diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml index fdc1966618..44871a2fec 100644 --- a/ansible/roles/ironic/defaults/main.yml +++ b/ansible/roles/ironic/defaults/main.yml @@ -371,6 +371,9 @@ ironic_ks_user_roles: - project: "service" user: "{{ ironic_inspector_keystone_user }}" role: "service" + - system: "all" + user: "{{ ironic_inspector_keystone_user }}" + role: "service" #################### # TLS diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index 115381c45b..caa69e37bd 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -29,14 +29,13 @@ rabbit_quorum_queue = true {% if ironic_enable_keystone_integration | bool %} auth_url = {{ keystone_internal_url }} auth_type = password -project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} -project_name = service username = {{ ironic_inspector_keystone_user }} password = {{ ironic_inspector_keystone_password }} valid_interfaces = internal cafile = {{ openstack_cacert }} region_name = {{ openstack_region_name }} +system_scope = all {% else %} auth_type = none endpoint_override = {{ ironic_internal_endpoint }} diff --git a/releasenotes/notes/give-ironic-inspector-user-system-scope-all-5fe5cb7f9a03ee7b.yaml b/releasenotes/notes/give-ironic-inspector-user-system-scope-all-5fe5cb7f9a03ee7b.yaml new file mode 100644 index 0000000000..1ace600946 --- /dev/null +++ b/releasenotes/notes/give-ironic-inspector-user-system-scope-all-5fe5cb7f9a03ee7b.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + The ``ironic-inspector`` service user is now assigned the system scope + ``all``. If you have overridden the default list of role assignments, you + should make this change too. +fixes: + - | + The ``ironic-inspector`` service user is now assigned the system scope + ``all``. This allows it to create baremetal ports during node inspection + again. + `LP#2064655 `__