diff --git a/ansible/roles/octavia/tasks/register.yml b/ansible/roles/octavia/tasks/register.yml index c44ac4e202..39a0bc577b 100644 --- a/ansible/roles/octavia/tasks/register.yml +++ b/ansible/roles/octavia/tasks/register.yml @@ -7,19 +7,6 @@ service_ks_register_users: "{{ octavia_ks_users }}" tags: always -- name: Adding octavia user into admin project - become: true - kolla_toolbox: - module_name: "os_user_role" - module_args: - user: "{{ octavia_keystone_user }}" - role: admin - project: "{{ keystone_admin_project }}" - auth: "{{ openstack_octavia_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - - name: Adding octavia related roles become: true kolla_toolbox: diff --git a/ansible/roles/octavia/tasks/upgrade.yml b/ansible/roles/octavia/tasks/upgrade.yml index 2d4777ab57..f7c6365883 100644 --- a/ansible/roles/octavia/tasks/upgrade.yml +++ b/ansible/roles/octavia/tasks/upgrade.yml @@ -5,3 +5,18 @@ - name: Flush handlers meta: flush_handlers + +# TODO(mgoddard): Remove this task in Victoria. +- name: Removing octavia user from admin project + become: true + kolla_toolbox: + module_name: "os_user_role" + module_args: + user: "{{ octavia_keystone_user }}" + role: admin + state: absent + project: "{{ keystone_admin_project }}" + auth: "{{ openstack_octavia_auth }}" + endpoint_type: "{{ openstack_interface }}" + cacert: "{{ openstack_cacert }}" + run_once: True diff --git a/releasenotes/notes/remove-octavia-user-in-admin-project-action-95c87ca45a1188d6.yaml b/releasenotes/notes/remove-octavia-user-in-admin-project-action-95c87ca45a1188d6.yaml new file mode 100644 index 0000000000..63b69524f3 --- /dev/null +++ b/releasenotes/notes/remove-octavia-user-in-admin-project-action-95c87ca45a1188d6.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + The octavia user is no longer given the admin role in the admin + project. Octavia does not require this role and instead uses octavia + user with admin role in service project. During an upgrade the octavia + user is removed from the admin project. See + `bug 1873176 `__ + for details.