From 6c396318ed3b705947ab5d967d4496b136402f0b Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Thu, 8 Sep 2022 10:07:13 +0200 Subject: [PATCH] Require usage of service_token_roles With Yoga we've added `service` role for each service and set it as `service_token_roles`. For upgrade purposes service_token_roles_required was set to False, as otherwise services won't be able to comunicate until upgrade is finished. Now we remove override and require usage of service_token_roles by default. Change-Id: I6e57c26dcae1e1470280dc5988903b79f9cb9b16 --- inventory/group_vars/all/keystone.yml | 3 --- .../service_token_roles_required-5d0dce2878775b23.yaml | 8 ++++++++ 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/service_token_roles_required-5d0dce2878775b23.yaml diff --git a/inventory/group_vars/all/keystone.yml b/inventory/group_vars/all/keystone.yml index 84d83a712b..f82f1022a7 100644 --- a/inventory/group_vars/all/keystone.yml +++ b/inventory/group_vars/all/keystone.yml @@ -40,6 +40,3 @@ keystone_service_publicuri_insecure: False keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}" keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3" - -# NOTE(noonedeadpunk): Drop variable after Y release. Placed for upgrade purposes only -openstack_service_token_roles_required: False diff --git a/releasenotes/notes/service_token_roles_required-5d0dce2878775b23.yaml b/releasenotes/notes/service_token_roles_required-5d0dce2878775b23.yaml new file mode 100644 index 0000000000..f005cd5c25 --- /dev/null +++ b/releasenotes/notes/service_token_roles_required-5d0dce2878775b23.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + Since Yoga release ``service`` role is being assigned to all service users. + Though, service_token_roles_required was set to ``False`` for upgrade + purposes. Now ``service_token_roles_required`` is set to ``True`` by + default. If you still want to preserve old behaviour, you can define + ``openstack_service_token_roles_required: False`` in your user_variables.