diff --git a/manifests/roles.pp b/manifests/roles.pp
new file mode 100644
index 00000000..22837cce
--- /dev/null
+++ b/manifests/roles.pp
@@ -0,0 +1,28 @@
+# == Class: octavia::roles
+#
+# Configure the octavia roles
+#
+# === Parameters
+#
+# [*role_names*]
+#   (optional) Create keystone roles to comply with Octavia policies.
+#   Defaults to ['load-balancer_observer', 'load-balancer_global_observer',
+#   'load-balancer_member', 'load-balancer_quota_admin', 'load-balancer_admin',
+#   'admin']
+#
+class octavia::roles (
+  $role_names = [
+      'load-balancer_observer',
+      'load-balancer_global_observer',
+      'load-balancer_member',
+      'load-balancer_quota_admin',
+      'load-balancer_admin',
+      'admin'
+      ]
+  ) {
+  if $role_names {
+    keystone_role { $role_names:
+      ensure => present
+    }
+  }
+}
diff --git a/releasenotes/notes/add-roles-for-octavia-2207bc1adea61c55.yaml b/releasenotes/notes/add-roles-for-octavia-2207bc1adea61c55.yaml
new file mode 100644
index 00000000..1fc6671e
--- /dev/null
+++ b/releasenotes/notes/add-roles-for-octavia-2207bc1adea61c55.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Added `octavia::roles::role_names` parameter to enable creation of the
+    keystone roles supported by the Octavia API.
diff --git a/spec/classes/octavia_roles_spec.rb b/spec/classes/octavia_roles_spec.rb
new file mode 100644
index 00000000..f03255cd
--- /dev/null
+++ b/spec/classes/octavia_roles_spec.rb
@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe 'octavia::roles' do
+
+  let :params do
+    {
+    }
+  end
+
+  shared_examples_for 'octavia-roles' do
+
+    context 'when using default args' do
+      it 'creates keystone roles' do
+        is_expected.to contain_keystone_role('load-balancer_observer')
+        is_expected.to contain_keystone_role('load-balancer_global_observer')
+        is_expected.to contain_keystone_role('load-balancer_member')
+        is_expected.to contain_keystone_role('load-balancer_quota_admin')
+        is_expected.to contain_keystone_role('load-balancer_admin')
+        is_expected.to contain_keystone_role('admin')
+      end
+    end
+
+    context 'when using custom roles' do
+      before do
+        params.merge!({
+          :role_names => ['foo', 'bar', 'krispy']
+        })
+      end
+      it 'creates custom keystone roles' do
+        is_expected.to contain_keystone_role('foo')
+        is_expected.to contain_keystone_role('bar')
+        is_expected.to contain_keystone_role('krispy')
+        is_expected.not_to contain_keystone_role('load-balancer_observer')
+      end
+    end
+
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+      it_behaves_like 'octavia-roles'
+    end
+  end
+
+end