From 031859764a3f570aa416de1de9edc8cb34e829f0 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Thu, 9 May 2024 15:47:09 +0200
Subject: [PATCH] neutron: add service role

After Neutron policy changes - Octavia jobs started
to fail on cascade LB deletion due to Neutron user
not having service role.

Closes-Bug: #2065337

Change-Id: I616bf3a3dbb4d963665b1621a9e5e9d417b13942
---
 ansible/roles/neutron/defaults/main.yml  | 5 +++++
 ansible/roles/neutron/tasks/register.yml | 1 +
 ansible/roles/neutron/tasks/upgrade.yml  | 7 +++++++
 3 files changed, 13 insertions(+)

diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index 4dd8213b3..0f5233414 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -904,6 +904,11 @@ neutron_ks_users:
     password: "{{ neutron_keystone_password }}"
     role: "admin"
 
+neutron_ks_user_roles:
+  - project: "service"
+    user: "{{ neutron_keystone_user }}"
+    role: "service"
+
 ####################
 # SRIOV
 ####################
diff --git a/ansible/roles/neutron/tasks/register.yml b/ansible/roles/neutron/tasks/register.yml
index 1dc2e4dbc..17a6ca2cb 100644
--- a/ansible/roles/neutron/tasks/register.yml
+++ b/ansible/roles/neutron/tasks/register.yml
@@ -5,3 +5,4 @@
     service_ks_register_auth: "{{ openstack_neutron_auth }}"
     service_ks_register_services: "{{ neutron_ks_services }}"
     service_ks_register_users: "{{ neutron_ks_users }}"
+    service_ks_register_user_roles: "{{ neutron_ks_user_roles }}"
diff --git a/ansible/roles/neutron/tasks/upgrade.yml b/ansible/roles/neutron/tasks/upgrade.yml
index 9c223bc27..ccc5b7cd7 100644
--- a/ansible/roles/neutron/tasks/upgrade.yml
+++ b/ansible/roles/neutron/tasks/upgrade.yml
@@ -6,3 +6,10 @@
 
 - include_tasks: legacy_upgrade.yml
   when: not neutron_enable_rolling_upgrade | bool
+
+# TODO(mnasiadka): Remove this task in the E cycle.
+- import_role:
+    name: service-ks-register
+  vars:
+    service_ks_register_auth: "{{ openstack_neutron_auth }}"
+    service_ks_register_user_roles: "{{ neutron_ks_user_roles }}"
-- 
GitLab