From 4421bf805664d2716a114ed5cc2f9f11d3e99ae8 Mon Sep 17 00:00:00 2001
From: Francesco Pantano <fpantano@redhat.com>
Date: Wed, 10 Jun 2020 10:11:48 +0200
Subject: [PATCH] Add osd blacklist cap when openstack client cap is built

This patch modifies the keyring for OpenStack client and enables
osd blacklist command. Usually this is not required but adding
this capability to the OpenStack client Keyring, the OpenStack
nodes can advise that the 'watcher' state from the specified IP
address should be cleared (blacklisted).

Change-Id: Ia39bbdb883265782ee15083ad5e58d6495aca125
---
 .../roles/tripleo_ceph_work_dir/tasks/build_keys.yml            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/build_keys.yml b/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/build_keys.yml
index db18a2be6..903649f55 100644
--- a/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/build_keys.yml
+++ b/tripleo_ansible/roles/tripleo_ceph_work_dir/tasks/build_keys.yml
@@ -29,7 +29,7 @@
 
     - name: set openstack client caps
       set_fact:
-        osp_client_caps: {'mgr': 'allow *', 'mon': 'profile rbd', 'osd': "{{ profiles | regex_replace('\\, $', '') }}"}
+        osp_client_caps: {'mgr': 'allow *', 'mon': 'profile rbd, allow command "osd blacklist"', 'osd': "{{ profiles | regex_replace('\\, $', '') }}"}
 
     - name: set openstack client key
       set_fact: