<div dir="ltr">Hi,<div><br></div><div><br></div><div>Apologies if this questions has been answered already, or is in some doc somewhere. Please point me in the right direction of so.</div><div><br></div><div><br></div><div>I'm upgrading openstack from Juno to Mitaka, in steps. We role our own openstack using puppet, and have been using identity v3 in Juno with domains via an ldap backend.</div><div><br></div><div>The upgrade process is largely created, tested and working, but not rolled out across our production sites yet.</div><div><br></div><div>However, I notice when I create a new cloud using openstack Mitaka from scratch, not upgraded from Juno, the _member_ role is no longer created automatically when users are assigned to projects [ tenants in old money ]. I'm pretty sure this was happening in Juno, and the Juno docs seem to confirm it.</div><div>I believe horizon at least was using this role to allow users access.</div><div><br></div><div>I've noticed this because we have scripts to automate some user/group stuff, and the have some usage of the _member_ role hard coded atm. They are failing, as the role doesn't exist on non-upgraded clouds :)</div><div><br></div><div><br></div><div>So I would like some advice/clarification on what the situation is.</div><div><br></div><div>What else, if anything, was the _member_ role used for? heat maybe?<br></div><div><br></div><div>Is the _member_ role no longer required at all, not even by horizon?</div><div><br></div><div>If it's no longer required, is it safe or desirable to remove the _member_ role from upgraded clouds?</div><div><br></div><div><br></div><div><br></div><div><br clear="all"><div><div class="gmail_signature"><div><br></div>Cheers,<div>Just</div></div></div>
</div></div>
<br>
<p style="margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px">Notice: This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group. </span></font></p><p style="margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px"> </span></font></p><p style="margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px">If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses. </span></font></p><p style="margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px"> </span></font></p><p style="margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px">Fetch and Sizzle are trading names of Speciality Stores Limited and Fabled is a trading name of Marie Claire Beauty Limited, both members of the Ocado Group.</span></font></p><p style="margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px"> </span></font></p><p style="margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px">References to the “Ocado Group” are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time. The registered office of Ocado Group plc is Titan Court, 3 Bishops Square, Hatfield Business Park, Hatfield, Herts. AL10 9NE.</span></font></p>