diff --git a/tasks/ironic_post_install.yml b/tasks/ironic_post_install.yml index a33f61cb..e0ec1deb 100644 --- a/tasks/ironic_post_install.yml +++ b/tasks/ironic_post_install.yml @@ -45,3 +45,14 @@ tags: - ironic-init +- name: Build the policy.json file + template: + src: "policy.json.j2" + dest: "/etc/ironic/policy.json" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart ironic services + tags: + - ironic-init diff --git a/templates/policy.json.j2 b/templates/policy.json.j2 new file mode 100644 index 00000000..f7726778 --- /dev/null +++ b/templates/policy.json.j2 @@ -0,0 +1,5 @@ +{ + "admin_api": "role:admin or role:administrator", + "show_password": "!", + "default": "rule:admin_api" +}