||
|
||||
keystone_service_proto: http
|
||||
|
|
@ -488,7 +487,6 @@ keystone_required_secrets:
|
|||
- keystone_oslomsg_rpc_password
|
||||
- keystone_oslomsg_notify_password
|
||||
- keystone_rabbitmq_password
|
||||
- keystone_service_password
|
||||
|
||||
keystone_uwsgi_init_overrides: {}
|
||||
|
||||
|
|
|
|||
|
|
@ -44,7 +44,6 @@ To use this role, define the following variables:
|
|||
keystone_container_mysql_password: "YourPassword"
|
||||
|
||||
keystone_auth_admin_password: "SuperSecretePassword"
|
||||
keystone_service_password: "secrete"
|
||||
keystone_rabbitmq_password: "secrete"
|
||||
keystone_container_mysql_password: "SuperSecrete"
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@
|
|||
keystone_developer_mode: true
|
||||
keystone_git_install_branch: master
|
||||
keystone_auth_admin_password: "SuperSecretePassword"
|
||||
keystone_service_password: "secrete"
|
||||
keystone_oslomsg_rpc_password: "secrete"
|
||||
keystone_oslomsg_notify_password: "secrete"
|
||||
keystone_container_mysql_password: "SuperSecrete"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
The tasks creating a keystone service user have been removed, along with
|
||||
related variables ``keystone_service_user_name`` and
|
||||
``keystone_service_password``. This user can be deleted in existing
|
||||
deployments.
|
||||
|
|
@ -87,38 +87,6 @@
|
|||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: Add service user
|
||||
os_user:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ keystone_service_user_name }}"
|
||||
password: "{{ keystone_service_password }}"
|
||||
domain: default
|
||||
default_project: "{{ keystone_service_tenant_name }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not keystone_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
|
||||
- name: Add service user to admin role
|
||||
os_user_role:
|
||||
cloud: default
|
||||
state: present
|
||||
user: "{{ keystone_service_user_name }}"
|
||||
role: "{{ keystone_role_name }}"
|
||||
project: "{{ keystone_service_tenant_name }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not keystone_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: Add endpoints to keystone endpoint catalog
|
||||
os_keystone_endpoint:
|
||||
cloud: default
|
||||
|
|
|
|||
Loading…
Reference in New Issue