From 62fcbf7500a7eb9a470a4193409c86b941bf3c85 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 28 Apr 2025 12:00:20 +0200 Subject: [PATCH] Stop creating the `member` role in Horizon The goal is to simplify the os_horizon role by dropping out an unnecessary step of Keystone role creation, when a non-default value is set for `horizon_default_role_name`. In case a deployer needs to have a non-default value for horizon_default_role_name, they are encouraged to leverage an openstack_resources role/playbook to provision such role for them. Change-Id: I97d3c837a880c0ce3ebf6c44d94e85e4e9e52b23 --- ...ult_role_name_create-48fb556caa075665.yaml | 12 ++++++ tasks/horizon_service_setup.yml | 42 ------------------- tasks/main.yml | 8 ---- 3 files changed, 12 insertions(+), 50 deletions(-) create mode 100644 releasenotes/notes/horizon_default_role_name_create-48fb556caa075665.yaml delete mode 100644 tasks/horizon_service_setup.yml diff --git a/releasenotes/notes/horizon_default_role_name_create-48fb556caa075665.yaml b/releasenotes/notes/horizon_default_role_name_create-48fb556caa075665.yaml new file mode 100644 index 00000000..17cd0037 --- /dev/null +++ b/releasenotes/notes/horizon_default_role_name_create-48fb556caa075665.yaml @@ -0,0 +1,12 @@ +--- + +deprecations: + - | + The ``horizon_default_role_name`` (default `member`) Keystone role existence + is no longer ensured by the Horizon role. + It is expected that the role defined by ``horizon_default_role_name`` + already exists in Keystone and was bootstrapped via ``keystone-bootstrap`` + command during ``os_keystone`` execution. + You can leverage ``opestack.osa.openstack_resources`` playbook to create + extra roles if you need/want to use non-default value for the + ``horizon_default_role_name`` variable \ No newline at end of file diff --git a/tasks/horizon_service_setup.yml b/tasks/horizon_service_setup.yml deleted file mode 100644 index 5cf6ec3b..00000000 --- a/tasks/horizon_service_setup.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2015, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# We set the python interpreter to the ansible runtime venv if -# the delegation is to localhost so that we get access to the -# appropriate python libraries in that venv. If the delegation -# is to another host, we assume that it is accessible by the -# system python instead. -- name: Setup the default member role - delegate_to: "{{ horizon_service_setup_host }}" - vars: - ansible_python_interpreter: "{{ horizon_service_setup_host_python_interpreter }}" - block: - - name: Add default member role - os_keystone_role: - cloud: default - state: present - name: "{{ horizon_default_role_name }}" - endpoint_type: admin - verify: "{{ not keystone_service_adminuri_insecure }}" - when: - - keystone_admin_user_name is defined - - keystone_auth_admin_password is defined - - keystone_admin_tenant_name is defined - - keystone_service_adminurl is defined - - keystone_service_adminuri_insecure is defined - register: add_member_role - until: add_member_role is success - retries: 5 - delay: 10 diff --git a/tasks/main.yml b/tasks/main.yml index 3bc78305..a47ce26e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -79,14 +79,6 @@ - horizon-config - post-install -- name: Importing horizon_service_setup tasks - ansible.builtin.import_tasks: horizon_service_setup.yml - when: - - ('horizon_all' in group_names) - - inventory_hostname == groups['horizon_all'][0] - tags: - - horizon-config - - name: Importing uwsgi/apache tasks ansible.builtin.import_tasks: "{{ (horizon_use_uwsgi | bool) | ternary('horizon_uwsgi.yml', 'horizon_apache.yml') }}" tags: