Merge "Give ironic-inspector system scope `all`"

This commit is contained in:
Zuul 2024-11-16 09:48:43 +00:00 committed by Gerrit Code Review
commit 5a9e268453
3 changed files with 16 additions and 2 deletions

@ -370,6 +370,9 @@ ironic_ks_user_roles:
- project: "service" - project: "service"
user: "{{ ironic_inspector_keystone_user }}" user: "{{ ironic_inspector_keystone_user }}"
role: "service" role: "service"
- system: "all"
user: "{{ ironic_inspector_keystone_user }}"
role: "service"
#################### ####################
# TLS # TLS

@ -29,14 +29,13 @@ rabbit_quorum_queue = true
{% if ironic_enable_keystone_integration | bool %} {% if ironic_enable_keystone_integration | bool %}
auth_url = {{ keystone_internal_url }} auth_url = {{ keystone_internal_url }}
auth_type = password auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }} user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ ironic_inspector_keystone_user }} username = {{ ironic_inspector_keystone_user }}
password = {{ ironic_inspector_keystone_password }} password = {{ ironic_inspector_keystone_password }}
valid_interfaces = internal valid_interfaces = internal
cafile = {{ openstack_cacert }} cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }} region_name = {{ openstack_region_name }}
system_scope = all
{% else %} {% else %}
auth_type = none auth_type = none
endpoint_override = {{ ironic_internal_endpoint }} endpoint_override = {{ ironic_internal_endpoint }}

@ -0,0 +1,12 @@
---
upgrade:
- |
The ``ironic-inspector`` service user is now assigned the system scope
``all``. If you have overridden the default list of role assignments, you
should make this change too.
fixes:
- |
The ``ironic-inspector`` service user is now assigned the system scope
``all``. This allows it to create baremetal ports during node inspection
again.
`LP#2064655 <https://bugs.launchpad.net/kolla-ansible/+bug/2064655>`__