neutron: add service role

After Neutron policy changes - Octavia jobs started to fail on cascade LB deletion due to Neutron user not having service role. Closes-Bug: #2065337 Change-Id: I616bf3a3dbb4d963665b1621a9e5e9d417b13942
2024-05-09 15:47:09 +02:00 · 2024-05-09 15:47:09 +02:00 · 031859764a
commit 031859764a
parent b382471d02
3 changed files with 13 additions and 0 deletions
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@ -904,6 +904,11 @@ neutron_ks_users:
    password: "{{ neutron_keystone_password }}"
    role: "admin"

+neutron_ks_user_roles:
+  - project: "service"
+    user: "{{ neutron_keystone_user }}"
+    role: "service"
+
 ####################
 # SRIOV
 ####################
--- a/ansible/roles/neutron/tasks/register.yml
+++ b/ansible/roles/neutron/tasks/register.yml
@ -5,3 +5,4 @@
    service_ks_register_auth: "{{ openstack_neutron_auth }}"
    service_ks_register_services: "{{ neutron_ks_services }}"
    service_ks_register_users: "{{ neutron_ks_users }}"
+    service_ks_register_user_roles: "{{ neutron_ks_user_roles }}"
--- a/ansible/roles/neutron/tasks/upgrade.yml
+++ b/ansible/roles/neutron/tasks/upgrade.yml
@ -6,3 +6,10 @@

 - include_tasks: legacy_upgrade.yml
  when: not neutron_enable_rolling_upgrade | bool
+
+# TODO(mnasiadka): Remove this task in the E cycle.
+- import_role:
+    name: service-ks-register
+  vars:
+    service_ks_register_auth: "{{ openstack_neutron_auth }}"
+    service_ks_register_user_roles: "{{ neutron_ks_user_roles }}"