Give ironic-inspector system scope `all`

The ``ironic-inspector`` service user is now assigned the system scope
``all``. This allows it to create baremetal ports during node inspection
again.

Default project and domain vars are removed as you cannot combine these
with system scope.

Closes-Bug: #2064655
Change-Id: I5e3c29faae4c2531b269c37874ade368c1aab39f

ansible/roles/ironic/defaults/main.yml

@@ -371,6 +371,9 @@ ironic_ks_user_roles:
   - project: "service"
     user: "{{ ironic_inspector_keystone_user }}"
     role: "service"
+  - system: "all"
+    user: "{{ ironic_inspector_keystone_user }}"
+    role: "service"
 
 ####################
 # TLS

ansible/roles/ironic/templates/ironic-inspector.conf.j2

@@ -29,14 +29,13 @@ rabbit_quorum_queue = true
 {% if ironic_enable_keystone_integration | bool %}
 auth_url = {{ keystone_internal_url }}
 auth_type = password
-project_domain_id = {{ default_project_domain_id }}
 user_domain_id = {{ default_user_domain_id }}
-project_name = service
 username = {{ ironic_inspector_keystone_user }}
 password = {{ ironic_inspector_keystone_password }}
 valid_interfaces = internal
 cafile = {{ openstack_cacert }}
 region_name = {{ openstack_region_name }}
+system_scope = all
 {% else %}
 auth_type = none
 endpoint_override = {{ ironic_internal_endpoint }}

releasenotes/notes/give-ironic-inspector-user-system-scope-all-5fe5cb7f9a03ee7b.yaml

@@ -0,0 +1,12 @@
+---
+upgrade:
+  - |
+    The ``ironic-inspector`` service user is now assigned the system scope
+    ``all``. If you have overridden the default list of role assignments, you
+    should make this change too.
+fixes:
+  - |
+    The ``ironic-inspector`` service user is now assigned the system scope
+    ``all``. This allows it to create baremetal ports during node inspection
+    again.
+    `LP#2064655 <https://bugs.launchpad.net/kolla-ansible/+bug/2064655>`__