Merge "Remove octavia user from admin project"

ansible/roles/octavia/tasks/register.yml

@@ -7,19 +7,6 @@
     service_ks_register_users: "{{ octavia_ks_users }}"
   tags: always
 
-- name: Adding octavia user into admin project
-  become: true
-  kolla_toolbox:
-    module_name: "os_user_role"
-    module_args:
-      user: "{{ octavia_keystone_user }}"
-      role: admin
-      project: "{{ keystone_admin_project }}"
-      auth: "{{ openstack_octavia_auth }}"
-      endpoint_type: "{{ openstack_interface }}"
-      cacert: "{{ openstack_cacert }}"
-  run_once: True
-
 - name: Adding octavia related roles
   become: true
   kolla_toolbox:

ansible/roles/octavia/tasks/upgrade.yml

@@ -5,3 +5,18 @@
 
 - name: Flush handlers
   meta: flush_handlers
+
+# TODO(mgoddard): Remove this task in Victoria.
+- name: Removing octavia user from admin project
+  become: true
+  kolla_toolbox:
+    module_name: "os_user_role"
+    module_args:
+      user: "{{ octavia_keystone_user }}"
+      role: admin
+      state: absent
+      project: "{{ keystone_admin_project }}"
+      auth: "{{ openstack_octavia_auth }}"
+      endpoint_type: "{{ openstack_interface }}"
+      cacert: "{{ openstack_cacert }}"
+  run_once: True

releasenotes/notes/remove-octavia-user-in-admin-project-action-95c87ca45a1188d6.yaml

@@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    The octavia user is no longer given the admin role in the admin
+    project. Octavia does not require this role and instead uses octavia
+    user with admin role in service project. During an upgrade the octavia
+    user is removed from the admin project. See
+    `bug 1873176 <https://bugs.launchpad.net/kolla-ansible/+bug/1873176>`__
+    for details.