diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml index 850a2bc680..db86c0cf39 100644 --- a/ansible/roles/ironic/defaults/main.yml +++ b/ansible/roles/ironic/defaults/main.yml @@ -370,6 +370,9 @@ ironic_ks_user_roles: - project: "service" user: "{{ ironic_inspector_keystone_user }}" role: "service" + - system: "all" + user: "{{ ironic_inspector_keystone_user }}" + role: "service" #################### # TLS diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index adf9567bb3..7c93c975cd 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -29,14 +29,13 @@ rabbit_quorum_queue = true {% if ironic_enable_keystone_integration | bool %} auth_url = {{ keystone_internal_url }} auth_type = password -project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} -project_name = service username = {{ ironic_inspector_keystone_user }} password = {{ ironic_inspector_keystone_password }} valid_interfaces = internal cafile = {{ openstack_cacert }} region_name = {{ openstack_region_name }} +system_scope = all {% else %} auth_type = none endpoint_override = {{ ironic_internal_endpoint }} diff --git a/releasenotes/notes/give-ironic-inspector-user-system-scope-all-5fe5cb7f9a03ee7b.yaml b/releasenotes/notes/give-ironic-inspector-user-system-scope-all-5fe5cb7f9a03ee7b.yaml new file mode 100644 index 0000000000..1ace600946 --- /dev/null +++ b/releasenotes/notes/give-ironic-inspector-user-system-scope-all-5fe5cb7f9a03ee7b.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + The ``ironic-inspector`` service user is now assigned the system scope + ``all``. If you have overridden the default list of role assignments, you + should make this change too. +fixes: + - | + The ``ironic-inspector`` service user is now assigned the system scope + ``all``. This allows it to create baremetal ports during node inspection + again. + `LP#2064655 `__