Remove octavia user from admin project
It is unnecessary to add octavia user into admin project. Octavia project does not require this action. Like other projects, octavia user in service project with admin role is enough. [1] https://docs.openstack.org/octavia/latest/install/install-ubuntu.html [2] https://docs.openstack.org/octavia/latest/contributor/guides/dev-quick-start.html#production-deployment-walkthrough [3] https://github.com/openstack/octavia/blob/master/devstack/plugin.sh Closes-Bug: #1873176 Change-Id: I35d35177aaabfc6f0abc533a1f756b363bd02308
This commit is contained in:
parent
7a193d1f06
commit
bb7e1e8660
@ -7,19 +7,6 @@
|
|||||||
service_ks_register_users: "{{ octavia_ks_users }}"
|
service_ks_register_users: "{{ octavia_ks_users }}"
|
||||||
tags: always
|
tags: always
|
||||||
|
|
||||||
- name: Adding octavia user into admin project
|
|
||||||
become: true
|
|
||||||
kolla_toolbox:
|
|
||||||
module_name: "os_user_role"
|
|
||||||
module_args:
|
|
||||||
user: "{{ octavia_keystone_user }}"
|
|
||||||
role: admin
|
|
||||||
project: "{{ keystone_admin_project }}"
|
|
||||||
auth: "{{ openstack_octavia_auth }}"
|
|
||||||
endpoint_type: "{{ openstack_interface }}"
|
|
||||||
cacert: "{{ openstack_cacert }}"
|
|
||||||
run_once: True
|
|
||||||
|
|
||||||
- name: Adding octavia related roles
|
- name: Adding octavia related roles
|
||||||
become: true
|
become: true
|
||||||
kolla_toolbox:
|
kolla_toolbox:
|
||||||
|
@ -5,3 +5,18 @@
|
|||||||
|
|
||||||
- name: Flush handlers
|
- name: Flush handlers
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
|
||||||
|
# TODO(mgoddard): Remove this task in Victoria.
|
||||||
|
- name: Removing octavia user from admin project
|
||||||
|
become: true
|
||||||
|
kolla_toolbox:
|
||||||
|
module_name: "os_user_role"
|
||||||
|
module_args:
|
||||||
|
user: "{{ octavia_keystone_user }}"
|
||||||
|
role: admin
|
||||||
|
state: absent
|
||||||
|
project: "{{ keystone_admin_project }}"
|
||||||
|
auth: "{{ openstack_octavia_auth }}"
|
||||||
|
endpoint_type: "{{ openstack_interface }}"
|
||||||
|
cacert: "{{ openstack_cacert }}"
|
||||||
|
run_once: True
|
||||||
|
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The octavia user is no longer given the admin role in the admin
|
||||||
|
project. Octavia does not require this role and instead uses octavia
|
||||||
|
user with admin role in service project. During an upgrade the octavia
|
||||||
|
user is removed from the admin project. See
|
||||||
|
`bug 1873176 <https://bugs.launchpad.net/kolla-ansible/+bug/1873176>`__
|
||||||
|
for details.
|
Loading…
Reference in New Issue
Block a user