diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp
index 7e1adb0f..571256fb 100644
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -125,16 +125,5 @@ class ceilometer::keystone::auth (
     password            => $password,
     email               => $email,
     tenant              => $tenant,
-    roles               => ['admin', 'ResellerAdmin'],
   }
-
-  if $configure_user_role {
-    if !defined(Keystone_role['ResellerAdmin']) {
-      keystone_role { 'ResellerAdmin':
-        ensure => present,
-      }
-    }
-    Keystone_role['ResellerAdmin'] -> Keystone_user_role["${auth_name}@${tenant}"]
-  }
-
 }
diff --git a/releasenotes/notes/reseller-admin-45b1cad10ec19b99.yaml b/releasenotes/notes/reseller-admin-45b1cad10ec19b99.yaml
new file mode 100644
index 00000000..3e1c9354
--- /dev/null
+++ b/releasenotes/notes/reseller-admin-45b1cad10ec19b99.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The ``ResellerAdmin`` role is no longer assigned to the ceilometer user
+    in Keystone.
diff --git a/spec/classes/ceilometer_keystone_auth_spec.rb b/spec/classes/ceilometer_keystone_auth_spec.rb
index 0063ebf0..ca8e63b3 100644
--- a/spec/classes/ceilometer_keystone_auth_spec.rb
+++ b/spec/classes/ceilometer_keystone_auth_spec.rb
@@ -32,8 +32,7 @@ describe 'ceilometer::keystone::auth' do
 
       it 'configures ceilometer user roles' do
         is_expected.to contain_keystone_user_role("#{default_params[:auth_name]}@#{default_params[:tenant]}").with(
-          :ensure  => 'present',
-          :roles   => ['admin','ResellerAdmin']
+          :ensure => 'present',
         )
       end
     end
@@ -59,8 +58,7 @@ describe 'ceilometer::keystone::auth' do
 
       it 'configures ceilometer user roles' do
         is_expected.to contain_keystone_user_role("#{params[:auth_name]}@#{params[:tenant]}").with(
-          :ensure  => 'present',
-          :roles   => ['admin','ResellerAdmin']
+          :ensure => 'present',
         )
       end
     end