Merge "octavia: Ensure service auth project exists"

ansible/roles/octavia/defaults/main.yml

@@ -227,6 +227,13 @@ octavia_ks_users:
     user: "{{ octavia_keystone_user }}"
     password: "{{ octavia_keystone_password }}"
     role: "admin"
+  # NOTE(mgoddard): The default for the service auth project is service, but
+  # may be customised. Ensure the project exists, and assign the octavia user
+  # the admin role in it.
+  - project: "{{ octavia_service_auth_project }}"
+    user: "{{ octavia_keystone_user }}"
+    password: "{{ octavia_keystone_password }}"
+    role: "admin"
 
 ####################
 # Kolla

ansible/roles/octavia/tasks/register.yml

@@ -6,21 +6,6 @@
     service_ks_register_services: "{{ octavia_ks_services }}"
     service_ks_register_users: "{{ octavia_ks_users }}"
 
-- name: "Adding admin role to octavia user in {{ octavia_service_auth_project }} project"
-  become: true
-  kolla_toolbox:
-    module_name: "os_user_role"
-    module_args:
-      user: "{{ octavia_keystone_user }}"
-      role: admin
-      project: "{{ octavia_service_auth_project }}"
-      auth: "{{ openstack_octavia_auth }}"
-      endpoint_type: "{{ openstack_interface }}"
-      cacert: "{{ openstack_cacert }}"
-      region_name: "{{ openstack_region_name }}"
-  run_once: True
-  when: octavia_service_auth_project != 'service'
-
 - name: Adding octavia related roles
   become: true
   kolla_toolbox:

releasenotes/notes/octavia-create-service-auth-project-aa38b12ebb601777.yaml

@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes an issue with Octavia deployment when using a custom service auth
+    project. If ``octavia_service_auth_project`` is set to a project that does
+    not exist, Octavia deployment would fail. The project is now created.
+    `LP#1922100 <https://bugs.launchpad.net/kolla-ansible/+bug/1922100>`__