Merge "Give ironic-inspector system scope `all`"

2024-11-16 09:48:43 +00:00 · 2024-11-16 09:48:43 +00:00 · 5a9e268453
commit 5a9e268453
parent 935a96b548 e0c095fd7d
3 changed files with 16 additions and 2 deletions
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@ -370,6 +370,9 @@ ironic_ks_user_roles:
  - project: "service"
    user: "{{ ironic_inspector_keystone_user }}"
    role: "service"
+  - system: "all"
+    user: "{{ ironic_inspector_keystone_user }}"
+    role: "service"

 ####################
 # TLS
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@ -29,14 +29,13 @@ rabbit_quorum_queue = true
 {% if ironic_enable_keystone_integration | bool %}
 auth_url = {{ keystone_internal_url }}
 auth_type = password
-project_domain_id = {{ default_project_domain_id }}
 user_domain_id = {{ default_user_domain_id }}
-project_name = service
 username = {{ ironic_inspector_keystone_user }}
 password = {{ ironic_inspector_keystone_password }}
 valid_interfaces = internal
 cafile = {{ openstack_cacert }}
 region_name = {{ openstack_region_name }}
+system_scope = all
 {% else %}
 auth_type = none
 endpoint_override = {{ ironic_internal_endpoint }}
--- a/releasenotes/notes/give-ironic-inspector-user-system-scope-all-5fe5cb7f9a03ee7b.yaml
+++ b/releasenotes/notes/give-ironic-inspector-user-system-scope-all-5fe5cb7f9a03ee7b.yaml
@ -0,0 +1,12 @@
+---
+upgrade:
+  - |
+    The ``ironic-inspector`` service user is now assigned the system scope
+    ``all``. If you have overridden the default list of role assignments, you
+    should make this change too.
+fixes:
+  - |
+    The ``ironic-inspector`` service user is now assigned the system scope
+    ``all``. This allows it to create baremetal ports during node inspection
+    again.
+    `LP#2064655 <https://bugs.launchpad.net/kolla-ansible/+bug/2064655>`__