Add service role to ironic service users

Add the service role to ironic service users. Ironic recently enforced
new policy validation as part of the RBAC efforts. [1][2]
Service user support was also added to Ironic. [3]
Admin role needs to stay as not all services added service role support. [4][5]

[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] e2a47de10a/goals/selected/consistent-and-secure-rbac.rst (phase-2)
[3] https://review.opendev.org/c/openstack/ironic/+/907148
[4] https://review.opendev.org/q/topic:bp%252Fpolicy-service-role-default
[5] https://review.opendev.org/q/topic:%22New-Location-Apis%22

Related-Bug: #2051837
Change-Id: I048402c2247188cf57f35437f557f84ac25d4ff2

ansible/roles/ironic/defaults/main.yml

@@ -364,6 +364,14 @@ ironic_ks_users:
     password: "{{ ironic_inspector_keystone_password }}"
     role: "admin"
 
+ironic_ks_user_roles:
+  - project: "service"
+    user: "{{ ironic_keystone_user }}"
+    role: "service"
+  - project: "service"
+    user: "{{ ironic_inspector_keystone_user }}"
+    role: "service"
+
 ####################
 # TLS
 ####################

ansible/roles/ironic/tasks/register.yml

@@ -5,3 +5,4 @@
     service_ks_register_auth: "{{ openstack_ironic_auth }}"
     service_ks_register_services: "{{ ironic_ks_services }}"
     service_ks_register_users: "{{ ironic_ks_users }}"
+    service_ks_register_user_roles: "{{ ironic_ks_user_roles }}"

ansible/roles/ironic/tasks/upgrade.yml

@@ -32,3 +32,10 @@
 
 - include_tasks: legacy_upgrade.yml
   when: not ironic_enable_rolling_upgrade | bool
+
+# TODO(bbezak): Remove this task in the Dalmatian cycle.
+- import_role:
+    name: service-ks-register
+  vars:
+    service_ks_register_auth: "{{ openstack_ironic_auth }}"
+    service_ks_register_user_roles: "{{ ironic_ks_user_roles }}"

releasenotes/notes/ironic-service-role-7901cc0686e8e2ba.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add the service role to ironic service users. Ironic recently enforced
+    new policy validation and added service role support.