Remove keystone service user

The keystone service user is never used by the keystone service. Remove
the tasks creating it and related variables.

Change-Id: Iede26cba97ab43cdd0abc3887883e61d40007b34

defaults/main.yml

@@ -168,7 +168,6 @@ keystone_service_name: keystone
 keystone_service_port: 5000
 keystone_service_type: identity
 keystone_service_description: "Keystone Identity Service"
-keystone_service_user_name: keystone
 keystone_service_tenant_name: service
 
 keystone_service_proto: http
@@ -488,7 +487,6 @@ keystone_required_secrets:
   - keystone_oslomsg_rpc_password
   - keystone_oslomsg_notify_password
   - keystone_rabbitmq_password
-  - keystone_service_password
 
 keystone_uwsgi_init_overrides: {}
 

doc/source/index.rst

@@ -44,7 +44,6 @@ To use this role, define the following variables:
     keystone_container_mysql_password: "YourPassword"
 
     keystone_auth_admin_password: "SuperSecretePassword"
-    keystone_service_password: "secrete"
     keystone_rabbitmq_password: "secrete"
     keystone_container_mysql_password: "SuperSecrete"
 

examples/playbook.yml

@@ -13,7 +13,6 @@
     keystone_developer_mode: true
     keystone_git_install_branch: master
     keystone_auth_admin_password: "SuperSecretePassword"
-    keystone_service_password: "secrete"
     keystone_oslomsg_rpc_password: "secrete"
     keystone_oslomsg_notify_password: "secrete"
     keystone_container_mysql_password: "SuperSecrete"

releasenotes/notes/os-keystone-remove-service-user-f2100fa3127c7c2e.yaml

@@ -0,0 +1,7 @@
+---
+upgrade:
+  - |
+    The tasks creating a keystone service user have been removed, along with
+    related variables ``keystone_service_user_name`` and
+    ``keystone_service_password``. This user can be deleted in existing
+    deployments.

tasks/keystone_service_update.yml

@@ -87,38 +87,6 @@
       retries: 5
       delay: 10
 
-    - name: Add service user
-      os_user:
-        cloud: default
-        state: present
-        name: "{{ keystone_service_user_name }}"
-        password: "{{ keystone_service_password }}"
-        domain: default
-        default_project: "{{ keystone_service_tenant_name }}"
-        endpoint_type: admin
-        verify: "{{ not keystone_service_adminuri_insecure }}"
-      register: add_service
-      when: not keystone_service_in_ldap | bool
-      until: add_service is success
-      retries: 5
-      delay: 10
-      no_log: True
-
-    - name: Add service user to admin role
-      os_user_role:
-        cloud: default
-        state: present
-        user: "{{ keystone_service_user_name }}"
-        role: "{{ keystone_role_name }}"
-        project: "{{ keystone_service_tenant_name }}"
-        endpoint_type: admin
-        verify: "{{ not keystone_service_adminuri_insecure }}"
-      register: add_service
-      when: not keystone_service_in_ldap | bool
-      until: add_service is success
-      retries: 5
-      delay: 10
-
     - name: Add endpoints to keystone endpoint catalog
       os_keystone_endpoint:
         cloud: default